> Sophos is a software company. What does Sophos know about hardware?
> How many appliances has Sophos sold?
> Why should I risk buying version 1 of a product?
> Why doesn't the ES4000 support clustering?
> Why doesn't Sophos support outbreak filters?
> Why doesn't the ES4000 scan within attachments for keywords?
> Why doesn't the ES4000 offer encryption?
> Why doesn't the ES4000 use Bayesian filtering?
> Why doesn't the ES4000 use message throttling?
> Why can't I put web filtering on my ES4000?
> Why don't you offer Unified Threat Management (UTM) appliances?
> What do you mean by blended threats?
> Why doesn't the ES4000 have redundant network interfaces?
> How do I know the ES4000 is secure?
> How will the ES4000 meet my company's robust compliance requirements?
Q: Sophos is a software company. What does Sophos know about hardware?
Sophos has assured the success of the ES4000 by choosing a proven, robust hardware platform and a recognised
hardware integrator to deliver the high level of service and protection for which Sophos is known. Importantly:
- Sophos has been in the security business for 20 years.
- Software is the central ingredient in any appliance solution.
- Sophos's hardware provider also supplies many well-known organisations, such as Nortel and EMC.
- Sophos is so confident in its appliance that it provides a three-year advance replacement warranty on every
appliance (subject to valid software licensing).
Q: How many appliances has Sophos sold?
A: The ES4000 is a new product, launched in February 2006. Sophos has sold more than 10,000 gateway software
solutions, including more than 2,000 installations of PureMessage for UNIX.
Q: Why should I risk buying version 1 of a product?
The ES4000 uses the same threat protection technologies as Sophos software solutions.
- Sophos has sold more than 10,000 gateway software solutions, including more than 2,000 installations
of PureMessage for UNIX.
- The ES4000 appliance hardware is a proven, robust solution from a provider that also supplies many
well-known organisations, such as Nortel and EMC.
Q: Why doesn't the ES4000 support clustering?
A: The ES4000 has more than enough onboard processing power and storage space to secure the most demanding
email networks. It has a processing capability of 40,000 messages per hour, and features:
- High-capacity Intel Xeon 3.2 GHz processors and mirrored disk drives with 146 GB of storage space for
high-volume mail systems.
- Onboard hard disk and power supply redundancy with extremely low failure rates.
Future Sophos appliances will support clustering, but if you need this feature now, we recommend the Sophos
PureMessage for UNIX software solution, which supports clustering as well as other multi-server management features.
Q: Why doesn't Sophos support outbreak filters?
Outbreak filters are downstream threat mitigation solutions used by companies that do not have the visibility or technology
to detect new and emerging threats in the wild before they propagate. SophosLabs, Sophos's global network of threat analysis
centres, delivers advanced protection against these threats without requiring system lockdowns or yielding the high false positive
rates often accompanying an outbreak. SophosLabs has visibility into worldwide virus and spam activity, enabling consistently
high spam catch rates and virus detection rates without requiring outbreak filters that compromise the flow of clean, wanted mail.
TOP
Q: Why doesn't the ES4000 scan within attachments for keywords?
A: The ES4000 is primarly focused on protecting your email system from malicious and damaging viruses, Trojans and other
malware, as well as keeping your inboxes free of unwanted mail. Sophos views keyword attachment scanning as an internal or
outbound compliance tool rather than as a defence against unwanted inbound mail.
Future Sophos appliances will support attachment content scanning, but if you need this feature now, we recommend the
Sophos PureMessage for Windows/Exchange software solution.
Q: Why doesn't the ES4000 offer encryption?
A: The ES4000 is primarily focused on protecting your email system from malicious and damaging viruses, Trojans and other
malware, as well as keeping your inboxes free of unwanted mail. Due to its complexity, most organisations requiring encryption
use it in a limited fashion as a specific outbound compliance tool rather than a general defence against unwanted inbound mail.
TLS encryption will be included in future appliances, but if encryption is a vital requirement, we recommend the Sophos
PureMessage for UNIX software solution, which uses server-to-server encryption built into bundled Sendmail and Postfix MTAs.
Q: Why doesn't the ES4000 use Bayesian filtering?
