Sophos Cloud UTM 9 (Auto Scaling PAYG)
Sophos | 9.718Linux/Unix, Other 9.717 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
existing VPC template is missing
can you please create an existing template for this autoscaling ?
as it stands the Sophos UTM 9 (Auto Scaling PAYG) only supports new vpc
many customers already have vpc with their subnets including utm firewalls
- Leave a Comment |
- Mark review as helpful
Enables us to fully isolate an infected server or workstation with the click of a button
Threat management for servers is our primary use case. We're not using it on all workstations, just a few. We're primarily using it on servers.
The version we're using is fully in the cloud, not on-prem.
How has it helped my organization?
We don't have to worry about viruses anymore. Before Sophos, we didn't have anti-virus at all because we're a newer company and we're just now starting to get into business-level stuff. When we installed it on a few of the users' machines, we saw that they did have very minor infections - they downloaded something they shouldn't have, something that could have hurt the computer. We were able say, "Well, we're glad they didn't click on that."
What is most valuable?
The isolation of infected machines is a big feature. Also, the ability to detect external sources that change files on a file server is really big.
The third key feature is something called EDR. It's a type of advanced file analysis. If you aren't sure what a file is you can click on it and it will upload a sample to Sophos and it will respond saying, "That's malicious," or "Not malicious." You can see every individual file and registry key that that file has ever interacted with, and what they did. It will show you every single thing it's done to the machine so you can clean up everything or check everything that it has ever touched. You don't have to worry about, "Oh, did I clean everything up?"
What needs improvement?
It does have built-in policies which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
In terms of stability, it's definitely top-notch, a market leader. The ability to do things and the availability of it being online aren't an issue.
What do I think about the scalability of the solution?
It seems very scalable. All you do is install the client, and it pulls it in. You don't have to actually have more Sophos servers running. It all goes back to their central, cloud-based platform, which is nice.
How is customer service and technical support?
I haven't had to use Sophos' technical support.
How was the initial setup?
The initial integration and configuration of Sophos in our AWS environment was incredibly easy. They give you a license key and a file. You download that file on the operating system type that you're trying to install it on. Install it and it's done. There's nothing else at all to do. It gets auto-configured for you.
What was our ROI?
We haven't seen ROI because we just got it two or three months ago. Over time we will.
What's my experience with pricing, setup cost, and licensing?
The biggest issue with Sophos is the pricing. It's definitely more expensive. We looked at Webroot, which is a big alternative, and Sophos was almost three times the price of Webroot. That's a pretty big difference.
We actually went with both Webroot and Sophos. We went with Webroot for most of the client machines. We're only using Sophos for the servers and the really important client machines, like the ones the managers use. That way, we can split our cost up a little bit.
Which other solutions did I evaluate?
We looked at Webroot, primarily. That was pretty much the only one we evaluated that was even close to being a competitor. We did look at a few others, but we didn't even do the trials because \Webroot and Sophos offered so much more.
Webroot seemed really nice for Windows, but we have a lot of Macs. Our servers are Windows, and we definitely went with Sophos for the servers because it has a little bit more capability with Webroot.
An example would be that if you have a file server, it will actually detect if a source is changing stuff on the file server. Suppose that a client was connected to them. That client wouldn't even need protection. Sophos is smart enough to understand, "Hey, a client just uploaded this virus." Webroot wouldn't do that. Sophos also lets us do full isolations of the servers or workstations. So if something gets infected, we can isolate that machine with the click of a button, clean it up, and then release it back into the network. That's not something Webroot was capable of handling either. Those were two big things to us because both of those features stop viruses from spreading.
Everyone's going to get infected at some point. We just want to stop the spread as soon as possible.
What other advice do I have?
If you're running a full Windows-based shop you're going to have a lot more options, so make sure you shop around. If you're running a Mac-based shop like we are, Sophos is definitely the way to go. Just make sure you can afford it.
Regarding how well Sophos integrates with other products, so far we haven't integrated it with anything. We have it on the servers and we have it scanning our Amazon accounts, but that's it. The integration with Amazon is cool. Maybe they could work on that because it seems like a newer feature. You can see what's available but not really do anything yet.
Allows our client to use cross-region AWS VPCs to connect remote dev offices
A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.
How has it helped my organization?
The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.
What is most valuable?
Classic defence in depth, with layered features.
* SPI (stateful packet inspection)
* IPS
* WAF
* VPN capability with built-in load balancer
Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.
UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful.
Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.
What's my experience with pricing, setup cost, and licensing?
We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.
What other advice do I have?
We didn’t find any issues but I know there have been some in the last few years. I can’t comment about Sophos’ on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it’s taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.
As both a firewall and UTM it's perfect, however, sometimes with setting up the spam filters there is an issue.
As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.
What is most valuable?
