I just finished up with a comparative study of Sophos and McAfee. The results were interesting. Sophos actually detected mal-ware that my existing McAfee implementations did not, and it is extremely fast. If I were to have picked my favorites of Sophos it would be:
1). Tiny differential updates throughout the day. McAfee only updates once per day (Monday – Friday), and this really failed when a buggy update shutdown XP systems in 2010.
2). Scanning engine is incredibly fast, and smaller memory footprint (compared to McAfee).
3). Firewall and peripheral device control (i.e. USB Device lockouts and blocking of wireless bridging).
Now, on to McAfee. I still have not yet found E-Policy Orchestrator’s equal. It’s central management system is still a great policy interface. I was asked by a sales rep, “What is the most important thing an antivirus product must do, in a manager’s eyes”. Well, that question backfired, as my answer was “Good reporting and management”.
Now, if they had asked me “….. for the business….”, I would have answered, “catch malware”. You see, from my point of view, I need to know how my entire infrastructure is handling security events and making sure all devices have protection.
Sophos does not have great reporting. I’ve been told they are working on an API to make it better, but I am not known to purchase based on “future roadmaps”. They have reports, sure….. but the best reports are ones that we can create ourselves. Out-of-the-box reports are great, but not when you are slicing and dicing data looking for something. That is where EPO excels at.
Another piece, albeit small but still powerful, is the ability to search by username. If someone is having a problem, it is so easy to just search for their username, and pull up their system and all policies and events associated with them.
Finally, Sophos does not handle inheritance. Setting policies at a root level, and having those policies trickle down to sub-groups, are a great way to be efficient and manage them.
I’m still bothered of the fact that Sophos found items that McAfee didn’t. Is it because my policies were not strong enough? Am I scanning often enough? Or is Sophos just better at catching them? You see? It’s bothering…..
Overall, Sophos is really a great client and overall system. Had I not already been spoiled by EPO’s great features, I would have jumped on it. I am eager to see what Intel’s purchase of McAfee has planned for them.