A: Extensive testing by SophosLabs has shown that Bayesian filtering is not as effective for gateway scanning as other vendor-controlled
and updated solutions. When deployed at the gateway, rather than as an end-user solution, Bayesian filtering does not significantly reduce
false positives or improve catch rates. It requires extensive, ongoing training and cannot manage conflicting user requirements. There is also
no effective way to audit filtering rules from a business perspective since the technique adds a fuzzy, user-dependent randomness to results.
Q: Why doesn't the ES4000 use message throttling?
A: Many other solutions use message throttling to manage capacity and improve catch rates by delaying both spam and legitimate messages.
Rather than delay messages, Sophos provides sufficient capacity on the ES4000 to handle all traffic. Sophos uses a range of spam detection
techniques, including reputation filtering, signature detection and URI filtering, to deliver the optimum combination of high catch rates and low
false positives. This multi-layered approach is a superior solution in the face of advancing spam techniques.
TOP
Q: Why can't I put web filtering on my ES4000?
Purpose-built, single-protocol appliances currently offer the most efficient and easily managed protection available. Unified Threat Management
(UTM) appliances are sold by smaller companies not geared to support the needs of larger enterprises. Most users of these appliances do not
actually use all the features, opting instead for dedicated solutions for each protocol. Sophos will continue to monitor the demands of our customers,
and the market at large, to determine the needs for multi-protocol appliances.
Q: Why don't you offer Unified Threat Management (UTM) appliances?
A:UTM appliances have developed as extensions to their vendor's firewall product line and, as such, concentrate on packet-level filtering.
Packet filtering is effective at blocking intrusion attempts but, because of the nature of blended threats, is not as effective as content scanning
when protecting against spam and virusees.
Q: What do you mean by blended threats?
Combining the features of viruses and spam, blended threats can use emailed links to spread viruses, and virus-infected systems to conduct
phishing attacks, and distribute spam. Blended threats are increasingly the preferred approach used by commercially motivated spammers and
virus writers, as they attempt to evade detection by standard threat protection technology.
SophosLabs is uniquely positioned with integrated virus and spam analysis labs to provide leading protection against these more complex
and evasive threats. SophosLabs maintains a global network of integrated threat analysis centres, combining virus and spam countermeasures
into one effective solution. For instance, the labs produce email filtering definitions to block virus carrier and virus-bounce messages to
complement the attachment scanning provided by our virus detection. Together, these systems are often able to block virus and spam attacks
before they occur by collectively blocking the source, destination, content and executable payload of the virus.
Q: Why doesn't the ES4000 have redundant network interfaces?
The ES4000 has two 10/100/1000 Ethernet network adaptors on the motherboard - one for internal and one for external communications.
This configuration has much lower failure rates than network interface cards (NICs), which themselves have an extremely low failure rate.
Competitive appliances with two NICs use them for separate in/out flow, not for redundancy.
Although the ES4000 will become disconnected if the network adaptors fail, it is highly unlikely that this will occur. We recommend that
customers needing this level of redundancy purchase either:
- Two appliances, or
- Sophos PureMessage for UNIX software to work with hardware specifically tailored to their need for hardware redundancy
Q: How do I know the ES4000 is secure?
Through Sophos's experience with PureMessage software, Sophos has determined that FreeBSD is the fastest and most reliable operating system
for our software. A hardened FreeBSD kernel is used on the ES4000 to ensure rock-solid system stability, with the minimum number of running
applications and open ports (5 primary, 3 secondary) for assured security and stability. The ES4000 also features advanced monitoring technology
that alerts you and Sophos if the software on the box changes, the appliance lid has been opened, or the hardware tampered with.
Q: How will the ES4000 meet my company's robust compliance requirements?
Combining the features of viruses and spam, blended threats can use emailed links to spread viruses, and virus-infected systems to conduct
phishing attacks, and distribute spam. Blended threats are increasingly the preferred approach used by commercially motivated spammers and
virus writers, as they attempt to evade detection by standard threat protection technology.
The ES4000 is designed as a security solution for organisations with basic policy requirements. If you require a more robust policy environment,
we recommend the Sophos PureMessage for UNIX software solution. PureMessage was recently called 'King of policy' by Network World magazine
for its flexibility and the breadth of features and support available to address policy definition and policy management needs.
TOP