As both a firewall and UTM it's perfect.
What do I think about the scalability of the solution?
No issues encountered.
How is customer service and technical support?
Customer Service: For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.
Technical Support: 10/10.
Which solutions did we use previously?
As we are a service provider, we offer various other products to our customer:
* Astaro ASG
* Avaya/Netscreen
* Fortinet
* HP Switches & WiFi
* Juniper SSG
* Juniper SRX 210 & 240
* Juniper WXC
* Sophos next generation SG, including RED, SG, and WiFi
* Telindus Crocus E1Q
How was the initial setup?
For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.
What about the implementation team?
In one project I implemented Sophos for was a bank. I had to involve the Sophos team as the client was asking for WAF in transparent mode with HTTPS inspection. They were 10/10.
Which other solutions did I evaluate?
Prior to Sophos, it was mainly Juniper and Fortinet.
What other advice do I have?
Application Control should be able to be managed with users; however, we now have a protected, standardized network.
Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves from web attacks (from the outside) which nowadays are really sophisticated. Also, we had to employ many work hours to have a protected, standardized network. With Sophos EndPoint and Sophos UTM, we simplified and also protected our network at the same time, with less work force.
What is most valuable?
The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. The just introduced Sandstorm system for protection, is awesome as well.
What needs improvement?
Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
The scalability is awesome as when you need the network protection systems to grow immediately, you just activate and license the exact same box, and configure it in cluster mode for Active-Active mode in Cluster/High Availability.
How is customer service and technical support?
This is where Sophos vendor outclasses every other vendor. They have grown so much throughout the last four to five years, but they have grown as well in their capability to attend support cases. We've had some really advanced cases, and we have never been forgotten or left behind.
Which solutions did we use previously?
We used a commercial product, Untangle, with our own brand called Rhino Box. Untangle did not invest in the development of features as we expected, such as the adoption of IPSec VPNs (they had it but very limited), and IPv6. This was what made us do research for our SMB/Enterprise market offering. We tried out Sophos UTM (recently purchased as Astaro UTM) and it was really easy to deploy and came with Sophos Support, which is awesome.
How was the initial setup?
The initial setup is straightforward. Sophos brand is well known in the market for being a unique and powerful tool that is simple to deploy and manage. This is what makes it different from any other vendors. The Sophos UTM, comes with a deployment "Wizard for Dummies" since it show the wizard at the initial setup, and in less than three minutes, you can have your box up and running. Also for Policies deployment, you are clicks away to customize your security settings.
What about the implementation team?
We always deploy by ourselves, so that way we can test how the customer will see the initial implementation. Our main advice, is to read the manual, and follow the wizards that comes with each tool. Also, it is strongly recommended to have a professional firm contracted for the initial setup, and support, as we are, to can design, and help with any kind of implementation issues.
What was our ROI?
The ROI is in 12-16 months, since with this kind of tool, we deliver the best of breed protection, and increment the focus of the end user, in being productive.
What's my experience with pricing, setup cost, and licensing?
I recommend you get the three year licenses, since Sophos offers three years for the price of two. I would also recommend that you acquire any Sophos Licensing with Professional Services added, that way, you'll have the best experience possible.
What other advice do I have?
It improved bandwidth utilization and provided link load balancing features for internet and intranet lease lines
We were looking for a solution which provided a single view for both a wired and wireless network. We were previously using the Cyberoam 200ia firewall appliance and wanted an appliance which could support 1500 to 3000 corporate users. The solution also required a wireless access controller scalable to at least a 125 second wave 802.11 ac wireless access point. We purchased a Sophos XG 450 appliance with Sophos wireless access points.
How has it helped my organization?
It improved bandwidth utilization and provided link load balancing features for internet and intranet lease lines. It also provided good security for internal users.
What is most valuable?
* A good package overall
* A nice UTM appliance with a good GUI and reports.
* Configuring web access controls in the appliance is a bit typical and requires debarring and listing separately. Once configured, the solution works beautifully.
What needs improvement?
Initially, there were problems of wireless access points not getting detected and lease lines were getting disconnected after one hour. Sophos replaced the appliance, but the issue was not resolved . The matter got escalated to their international support and the issue was identified as a bug where long distance fiber connections are used over single mode fiber. The patch was shipped by Sophos with a promise to fix the issue in the next release.
Now, the appliance is working fine. The issue of wireless access points was due to some compatibility issues with the D-Link switch. I provided the Cisco 2900 series switches to connect to the wireless access points by creating a separate wireless LAN port on the firewall.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
Initially, there were issues with the wireless network as wireless access points were disappearing from the dashboard after some time. Later issues were resolved by connecting the wireless access points through Cisco switches.
What do I think about the scalability of the solution?
No scalability issues.
How is customer service and technical support?
Support is very good.
Which solutions did we use previously?
