I’ve had Sophos installed at our college for the past 5 years and we are in or sixth or seventh year of using Sophos Firewall and Anti-Virus across our campus.
I purchased two consecutive on-site days from Sophos, who flew one of there top Security Engineers from Sydney to stay with us for two days and complete a thorough investigation and health-check of our Sophos installation.
– I was delighted with the results.
- Firmware Upgrade – We upgraded to the newest firmware version of Sophos UTM.
- We simplified our firewall rules and disabled and deleted 18 unwanted access rules,
- Reporting Improvements, – we significantly improved and tweaked our reporting.
- We investigated upgrading to a hardware appliance.
- Removed unnecessary STAS software from servers
- Removed unnecessary RADIUS servers (we use Extreme Radius)
- Cleaned up Admin accounts and assigned personal accounts of all the admins to administrator profile.
- Rule Creation and Policies: Improved the way we create rules by teaching us how to create multiple user activities and assign to different user groups in the same policy rather than creating different web policy for each and every user group.
- Cleaned up application control policies and changed it as per requirements.
- Removed irrelevant OS from the IPS policy
- Sync App Control – we enabled sync app control and we were able to see new apps getting detected by the firewall. – to be categorised.
- Device Access – Disabled SSH access on WAN and created Access List to allow specific IP’s
- We investigated the future use of Sandstorm (cloud sandboxing).
Our security installation at the current time comprises of the following,
- XG Firewall – Next Generation Firewall.
- Intercept X – a signatureless anti-exploit, anti-ransomware, and root cause analysis protect your endpoints from advanced threats.
- Sophos Endpoint – Client Protection which doesn’t rely on signatures to catch malware, which means it catches zero-day threats.
- Sophos Phish Threat – User education by effectively simulating realistic and challenging phishing attacks in a just few clicks.
Relationship Benefits: The two days of Sophos consulting provided an opportunity for us to strengthen our relationship with Sophos.
Third Party Consideration: The two day has forced me to re-consider the benefits of 3rd Party to deploy and configure Sophos.
My own thoughts are that using a Sophos Product Engineers far outweighs the advantages of using a 3rd Party Engineer, so even if you have had a third party work on you installation, – you will receive significant advantage for using Sophos directly.
Recommendation: If you are a Sophos user and run a large installation I would highly recommend spending the money and getting one of the Sophos Engineers spend a few days on site checking out and tweaking your system