Thanks for all of the replies. If anyone else has info, feel free to share.
On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy <[email protected]> wrote: > I was having an issue with Sophos not catching Fake-AV too until I turned on > HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 > nodes. I will agree that the online database is slim but I'm much happier > than when we used Symantec EP. As a bonus Sophos includes a lot of > functionality at no extra cost with Data Control (DLP) and Device Control. > > > > > > Jeremy Pommerening > MGR, Information Security > Symbion, Inc. > 615-234-8912 Direct > 615-429-6883 BB > > GIAC - GCFA,GPEN, GAWN & GCFW, > GIAC Advisory Board Member > MCSE Win2K, MCSE NT4, > CompTia SERVER+, HP APS > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Josh Little > Sent: Tuesday, May 11, 2010 12:15 PM > To: [email protected] > Subject: Re: [Pauldotcom] Corporate AV suggestions > > I'm on the fence regarding our Sophos EP distribution. I have a feeling > that it is a little less resource intensive on the clients than the > Symantec 10 system we replaced, but not by a whole lot. Logging and > reporting isn't that strong, especially if you are looking at offloading > events to a SIM or centralized log collector. Their online database of > threats is very slim on information, especially when compared with > Symantec's offering at http://www.sarc.com . It also doesn't deal very > well with fast morphing threats like the rash of fake security products > that have blown up in the last year. Almost all of the incidents I > respond to are fake AV crap. The management console is still fairly > nice, beyond being weak with reporting. One strong point is deployment - > it was very easy to deploy out using SMS. > > Hope that helps... > > ZT > > On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote: >> I've been very pleased with Sophos Endpoint protection both from a pricing >> perspective and support perspective. >> >> Jeremy Pommerening >> MGR, Information Security >> Symbion, Inc. >> 615-234-8912 Direct >> 615-429-6883 BB >> >> GIAC - GCFA,GPEN, GAWN & GCFW, >> GIAC Advisory Board Member >> MCSE Win2K, MCSE NT4, >> CompTia SERVER+, HP APS >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of xgermx >> Sent: Tuesday, May 11, 2010 8:33 AM >> To: PaulDotCom Security Weekly Mailing List >> Subject: [Pauldotcom] Corporate AV suggestions >> >> So, it's license renewal time for our A/V and I'm open for >> suggestions/recommendations/horror stories. (I'll be covering roughly >> 500 Windows based machines). >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> Disclaimer: The email and files transmitted with it are confidential and are >> intended solely for the use of the individual or entity to whom they are >> addressed. If you are not the original recipient or the person responsible >> for the delivering the email to the intended recipient, be advised that you >> have received this email in error, and that any use, dissemination, >> forwarding, printing or copying of this email is strictly prohibited. If >> you received this email in error, please delete it from your system without >> copying it, and notify the sender by reply email so that our address record >> can be corrected. Thank you. Symbion, Inc. >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > Disclaimer: The email and files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. If you are not the original recipient or the person responsible > for the delivering the email to the intended recipient, be advised that you > have received this email in error, and that any use, dissemination, > forwarding, printing or copying of this email is strictly prohibited. If you > received this email in error, please delete it from your system without > copying it, and notify the sender by reply email so that our address record > can be corrected. Thank you. Symbion, Inc. > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
