Sophos XG Review

Offers a high level of visibility of what's happening on your network or on your client machines


What is our primary use case?

I use Sophos XG as a content filtering, web filtering, and application filtering utility, as well as to integrate with the endpoint antivirus software. 

I have Sophos Endpoint Antivirus installed on the user machines as well, i.e. the Central Cloud Management version. That's our main use. 

Sophos XG has cybersecurity. It integrates with the antivirus software.

How has it helped my organization?

I have a serious problem because our offices are scattered around the world in very remote areas. We cannot deploy proper branch office guides, active directory sites, and software services. 

It is impossible to apply any sort of group policy on the user machines, which makes it very hard to control issues like USB ports, access to cameras, or access to any preferences on the user machines. 

With the integration between Sophos UTM and the installed endpoint antivirus, you can now manage all those features from your cloud subscription. You can allow and block whatever you want from the cloud. 

You can allow whatever USB ports you want for specific devices with specific IDs, serial numbers or modems. The machine gets updated online or updated from the antivirus settings, i.e. the UTM unit itself.

The UTM unit itself has a cache update on it. Once the clients behind the UTM get updated, they get access or they get denied access to the hardware resources they are applying for. This is a major benefit for us.

What is most valuable?

The application filters available with Sophos XG are brilliant. The sandboxing and the way the firewall or the UTM integrates with the installed endpoint antivirus clients on the user machines is brilliant. You get the chance to isolate network threats before they become active or become distributed on your network. 

With the cloud version of Sophos XG, you get the proper visibility of your network and the user machines. With the cloud versions of the antivirus, i.e. the cloud central management of the antivirus, you get high visibility.

With the application between the installed Sophos UTM, you get a high level of visibility of what's happening on your network or on your client machines. You get protected against threats. You get proper visibility. That solves a major issue.

What needs improvement?

There was a big issue with the Cyberoam and with the SG units as well, i.e. the previous Sophos UTM model. With Sophos XG, you get the chance to block what sites operate on SSL or that operate with HTTPS, without the need of extracting and distributing a certificate. 

On older Cyberoam and Sophos SG old versions, if you wanted to block something like YouTube or Facebook or any other websites that operate with HTTPS, you had to extract the certificate. Then you had to export that certificate. Then you had to re-import that certificate in all the user browsers. 

The only problem was if you needed to use an active directory where those certificates would be automatically thrown into the user browsers once they logged in to the domain. 

For a scenario like mine where you don't have a group policy, it is a disaster and ends up with you setting the rules to block certain websites with HTTPS on the firewall, even while they are not being blocked so that the user will still have access to them. This problem is now 100% sorted out with Sophos XG.

Now you can actually block whatever you want, whether it's using HTTPS or HTTP keys from the firewall without the need for extracting certificates. That's a major improvement. That problem with the HTTPS settings was a huge issue. 

I know other people must be enjoying that it's sorted out now. It was a serious and major issue for Sophos. The only issue that Sophos XG now needs to improve is the product's reporting capabilities.

For how long have I used the solution?

I have used Sophos XG for over 10 years.

What do I think about the stability of the solution?

Sophos XG is stable enough for our requirements.

What do I think about the scalability of the solution?

We have about 450 Sophos XG users currently using this edition and 300 for the antivirus platform installed on the machines, plus in-service, around 310. We also have around 15 additional units deployed around the world.

How are customer service and technical support?

I'll give Sophos XG technical support an eight out of ten for their service.

If you previously used a different solution, which one did you use and why did you switch?

I used Cyberoam previously, although I always used it as a UTM only. What made me move to Sophos is that they were acquired, i.e. they acquired Cyberoam to start with the development. At that time the software had many features that were not available with FortiGate, in terms of content filtering, and it was an appliance when Websense was the software to be installed on a server. 

There was a problem with our operating system with some of the updates, i.e. with the operating system or the hardware. I moved from Websense to Cyberoam because it wasn't applying properly.

How was the initial setup?

The initial setup is definitely something different than the old Cyberoam and it's a bit complex. If you've been dealing with UTMs and you understand the concept, it is still complex but then I find it enjoyable.

Sophos XG is not hard to configure. Too much detail is always good. 

I required three or four hours for the initial setup. One day for the testing, fine-tuning, optimizing, and categorizing. Three days for the first unit with the initial setup and the customization including testing. Finally, three days for testing all the rules, the QA, and then putting everything live. 

What about the implementation team?

I used to work for an integrator myself years ago, as well as my team. We are all trained. We are all professional in what we are doing. No external help was used.

What was our ROI?

Our ROI is 100%. I've got the ransomware attacks being blocked. I've got the users' consumed bandwidth by using proxy bypasses and all sorts of applications being blocked now. 

It's saving on the companies and the employees working hours and time. It's saving on minimizing virus infections and applications that the users like to use on their machines in order to bypass blocking USB ports or cameras. 

It is saving the company money by saving bandwidth and saving employees time by not allowing them to access time-wasting websites.

What's my experience with pricing, setup cost, and licensing?

We have the annual license for Sophos XG. It all depends on what you would like to have in the package that you are purchasing.

Which other solutions did I evaluate?

I evaluated FortiGate but wasn't happy with it. I evaluated another group called WatchGuard. WatchGuard has good features in it, but it's for a smaller business scale than the Sophos clients.

I evaluated Cisco ASA or PIX but now, I use Sophos XG as the firewall. I have confidence in their unit. Before Cyberoam and Sophos, I used FortiGate and Websense for our UTM requirements.

What other advice do I have?

I recommend that everyone should have a proper understanding of new network requirements and then enjoy it. Sophos XG is definitely a good product.

On a scale of 1 to 10, I would give Sophos XG an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email