Today we’re going to discuss Sophos FullGuard and EnterpriseGuard. These are Sophos‘ licensing products, and they can be a little confusing to the uninitiated. So, hopefully this will make it easier to understand what they are and why they’re important.
Think of these licenses, or “software subscriptions,” as feature sets. Licensing is used to enable various features on the Sophos XG Firewall and the same general principles apply regardless of whether the license is for a hardware firewall or a virtual/software firewall.
All XG firewalls come with a free, perpetual base license. This license covers network firewall, SSL and IPSec VPN, and wireless protection such as hotspot support. The other licensing options simply build on the capabilities of the base license. They add weapons to your firewall’s defensive arsenal, to be able to repulse more kinds of threats. Additional features can be purchased as 1, 2 or 3 year subscriptions.
The basics of FullGuard and EnterpriseGuard
Sophos’ licensing model offers four Guard packages: FullGuard, FullGuard Plus, EnterpriseGuard, and EnterpriseGuard Plus. These four packages are software only, and so are purchased as upgrades or renewals for a firewall you already have.
First, there’s FullGuard/FullGuard Plus. These combine all the core licenses in one cost-effective subscription for complete security: Essential Firewall, Network Protection, Web Protection, Email Protection, Wireless Protection and Web Server Protection, and tech support. In addition, FullGuard Plus also has Sandstorm Protection. It is the best level of protection Sophos offers.
Next, EnterpriseGuard features network protection, web protection and enhanced support. This is great choice for smaller “enterprises” or those that need a lower level of asset protection.
EnterpriseGuard Plus is the same as EnterpriseGuard, but with Sandstorm protection.
Finally, Sophos offers EnterpriseProtect, EnterpriseProtect Plus, TotalProtect and TotalProtect Plus: Basically, these four Protect bundles include the firewall as well. This is the perfect way to order a new firewall, whether a physical or virtual one. These bundles give you pretty much everything you need in one easy-to-manage license.
For example, TotalProtect Plus gives you an XG firewall (physical or virtual), plus the base license (that comes with all the firewalls), and FullGuard Plus. And remember, FullGuard Plus has network protection, web protection, email protection, web server protection, and enhanced support, plus Sandstorm. Now, Sandstorm is Sophos’ marketing name for it’s Sandboxing technology. It’s a growing field of cybersecurity, so it bears a little unpacking.
What is Sandstorm?
Many vendors have this feature, and they all operate on the same basic principle. A suspicious file is uploaded to (in this case) Sophos’ sandboxing servers where it is ‘detonated.’ Then, its behavior analyzed to decide if it contains malware.
Sounds cool, what does it mean? Well, it means running suspicious files in an emulated environment. In other words, a sandbox. EXE files and MSIs are two examples of these.
An executable file (EXE) is a type of computer file that runs a program when it is opened. In other words, it executes code or a series of instructions contained in the file. We’ve all experienced these, any time we install or update anything. And, since they run code when opened, you should not open unknown executable files, especially if received as email attachments.
An MSI is similar. Basically, it’s another thingy that installs something on your computer when you double-click on it, it just does it in a different way.
How about a word picture?
It’s sort of like if you got a box delivered to your home via FedEx, and you noticed it was ticking. You might decide to take it out and open it in a safe, isolated area rather than on your kitchen table.
One important thing to understand about Sandboxing is, it is behavior-based, rather than signature-based. Malware detection that is signature-based looks at the suspicious critter and compares it against a comprehensive, (hopefully up-to-date) list of known malwares. If your name shows up on the list, you’re outta here. Behavioral analysis just ‘detonates the little sucker to see what it does. Then, it makes up it’s mind and acts based on what it sees.