Sophos Endpoint Security & Data Protection ESDJ1DBDP User Manual
Product codes
ESDJ1DBDP
Software components
Enterprise Console
A single, automated console for
Windows, Mac, UNIX and Linux that
centrally deploys and manages: anti-
virus and client firewall protection;
intrusion prevention; data, device
and application control; and endpoint
assessment and control
Windows, Mac, UNIX and Linux that
centrally deploys and manages: anti-
virus and client firewall protection;
intrusion prevention; data, device
and application control; and endpoint
assessment and control
Sophos Anti-Virus
A single anti-virus client that detects
viruses, spyware and adware, rootkits,
suspicious files and suspicious
behavior; scans for the transfer
of sensitive data; controls the use
of removable storage devices and
unauthorized VoIP, IM, P2P and
gaming software
viruses, spyware and adware, rootkits,
suspicious files and suspicious
behavior; scans for the transfer
of sensitive data; controls the use
of removable storage devices and
unauthorized VoIP, IM, P2P and
gaming software
Sophos NAC
A network access control solution that
assesses managed, unmanaged and
unauthorized computers to detect
configuration issues, such as out-of-
date anti-virus protection or a disabled
firewall, and fixes them before allowing
access
assesses managed, unmanaged and
unauthorized computers to detect
configuration issues, such as out-of-
date anti-virus protection or a disabled
firewall, and fixes them before allowing
access
Sophos Client Firewall
A centrally managed client firewall
designed for the enterprise environment
that blocks worms, stops hackers and
prevents intrusion from hackers
designed for the enterprise environment
that blocks worms, stops hackers and
prevents intrusion from hackers
Sophos Mobile Security
Anti-virus and anti-spyware protection
for Windows Mobile smartphones and
PDAs
for Windows Mobile smartphones and
PDAs
Sophos SafeGuard Disk
Encryption
Encryption
Full disk encryption with secure pre-
boot authentication and a full set of
password and machine recovery tools
boot authentication and a full set of
password and machine recovery tools
SafeGuard PrivateCrypto
Encryption of data on removable
storage devices and secure information
exchange with third parties
storage devices and secure information
exchange with third parties
Faster, low-impact protection
One scan with our single anti-virus client detects viruses, spyware and adware, suspicious
behavior and files, removable storage devices and unauthorized applications. The client will
also detect when users try to transfer sensitive data to removable storage devices and internet-
enabled applications such as email and instant messaging.
behavior and files, removable storage devices and unauthorized applications. The client will
also detect when users try to transfer sensitive data to removable storage devices and internet-
enabled applications such as email and instant messaging.
• Sophos updates are small in size and are released frequently— an advantage for
companies wanting fast protection with low impact on network resources.
• Decision Caching™ technology improves on-access scanning performance by
intercepting and scanning only the files that have changed since the system was
accessed last.
accessed last.
• SophosLabs™ signatures control applications that can adversely impact network and
user productivity, such as VoIP and IM.
Effective zero-day protection
Sophos HIPS, technology pioneered by SophosLabs, provides detection that automatically
guards against new and targeted threats and can detect more than 85% of unknown threats.
guards against new and targeted threats and can detect more than 85% of unknown threats.
The built-in intrusion-prevention technology detects malware as well as malicious and
suspicious behavior and files, and delivers proactive protection without complex installation
and configuration. Scanning is performed using Sophos’s anti-virus engine without the need to
deploy any additional components.
suspicious behavior and files, and delivers proactive protection without complex installation
and configuration. Scanning is performed using Sophos’s anti-virus engine without the need to
deploy any additional components.
This innovative technology uniquely analyzes the behavior of code at two stages:
• Pre-execution — The behavior of code is analyzed before it runs, and code is
prevented from running if it is considered to be suspicious or malicious.
• Runtime — Threats that cannot be detected before execution are intercepted.
Protecting against accidental loss of data
Sophos Endpoint Security and Data Protection delivers a number of components that combine
to protect your data against loss and help you to meet your compliance needs:
to protect your data against loss and help you to meet your compliance needs:
• Content-aware DLP scanning— integrated into the engine — monitors the transfer
of sensitive data to removable storage devices and internet-enabled applications. It
uses an extensive library of data definitions supplied by SophosLabs, reducing the
burden of manually creating and maintaining lists yourself.
uses an extensive library of data definitions supplied by SophosLabs, reducing the
burden of manually creating and maintaining lists yourself.
• Flexible, granular control of removable storage devices allows the authorization of
specific devices, enforcement of encrypted devices or even just read-only access, as
well as control over network interfaces like 3G modems.
well as control over network interfaces like 3G modems.
• Sophos Endpoint Security and Data Protection prevents the installation and use
of unwanted applications such as P2P and IM clients that can act as means for
sensitive data transfer. A comprehensive list of applications supplied and maintained
by SophosLabs™ removes the need for administrators to add new applications or
manually update detection of new versions.
sensitive data transfer. A comprehensive list of applications supplied and maintained
by SophosLabs™ removes the need for administrators to add new applications or
manually update detection of new versions.
• Full disk encryption secures data on computers by encrypting the entire hard drive
without impacting your users. Installation can be carried out on a standalone
machine or unattended across your organization via your existing deployment tool.
machine or unattended across your organization via your existing deployment tool.