What’s New in Server Protection

12 Feb

By: Markus Witcomb

IT Security

Comments: No Comments.

By the end of February, Windows servers protected with Sophos Central Server Protection Advanced will have new ransomware-stopping capabilities, while also participating in Synchronized Security™. When combined with Sophos XG Firewall, Heartbeat for Servers provides a compelling proposition: Enhanced threat detection, positive identification of compromised servers, and automated response.

Servers are different to user endpoints. For that reason, a number of powerful new anti-ransomware and Synchronized Security capabilities are now available to assist server admins, as well as our new “Sophos for Virtual Environments” offering:

  • CryptoGuard protection for Windows servers will protect files on the server from ransomware, whether the ransomware is running locally or on a connected remote machine.
  • Sophos Security Heartbeat™ for Windows servers
    • Introduced in Sophos XG Firewall V16, the Destination Heartbeat feature was designed with servers in mind. This feature ensures that, in the event that the destination server is compromised, the XG Firewall can prevent other endpoints from accessing it and present end users with a graceful block page.
    • Positive identification of compromised servers: Thanks to the Security Heartbeat, to alert the Admin that a key asset may be compromised, machines are explicitly labelled as Servers in the Sophos XG Firewall Control Center. This enables the admin to quickly distinguish a compromised server from an end user’s workstation, to help prioritize their response efforts.
    • The Missing Heartbeat capability is another valuable feature for server admins. Because servers should always send a Heartbeat, a missing Heartbeat from could indicate that the server has been compromised.
  • Possibly the biggest distinction from endpoints: The server licenses include Sophos for Virtual Environments, our new offering that offloads malware detection from guest VMs to a centralized Security VM, whether running on a VMware vSphere/ESXi or a Microsoft Hyper-V hypervisor. This is now included in all Server Protection licenses from Sophos.

To take advantage of the CryptoGuard and Security Heartbeat features, a Central Server Protection Advanced license is required. The feature must be enabled in a Threat Protection Server policy within Sophos Central. However, the “Sophos for Virtual Environments” offering is included in every Sophos Server Protection license – those managed with Sophos Enterprise Console (on-premises) or with Sophos Central (cloud-managed).

Note that these feature enhancements for Sophos Server Protection are in addition to Malicious Traffic Detection (for both Windows and Linux), Application Control, Web Control, and Peripheral Control – all of which were added to Sophos Central Server Protection Advanced in 2016.

Leave a Reply