The Sophos solution offers enhanced visibility compared with its previous solution, which didn’t reliably provide alerts about potential viruses. Sophos also automates some work that would otherwise need to be performed manually.
“You don’t have to do a lot,” says Kaiser. “The MDM goes through and grabs the latest definitions, and it’s one of the things that’s reported on the back side. That’s one thing that’s by far easier: If you added an update with the previous system, you’d have to actually go into the system, push it out through the cloud client to people and hope they had it installed.”
The solution also provides capabilities that OmniTel, which receives some government funding, felt would resonate with auditors.“Every year, the auditors get more in-depth about how you protect customer data,” explains OmniTel Systems Administrator Trent Parker. “If we just say, ‘Oh, we installed three anti-virus programs,’ that doesn’t go so well. That was a big piece of why we wanted to go with a new solution.”
The Value of Combining Security Features
Opting for a combined security platform instead of separate firewall, endpoint protection or other products can provide some intuitive advantages, says Christopher Kissel, a research director in IDC’s security products group.“There is so much that can be used to find indicators of compromise: packet entropy, role and rule violations, data loss, file integrity corruption, user behavior analytics such as unique port activity,” Kissel says. “Even if you can knit a fabric that pulls open-source and point products together, platforms give you a single pane of glass to work with and have internal algorithms that sift through the multiple indicators of compromise to try to produce a single version of truth, or at least reduce redundant or false positives.”