Sophos endpoint suite adds network access control

Sophos has become one of the few makers of endpoint security suites to include network access protection as an integrated part of their application.

The British company said today that Endpoint Security and Control 8.0, to be generally available next month, will not only include agent-based virus, spyware, host intrusion and application control scanning, but also NAC technology gained from its 2007 purchase of Endforce.

“We’re going beyond reactive and proactive anti-virus technology to offer businesses complete protection for their computers,” said John Shaw, product manager for endpoint products at Sophos Plc. Current Sophos antivirus customers will get a free upgrade to the suite.

Including NAC components in endpoint suites is one of the latest trends in network security. NAC is aimed at making sure, through agent or agent-less technologies, that any device connecting to the network is blocked unless it has the latest security and application patches.

However, it can be a difficult process. In a survey last year Forrester Research found that only four per cent of respondents finished their NAC implementation. Manufacturers have different approaches. Some require the user to click a link to a site or sites with the latest fixes, while others make the routine automatic.

Not all suites have full NAC capabilities, Gartner noted in a recent report. Also, some sell NAC as a separate application in addition to their endpoint suites with varying degrees of integration.

Shaw says Sophos Endpoint Security and Control 8 has most of the features of its full NAC Advanced product, which he said is more scalable and flexible than ESC 8.0 because it has more enforcement options. NAC Advanced can be purchased as an upgrade to ESC 8.0.

Better known in Europe than North America, Sophos has been making an increased push here for several years, which has been having an effect against market leaders Symantec and McAfee. Gartner analyst Arabella Hallawell, co-author of the endpoint suite report, said increasingly enterprises are asking for bids from Sophos, Kaspersky and Microsoft when looking for solutions.

It is interesting that it’s adding NAC capabilities, she said, noting that recently organizations are particularly looking for the ability of endpoint applications to scan non-employee laptops or PCs trying to get access.

But “at the end of the day,” she added, “companies buy endpoint protection on their antivirus and antispyware capabilities. It’s [also] about cost and management reporting capabilities, and a lot of capabilities like NAC and host-based intrusion protection are secondary.”

She noted that Gartner customers say the recent advance in Sophos’ reputation among buyers is partly due to the fact that it has improved its application’s management features. ESC 8.0 runs under Windows Server 2000 and 2003 only for now. Compliance with Windows Server 2008 will be added shortly. Endpoints can automatically be synchronized with Microsoft Active Directory, or manually added for other directories.

Shaw said ESC 8.0’s new dashboard puts information the suite gleans into eight groups for quick reference. One panel shows the number of computers with virus or spyware alerts, suspicious behaviors, adware, firewall blocks and controlled applications. Others show the number of computers that differ from organization policy, that are out of date and that have errors.

In a tree-like window, endpoints can be grouped in folders under which different policies can be administered.

Shaw said one reason NAC efforts have been avoided or abandoned is because of their complexity. Sophos hopes that by integrating many NAC capabilities into ESC 8.0 it will be easier for IT managers to roll out.

Related Download
Can we save the open web? Sponsor: Acquia
Can we save the open web?
Join the creator of Drupal, Dries Buytaert, in a discussion about the web’s evolution, how we can put the power of the internet back into the hands of the people, and how you can prepare your organization.
Register Now