Sophos Tools Help IT Managers Fight Emerging Security Threats Like Fake Antivirus

fact sheet Vendor: Sophos (www.sophos.com) Vendor's Information: About Sophos vendor resources Sophos Endpoint Security and Data Protection Sophos Endpoint Security and Data Protection delivers comprehensive security and easy manageability within your antivirus software budget. Get antivirus, data loss prevention, network access control, encryption, and application and content control in one affordable security solution.

IT managers tasked with the security of their organizations' endpoints and networks are fighting on several fronts. First, and most obvious, is the 50,000 new variants of malware that SophosLabs identifies on a daily basis and that come at networks through any number of channels and devices. Then there are the resources needed for the fight, such as security software, money, and people, all of which are unlikely to increase despite the growing threats. And finally, IT managers trying to secure networks have to fight their own end users needing access to tools and greater mobility.

"There's friction between securing PCs, laptops, and devices versus the access to tools needed to do the job," said John Metzger, Product Marketing Manager at Sophos. End users need to use the Web, mobile devices, and USB drives to transport files, communicate with customers, and do research.

IT managers attempting to navigate these competing interests can get help in the form of free threat scanning from Sophos, as well as the Sophos Endpoint Security and Data Protection product that offers complete security from the latest threats and data loss with easy-to-use management tools—all within the budget for antivirus solutions.

Free Security Scans from Sophos Scan up to 200 computers for viruses, spyware, adware and find uncontrolled devices and applications without uninstalling your existing antivirus application. Find the threats your existing antivirus software misses and get a report that details the results of your scan.

Find All Threats on Your Network—Free

The Sophos Computer Security Scan (SCSS) is a free scanning tool available that scans up to 200 computers for viruses, spyware, adware, installed applications and devices, and rootkits.

IT managers use the SCSS tool to find viruses, and to test their existing antivirus solution to see if it is catching everything that threatens the network.

The SCSS is based on the same agent technology as the Sophos Endpoint Security and Data Protection product. It is wizard-based, and delivers a detailed HTML report that summarizes the scan's findings. It breaks down adware, malware, suspicious files, applications, and devices—and provides a number of details for each one, including a list of all applications installed, the number of instances of those applications, and even a breakdown by computer.

Threats such as fake antivirus software, which attacks a computer when an end user mistakenly believes they are updating the security on their machine, would be listed in the malware results after an SCSS scan, along with details like the number of instances found on the network and which computers were infected.

The application and devices component of the scan is interesting for IT managers because consumer technologies like iPhones and other devices and software like iTunes or the Google Toolbar are now commonly found inside the business. Sophos is out in front of most security software vendors by bundling in application and device technology with the existing antivirus license.

Sophos Endpoint Security and Data Protection

IT managers that use SCSS to identify security threats on their networks, endpoints, and their data will also be interested in Sophos Endpoint Security and Data Protection 9.5, to remove found viruses, block or control unwanted devices and stop rootkits. (A free 30-day trial is available.)

Version 9.5 includes antivirus, application control, device control, data loss prevention, encryption, and network access control. The most notable new feature in version 9.5 is the addition of Live Protection technology. Live Protection instantly queries the extensive SophosLabs database to look up suspicious files for known malware and checks to see if URLs being visited by end users are infected. The Live Protection functionality is invisible to end users unless they get a message that a site or file is bad.

Live Protection reduces false positives and takes action if a known malicious file or URL is encountered. Conversely, Live Protection will request a sample of a file it can't identify as good or bad and add it to the SophosLabs in-the-cloud database where it can then protect all Sophos users.

"You're benefitting from all of the computers using Sophos endpoint protection," Metzger said.

In the case of fake antivirus malware, Sophos Endpoint Security and Data Protection would stop the attack by detecting the suspicious file, doing an in-the-cloud lookup, identifying the file as malicious, and then blocking and removing the file.

Other new features in Sophos Endpoint Security and Data Protection 9.5 include tamper protection, which extends administrators' ability to stop users from turning protection off; extended platform support for Windows 7, Vista, and XP, and support for encryption, firewall, and NAC technologies; and extended protection for virtualization via Microsoft Hyper-V 2008 and VMware vSphere 4.

As part of a solution that guards against threats and data loss, Sophos includes data loss prevention features with its antivirus technology. The data loss prevention features in Sophos Endpoint Security and Data Protection monitor content leaving an organization to watch for sensitive data such as credit card information.

Data loss prevention features can help organizations with compliance concerns, as will the encryption and network access control features in Sophos Endpoint Security and Data Protection 9.5. Sophos SafeGuard Disk Encryption, which is included in Sophos Endpoint Security and Data Protection, provides full disk encryption. SafeGuard PrivateCrypto allows information encryption on removable storage devices as well as secure data exchange with third parties.

The network access control feature monitors endpoints as they access the network and ensures they are in compliance with security policies. Some organizations may require that firewalls be enabled or antivirus definitions are up to date. Network access control can block machines not in compliance or fix machines under its control to bring them into compliance.

Sophos prides itself on making security easy for administrators to manage. In Sophos Endpoint Security and Data Protection 9.5, management is done through the Sophos Enterprise Console, which lets IT managers create policies, setup and manage groups down to the specific device or user, and control agent updates. The Sophos Enterprise Console is also where administrators can see reports and manage alerts for behavior and issues that might threaten network security.

IT managers dealing with an increasing number of threats and devices are finding that providing comprehensive security for endpoints and networks taxes their available resources. By combining antivirus and content and application control under one license with an easy-to-use management console, Sophos delivers threat and data protection in your AV budget without creating more work for administrators.