We used to use Cyberoam 200ia. It required to an upgrade due to end of life and the changed requirement of its organisation.
How was the initial setup?
The initial setup was complex as different VLANs had to be created for the business network, wireless network for corporate users, wireless network for guest users, and a separate VLAN for the communications network and the VC. QoS had to be enabled for different type of services. In addition, link load balancing was also configured and tested for internet lease lines and intranet MPLS lease lines.
What about the implementation team?
We implemented through a vendor team, and their expertise level was good.
What was our ROI?
ROI has yet to be calculated.
What's my experience with pricing, setup cost, and licensing?
We purchased the appliance with five years onsite support and licenses.
Which other solutions did I evaluate?
FortiGate 1000D.
What other advice do I have?
Sandstorm protects against crypto viruses in real-time
We replace customers' old and expensive devices such as firewalls, anti-spam, etc. with Sophos, as it has all these features. You don't need four boxes if you can have all these features in one box.
What is most valuable?
The most valuable features are
* Web Protection - Protects you against problems originating from the internet.
* Advanced protection (Sophos Sandstorm) - Protects against crypto viruses in real-time.
* Email Protection - Really strong anti-spam.
* REDs (Remote Ethernet Device) - Connects you from a remote workplace to your source network.
What needs improvement?
There is still room for improvement in wireless protection. I don't mean their WiFi device is bad, but there are still things to improve on, such as WiFi roaming.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
No, everything works perfectly.
How is customer service and technical support?
They have consultants who can help you quickly.
How was the initial setup?
You can use the wizard which will guide you through all the initial settings.
What's my experience with pricing, setup cost, and licensing?
Sometimes more is less, meaning if you want more than three features, take the FullGuard licence.
What other advice do I have?
We do not use this on AWS.
It can identify threats quickly, then find the affected devices and quarantine them
I am using it for security, antivirus, and malware detection.
How has it helped my organization?
It has helped by identifying threats within the company. If there are computers or servers that are compromised, then we are able to identify them right away in the system.
What is most valuable?
It can identify threats quickly, then find the affected devices and quarantine them.
It ease of use: The GUI is easy to maneuver through; it is not complicated.
What needs improvement?
The support needs improvement.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has been stable. We haven't had issues. It does what it is supposed to do.
What do I think about the scalability of the solution?
Since it is cloud-based, scalability works great. We have around 300 users in our environment.
How is customer service and technical support?
The technical support only communicates via email. I would prefer to communicate directly with someone.
Which other solutions did I evaluate?
We also considered Symantec and McAfee. We did not chose them because we had experience with both of them and were not happy with their platforms.
We chose Sophos for its ease of use and it detects malware and viruses that other companies can't detect.
What other advice do I have?
The product works. It helps you identify threats within the environment.
We were able to integrate it with different devices and the installation is straightforward.
We like the ease of deployment and the dashboards are good
It is used as an antivirus.
What is most valuable?
* Ease of deployment
* Licensing
* The dashboards are good.
What needs improvement?
They could reduce the price.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
The scalability is good for us. We are only a company of about 400, so it is perfect.
How is customer service and technical support?
I have not used the technical support.
How was the initial setup?
The implementation with the AWS environment was good.
We haven't had any issues with deployment.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are both good and better than Sophos's competitors. This is why we went with the product.
Which other solutions did I evaluate?
We looked at Symantec, but liked Sophos's licensing better.
What other advice do I have?
Consider the product, as it seems to be one of the top four.
It works well without any maintenance
* Firewalls
* Developer access
* VPN traffic
* Rerouting and routing.
I am using it to route traffic for developer access or regular traffic for my instances. I have a web application, and I control access to and from it in one of my environments.
How has it helped my organization?
All my needs are met at the moment.
What is most valuable?
Our policy is launch and forget. It works well without any maintenance. So far, it has worked pretty well regardless of the traffic.
What needs improvement?
The product could be simplified and made more self-explanatory.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
I am stressing it quite a bit, and the stability is great. I haven't performed any maintenance on the instances in quite a while now. It works. I am happy because everything works well.
What do I think about the scalability of the solution?
My throughput is moderate versus high throughput applications.
I am always holding a predefined number of instances, so I haven't had any issues.
How is customer service and technical support?
I have not used the technical support.
How was the initial setup?
The configuration was pretty complex on my side compared to OpenVPN. However, this might imply that Sophos has more use cases and capabilities. It depends.
Which other solutions did I evaluate?
I am also using OpenVPN.
Partially, for historic reasons, things were built prior to me being able to evaluate stuff. At the moment, we are using both solutions. In terms of pricing, when I need to spin up anything small with smaller requirements, I am using the free OpenVPN instead of Sophos UTM.
What other advice do I have?
Do your homework. Compare products. Use what you need depending on your needs.
showing 1 - 10