The Ultimate Security Package

How It Works

Network Firewall

No one makes firewall rules easier to define and manage than Sophos. Easily define reusable objects that can be updated across the system and all the rules that use them. Shape or manage bandwidth by application or service group with QoS and even block traffic from unwanted countries or regions.

Intrusion Prevention System

Fully performance optimized IPS and flood prevention (DoS) provides essential protection from external attacks. Streamline by selecting just the IPS rules you need to protect your infrastructure, customize the signature aging, and even create custom rules.

Advanced Threat Protection

A combination of multiple technologies like IPS, web, app control, and selective sandbox analysis provides a layered defense against APTs, command and control traffic, and targeted attacks. It’s as simple as flipping a switch and can quickly identify infected hosts on your network before they become a problem.

Secure VPN Access

Select from a comprehensive range of VPN technologies for secure access, including IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), OpenVPN (iOS and Android), or our unique clientless HTML5 VPN via the user self-help portal which supports RDP, HTTP, HTTPS, SSH, Telnet, and VNC.

Site-to-Site VPN

With our optional plug-and-protect SD-RED device add-ons, setting up site-to-site VPN connections couldn’t be easier. It’s truly affordable and amazingly simple. We also support standard SSL and IPsec VPN options as well as an Amazon VPC connector.

Self-Service User Portal

Our secure self-service user portal helps users help themselves, reducing the workload on your help desk. It provides personalized services like quarantine management, email sender whitelist controls, VPN client access, and allows designated admins to manage hotspot vouchers as well. And it supports our simple two-factor authentication to prevent unauthorized access.

Plug and Play Deployment

You can set up multiple Sophos Wireless Access Points (APs) within minutes. They require no local configuration and will simply find the UTM, retrieve their IP address via DHCP, import the necessary configuration, and automatically appear in the UTM where you can activate them. Automatic periodic channel scanning ensures your access points are always operating at peak performance.

Multiple Wi-Fi Zones

Sophos Access Points are ideal for creating multiple separate wireless zones. Configure a wireless network to provide employees access to internal network resources. On the same access point, you can offer wireless guests internet access. Do it all without compromising the integrity of the internal network.

Reliable High-Speed Wireless

Sophos APX Series access points support the 802.11ac Wave 2 standard. All models are dual-radio and you can choose between 2x2, 3x3 and 4x4 MIMO to suit many different deployment scenarios. Further APX benefits are:

• Performance improvement over legacy AP models 
• Optimized for both wall- and ceiling-mount (diverse mounting kits available)
• Five-year warranty as standard

Mobile NAC

Sophos UTM and Sophos Mobile Control (SMC) work better together to enable easy device configuration and Network Access Control (NAC) for non-compliant devices. The UTM automatically pushes select Wi-Fi and VPN settings to SMC, while SMC provides device compliance status to the UTM, which can use that information to deny network access to non-compliant devices.

Guest Wi-Fi Hotspots

Full-featured guest hotspots for visitors or BYOD devices enable you to control access to company resources with bandwidth limits and inappropriate content filtering. Support for mobile device registration with SMS vouchers and a full range of customization options allow you to control the user experience and promote your company brand.

Secure Encryption

Sophos UTM supports the latest strong encryption and authentication standards such as WPA-2 Enterprise and IEEE 802.1X (RADIUS authentication). Use your existing backend authentication, such as Active Directory, to allow quick and easy access for your users.

How It Works

Web Malware Protection

You get advanced web threat protection with our high-performance malware engine that inspects all web traffic and downloads in real time. Our dual-engine scan option employs unique techniques such as JavaScript emulation to catch the latest threats. SophosLabs provides live updates to our threat intelligence continuously through the cloud.

URL Filtering Policies

Select from over 35 million sites in 96 categories to create safe web policies to minimize legal concerns around inappropriate content and maximize productivity. Set policies to block, warn or allow sites for individuals or groups, by quota time or time of day, with limitless customization options all made intuitively simple.

