Endpoint Web Control

Sophos Web Appliances can perform filtering for URLs and file types at the network gateway. Sophos Enterprise Console allows you to extend some of this same capability via Sophos Endpoint Security and Control, filtering 14 essential site categories on endpoint machines.

By combining a Sophos Web Appliance with Sophos Enterprise Console, however, your organization can take advantage of features that both products have to offer. Once you have configured them to work together, you can apply a full web control policy with more than 50 site categories to each user machine by way of Endpoint Security and Control.

Endpoint machines then communicate with the designated Web Appliance or Sophos Management Appliance, receiving policy updates and sending back web activity reports to the appliance and web events to Enterprise Console. Optionally, you can grant users the ability to receive policy updates and send web activity reports through a cloud service during periods when users are disconnected from the your corporate network.

As illustrated below, Enterprise Console can enable endpoint web control using three different methods.

Method 1: Enterprise Console (standalone mode)

Even without a Web Appliance or Management appliance, Enterprise Console offers basic web filtering. When a web control policy is configured and enabled solely through Enterprise Console, rules for 14 essential categories are applied for each user through Sophos Endpoint Security and Control. The policy, defined on Enterprise Console as “Potentially Unwanted Website Control,” is published to users. Users’ web activity data is sent back to Enterprise Console, where they are displayed as “web events.”

If necessary, the endpoint software performs URL classifications via SXL queries to Sophos. SXL is the infrastructure that Sophos uses to submit real-time, DNS-based queries to SophosLabs regarding IP addresses, URIs within messages, and image fingerprints.

Method 2: Enterprise Console and Appliance

When a full web control policy is applied using either a Sophos Web Appliance or Sophos Management Appliance, Enterprise Console supplies the hostname of the corresponding appliance so that endpoints can communicate with it. The users’ endpoint software connects to that appliance and obtains a complete web-filtering policy. Users’ web activity data is sent back to the designated appliance, while web event data (websites scanned and assessed by the live URL-filtering feature) is sent to Enterprise Console.

If necessary, the endpoint software performs URL classifications via SXL queries to Sophos. SXL is the infrastructure that Sophos uses to submit real-time, DNS-based queries to SophosLabs regarding IP addresses, URIs within messages, and image fingerprints.

Method 3: Enterprise Console and Appliance with LiveConnect

Optionally, you can deploy full web control with LiveConnect enabled. Data is exchanged exactly as it is in Method 2, except that users have access to a cloud service that allows roaming endpoints to connect with the designated Web Appliance without you having to grant special access through your organization’s firewall or reconfigure any externally facing network services.

It does so by providing a bridge between outbound HTTP connections made by the endpoint and its managing Appliance (as shown above). This allows the endpoint to apply the same web-filtering rules for roaming users as they would get when protected by a gateway appliance.

Benefits of Endpoint Web Control

While the Sophos Web Appliance provides security and productivity protection for systems browsing the web from within your corporate network, Endpoint Web Control extends this protection to users' machines. This provides protection, control, and reporting for endpoint machines that are located, or roam, outside your corporate network.

Enterprise Console can deliver Web Control policies to your endpoint machines that provide malware protection and productivity rules based on common site categorizations. With the combination of Sophos Enterprise Console and a Sophos Web Appliance it is possible to extend your Full Web Policy to endpoint machines, providing more than 50 site categories, highly flexible policy configuration, and detailed reporting on threats and usage.