Overview
Customers rely on Sophos Central to administer their network security products and services from Sophos. At Sophos they take security seriously, and have taken measures to ensure that the Sophos infrastructure effectively and comprehensively protects our customers’ data.
Synchronized Security
Sophos Central allows you to manage our award-winning Synchronized Security platform. Advanced attacks are more coordinated than ever before. Now, your defenses are too. Our revolutionary Security Heartbeat™ ensures your endpoint protection and firewall are talking to each other. It’s a simple yet effective idea that means you get better protection against advanced threats and spend less time responding to incidents. It’s so simple, it makes you wonder why nobody did it before.
What data is collected and stored in Sophos Central?
Sophos Central collects a very limited set of personally identifiable information (PII) in order to protect endpoints, enforce security policy and provide reports:
- Sophos Central administrator login information - emails and passwords
- User data, both manually and/or automatically entered via Active Directory Synchronization - username, login, Exchange login, AD group information
- Policy information - settings (dependent of policy components), or example exemptionsÌ Device information - device name, last user, operating system information, status
- Events – type, e.g., web, device, malware, device information (file and path names, network locations, logins, etc.)
- Sophos Central does not store all end users’ browsing history; only web events for “blocked” and “warned” pages are retained for reporting purposes
What is Sophos Live protection? What information is sent to Sophos with Live Protection?
Sophos Live Protection is enabled in Sophos Endpoint Protection by default, and its sole purpose is to supplement the local detection data by performing additional lookups to the Sophos Labs database. Sophos Live Protection performs this additional lookup using checksum and does not upload files to Sophos Labs.
Endpoint Protection
- Protect all your devices: Innovative protection including anti-malware, HIPS and malicious traffic detection
- One simplified management console: Choose cloud-based Sophos Central or deploy Sophos Enterprise Console to manage your deployment
- On-premises or in the cloud: Choose from an on-premises solution, or one hosted in the cloud.
Data security
All stored data is encrypted and all applications are running on secured operating systems; to ensure high availability, the system is load balanced and has fail-over
between three sites, each running two instances of the software, any one of which is able to provide full service.
Sophos Central uses Transport Layer Security (TLS) to protect data in transit. Management communication between the client software and Sophos Central platform is performed
over HTTPS to secure the data in transit, establishing "trust communication" via certificates and server validation.
Sophos Central never stores nor sends users' passwords in plain text. When a user signs up for an account, this new user must set a password as part of the activation process. We encourage
users to set up private administrator logins, and have established a very simple process to enable admins to create multiple administrator accounts. Each user will receive an email to set
his/her own password, thus maintaining privacy and security.
Sophos ensures that data cannot be accessed via the individual physical systems in the datacenter within the production environment. All access must take place via the web-based management console.
Access to production systems is limited, reviewed and monitored and is only granted temporarily to the system during the processing time.
Other Security Practices
Sophos knows that designing our products for security is a critical first step, but security takes ongoing vigilance. Some of the steps that Sophos takes to maintain security include:
- Periodic security training for employees on best practices and Sophos processes
- Internal Security audits and semi-annual external security
What is Sophos Live protection? What information is sent to Sophos with Live Protection?
Sophos Live Protection is enabled in Sophos Endpoint Protection by default, and its sole purpose is to supplement the local
detection data by performing additional lookups to the Sophos Labs database. Sophos Live Protection performs this additional
lookup using checksum and does not upload files to Sophos Labs.