Protect your servers from malware and ransomware,
without compromising on performance.
Sophos Central Server Protection provides you with a wide range of innovative features to protect your server environment from attack without compromising the performance of your servers. Designed specifically to protect mission-critical servers, the solution provides whitelisting of server applications, powerful anti-malware capabilities, and behavioral analysis.
With the Server Lockdown feature, which is only included in the Advanced version, you can protect your server against all dangers with just one click. Also, only the Advanced version comes with CryptoGuard, which also includes breakthrough protection against Ransomware, so you can protect your server environment from encryption trojans.
Web Control is a very powerful tool for managing Internet traffic, especially for terminal servers. You decide which categories of websites are allowed. This can help prevent users from accessing radical, political content, hacking sites, or violent websites. In addition, you can further increase security by not allowing the download of files with certain extensions, such as dll, exe, flv, etc. With the Web Control you can define your own rules and even set the time for them.
Web control is only included in the advanced version of Sophos Central Server Protection.
Sophos Central Server Protection Advanced gives you the ability to block interfaces on a server with Device Control. For example, in your Sophos Central account you can create a policy that blocks all USB ports. This way, you have prevented someone from plugging in their USB flash drive unnoticed and infecting the server with malware, either intentionally or unintentionally. Of course, you can also define exceptions and allow your USB stick, for example. Naturally, you have many other interfaces to choose from, such as Optical Drive.
Application control is an indispensable tool for restricting access to certain software, especially for remote desktop servers (terminal servers). There are various application scenarios. For example, you can prevent users from using old Acrobat readers. With just one rule, you have made sure that the security holes in Acrobat Reader 9 cannot be exploited to attack the system. Another example to increase the security of the server would be blocking file sharing applications or remote control applications such as VNC.
Application control is only included in the advanced version of Sophos Central Server Protection.
By default, the Server Protection Client checks every 60 minutes to see if new signatures can be downloaded from Sophos to detect malicious files. However, as malware is evolving rapidly nowadays, it is absolutely necessary to ensure that protection is provided as promptly as possible. This has enabled Sophos to detect this and, with Live Protection, improve response time to detect new malware and update your server protection in real time.
Enable Live Protection to allow your server protection client to check files for malicious files on Sophos Labs in real time to see if they are malicious. This way, new malware can be detected even though it does not yet appear in the virus definitions.
Host Intrusion Prevention System
Today's development of malware shows that protection based solely on signatures is no longer sufficient. Today's malware is spreading too fast, has become too intelligent and can change its shape and signature in no time at all.
So if you can't rely on the signatures anymore, you have to analyze the behavior of an executable file more closely and block activities that seem to be suspicious. This is exactly what the Sophos Central Server Protection Advanced's Host Intrusion Prevention System (HIPS) does.
Suspicious behavior could be, for example, a change in the registry that would allow a virus to run itself automatically after the computer is started.
Data Loss Prevention
Data Loss Prevention is a feature in Sophos Central Server Protection Advanced that allows you to monitor and restrict the transfer of sensitive data. Especially with a remote desktop server (terminal server), you can use a policy to prevent a user from sending a file from the corporate network via webmail.
Create your own rules and decide how to deal with certain information in the company. This way you can make sure that no important documents get into the wrong hands.
Malicious Traffic Detection
There is already a more complex type of malware that will not connect to an unknown source until later, after it reaches your server, to reload more malicious software or steal files from the infected server.
Sophos Central Server Advanced has the ability to monitor HTTP traffic and alert you to this malicious traffic. Special attention is paid to known URLs of command and control servers. If such traffic is detected, there is a good chance that a new malware has been found and uploaded to Sophos Labs for specific detection.
Malicious traffic detection is only included in the advanced version of Sophos Central Server Protection.
A secure network consists of a firewall at the gateway and good protection at the endpoint. The problem so far was that the firewall didn't know if an endpoint was being attacked and the endpoint had no idea if someone could overcome the firewall. With the Security Heartbeat, Sophos has made it possible for your firewall to communicate with your endpoints. For example, if a server in your network is infected by a virus, the firewall will be notified and can remove the server from the network before the virus spreads.
To take advantage of the security heartbeat, you need to have the advanced version of Sophos Central Server Protection and a Sophos XG firewall installed.
The server lockdown will give you the benefit of one-click whitelisting. As soon as you activate the lockdown for your server, the system is first checked to see if it is threat-free. Afterwards, it is necessary to record the current status of your server and create the whitelist. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is normally completed and the system is in lockdown mode. From this time on, no software, i. e. no malware, can be installed on the system
After the lockdown, you can define so-called update applications. An update of an ERP can be, for example, such an update application. Windows updates are automatically added to the whitelist and can update Windows system components.
Update-Cache and Message Relay
There are network scenarios where not every computer or server is connected to the Internet, but can only be accessed via the internal network. The risk of attack with these devices decreases considerably. Without an Internet connection, the Endpoint or Server Protection cannot download updates or receive new policies. This is exactly what the update cache and message relay are for. Both features are included in Sophos Central Server Protection Advanced.
Once you have set up the update cache and message relay on your Windows server (Linux servers are not yet supported), it automatically acts as a communication proxy to central management. Only this server will now need to communicate with Sophos directly in future. The server will receive future updates from Sophos and make them available to your other servers and workstations on the local network.
Sophos Central Server Protection offers you two types of agents that you can install on your servers. On the one hand, there is the Full Agent, which has all the features built in and serves as a full Sophos server protection. On the other hand, an ultra-thin agent is also available for virtual environments with VMware or Hyper-V. A centralized security VM is used as a scanner for many guest VMs running only a small guest agent with minimal memory requirements. This makes it possible to work more efficiently and to avoid peak loads caused by too many simultaneous scans.
A classic antivirus has no chance against encrypted trojans like Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a Ransomware tries to encrypt files on your server and stops this process immediately. Already encrypted files are then restored automatically, so that no data loss occurs.
CryptoGuard is the ideal complement to traditional virus detection and is included in Sophos Central Server Protection Advanced as an additional layer of protection.
Sophos Central Server Protection delivers simple, for virtual enviroments optimized server security for Windows (2008+) and Linux systems.
|Central Server Protection Standard||Central Server Protection Advanced|
|Web Control / Category-based URL Blocking||-|
|Device Control (z.B. USB)||-|
|Anti-Malware File Scanning|
|Pre-execution Behavior Analysis / HIPS|
|Potentially Unwanted Application (PUA) Blocking|
|Data Loss Prevention||-|
|Runtime Behavior Analysis / HIPS|
|Malicious Traffic Detection (MTD)||-|
|CryptoGuard Ransomware Protection||-|
|Synchronized Security Heartbeat||-|
|Update-Cache und Message Relay||-|
Want to learn more about Sophos Central Server Protection? We do not wish to withhold any information from you. That's why you'll find everything we and Sophos have to offer with this product.
Here you can find datasheets from Sophos to the product with additional information.
Here you can find our latest news articles, that have something to do with the product.