Sophos has been rated the number 1 endpoint protection software for years now from reputable publications such as CRN, Gartner, PCMag, and more. This is with good reason too. Sophos blocks so much more malicious software and cyber threats than any other option on the market (97% of exploits and 99% of malware)*.
At TSP IT Services, we’ve been using Sophos for seven years now. Both for their firewall solutions and security monitoring. Jason Ross, a Senior Engineer at TSP IT Services, recently completed his Sophos Architect Certification, the highest level of certification on our team. We took this opportunity to sit down with him and get some more information on what this certification means and how we use Sophos to stop malicious software and cyber threats in its tracks.
What does being your Sophos certification mean, and why is it important to have?
Jason Ross: The Sophos architect is the top level of three certifications Sophos offers. While I’m a Sophos architect, I’m also a Sophos Engineer and Certified Technician. Each of these levels gives you more knowledge and experience in deploying, supporting, and troubleshooting the Sophos end-user protection and their suite of antivirus and protection software. The technician level focuses mainly on just deploying the software and simple things.
The engineer level focuses on more of the actual use of the software to generate reports, do investigations into harmful files or cyber threats, and testing.
The architect level is the top level where it gets deep into the troubleshooting aspects of it. You learn how to bend the tools to your needs to get the most information out of systems. It also teaches you to be able to build a system that works together. The Sophos antivirus product works hand-in-hand with the Sophos firewall products.
How do the Sophos products work in conjunction with each other?
JR: They all talk to each other continuously using heartbeat technology. The endpoints and firewalls send a heartbeat back and forth to each other, alerting each other to changes in status or potential cyber threats. If an endpoint (a client device) or server becomes compromised or infected, all the endpoints and firewalls are alerted immediately, and movement throughout your network is halted. If one device becomes infected, it alerts the firewall. The firewall then alerts all other devices on the network to block communication from the infected machine. It blocks the infected device from connecting to the internet and servers.
Why Sophos, instead of the many other antivirus or firewall software available?
JR: Sophos is one of the few vendors that has a Macintosh version of their antivirus software. Sophos also gives us a “single pane of glass” interface to see all of our clients. We don’t need to have separate login credentials or separate instances for each client. We can manage it all in one interface. Sophos is a complete package, including antivirus, monitoring, and firewalls. We use all of these elements, and the Sophos partner portal allows us to manage all of them together in a single space.
How does our deployment of Sophos change from client to client?
JR: When we look at deploying Sophos to our clients, one of the great things is that they provide two different types of installers. We can get an installer that installs individual pieces of the Sophos package to choose which components to install. We can choose Sophos Safeguard Encryption, or just Sophos Intercept X. The second installer allows us to deploy everything we are licensed for, within a single package installer. That installer is explicitly tailored to the client we’re deploying for. We don’t have to do any configuration afterward. We configure our portal to each client’s specific rules, such as what content they allow on their web filtering. Then, when we deploy the software to the client, their particular settings and configurations are already in place upon the first launch.
“There’s a very short window of time between something happening on a user’s device and us knowing about it.” – Jason Ross, Senior Engineer at TSP IT Services
How does Sophos work with the other software in our support stack?
JR: We use Jamf to deploy Sophos to all of the endpoints that we support. Jamf allows us to manage the settings of Sophos and its integration into macOS, which is very helpful. Watchman Monitoring touches Sophos and acts as a secondary backup for antivirus, looking for malicious files. Watchman will also notify us if Sophos is not on one of our supported devices, alerting us if a client’s device is unprotected at any given time.
With the Sophos firewalls, they integrate into our alerting technology. When there are login issues or malicious attempts to breach a firewall, we get notifications through Slack and our emails. All of our systems talk to each other to generate all of this information. It gives us the greatest visibility of our client’s devices and manages them all at once. There’s a very short window of time between something happening on a user’s device and us knowing about it.
Sophos not only brings a heightened level of security to our clients’ computers but it works in close partnership with the other software we use. Check out our additional articles on our other software in our support stack. Feel free to contact us if you have any questions or want to learn more about how we protect our clients.
*Source – https://www.sophos.com/en-us/products/endpoint-antivirus.aspx