SafeSearch, YouTube, and Google Apps

We’ve got some features purpose-built for education environments like Safe Search for Google, Yahoo, and Bing, along with YouTube for schools support and anonymizing proxy blocking. We also offer the option to enforce allowed domains for Google Apps as part of any web policy.

HTTPS Scanning

Get the ultimate in flexibility when it comes to scanning encrypted web traffic with options to scan all HTTPS traffic for maximum security, selectively scan HTTPS traffic for a great balance between security and privacy, or choose to only enforce policy (without decryption). And what’s more, HTTPS scanning works the same in explicit proxy mode or transparent mode.

Layer-7 Application Control

Control application traffic on your network to effectively manage resource utilization and productivity. Our deep layer-7 inspection can identify over 1,300 applications like Facebook, Youtube, IM clients, and much more. You can easily block, allow, or shape network traffic proactively in real time using our dynamic flow monitor, or based on reporting trends.

Web in Endpoint

If you’re using Sophos endpoint to protect your desktops and laptops, you can extend your UTM web protection and policy enforcement to your endpoints so they are fully protected online when they leave the network. Policy updates are pushed to your endpoints automatically and activity data is sent back to the UTM periodically.

Sandstorm

How It Works

SPX Email Encryption

Our patent-pending SPX Encryption is unique to Sophos and makes it easy to send encrypted emails to anyone – even those without any kind of trust infrastructure. The password-based solution doesn’t require any added software or certificates and the recipient can read and file their SPX messages in their preferred email client application just like their regular mail.

Standards-based Encryption

In addition to our unique and easy push-based SPX Encryption, we also support standards-based encryption solutions as well including TLS, OpenPGP, and S/MIME certificate-based encryption.

Data Loss Prevention

We make DLP easy but effective by providing hundreds of pre-defined sensitive data types you can easily add to your policy checklist of data you wish to protect. The UTM automatically enforces your DLP policy and encrypts, blocks, and/or notifies you in the event any message leaves the organization with this type of data.

Live Anti-Spam

Provides protection from the latest identify theft, banking scams, phishing, and other scams by intercepting all email, blocking known bad senders, spam, malware, and viruses, but also taking advantage of SophosLabs live cloud lookups to query suspicious-looking message content to determine if it’s part of a new or emerging unwanted email campaign.

Self-serve Quarantine

You can give employees direct control over their spam quarantine, saving you time and effort. Employees can manage their own spam whitelist, review, release, and delete spam, and find out what happened to messages that were deleted because of a virus or blacklisted. The user portal supports 15 different local languages.

Outlook Add-in

Allow users to flag their own messages for SPX Encryption right from within Outlook as they compose them, or send spam samples from their inbox directly to SophosLabs with our simple Outlook Add-in.

How It Works

Web Application Firewall

Protects your web servers from tampering and hacking attempts and provides load balancing across a multi-node farm. It secures your web applications against more than 350 attack patterns including SQL injection, cross-site scripting, and much more. Also block clients with bad reputations outright.

Server Hardening

Close the door on vulnerabilities in your websites without involving developers. Static URL hardening prevents hackers from manually constructing “deep links” that lead to unauthorized access. Form hardening ensures malicious scripts and code cannot be entered to exploit your database, and cookie protection makes sure cookies are signed to prevent tampering.

Reverse Proxy Authentication

Our reverse proxy authentication offloading provides persistent basic or form-based authentication. It adds an extra layer of security to services like Outlook Web Access for Exchange by allowing users to authenticate against our exploit-free reverse proxy. It’s the perfect solution for replacing Microsoft’s discontinued Forefront TMG.

Antivirus Scanning

Set up scanning of all inbound and outbound files to your servers with our dual antivirus agents to keep infected content off your network and ensure you’re not distributing malicious or infected content.

SSL Offloading

Relieve your web or application servers from the processing burden of encrypting and decrypting traffic sent via SSL with the UTM’s ability to offload SSL. Setup is easy – it’s as simple as uploading your SSL certificate to the UTM WAF.