When we speak to educational institutes, we often hear different requirements for their security products which comes from different roles.
- Safeguard officer – Student safety is paramount, we need tools to protect the students.
- IT manager – We have to ensure our network is secure from external threats.
What if I told you we can satisfy both requirements with the products available in the Sophos toolkit?
Securing the network
The guidelines around safeguarding can often be left open to interpretation, especially around prevention. Policies can differ between schools, counties, and boards so a clear perspective of what is required from the safeguarding policy is key. However, not everyone is aware of the capabilities of the Sophos XG and how it can help prevent and meet safeguarding policies alongside Intercept X and Mobile Control.
Danger, danger! Let’s not forget network security. As technology evolves network security is becoming more and more important in protecting the network for the latest vulnerabilities, especially the zero day threats. Sophos deep learning is a quantum leap beyond basic machine learning, capable of identifying known threats and unknown threats. It is continually learning and creating a safer network. Check out the Sophos Products YouTube channel to get an overview of each product and how your network can be protected.
This short video highlights the importance to network security.
The Sophos XG Unified Thread Management (UTM) has a strong feature set offering a hard line of defense. As with any other firewall, it is able to lock down traffic between zones such as LAN, WAN, DMZ, and more while allowing the required traffic through with firewall and NAT rules. But all firewalls do that, right? Well, we go above and beyond with intrusion prevention, advanced threat control, web Filtering, application filtering and more. We won’t list every feature here, but all these features will work with the firewall rules.
Protecting end users
So, your network is protected, but what about the students themselves? Application filtering and web filtering are two of the best features to aid in prevention for safeguarding.
Web filtering policies can be configured on a granular level and applied to different security groups. This means you can have more than just student and staff policies. It can be broken down by department, subject, or whatever the requirements may be. They can also be configured with time criteria, where some categories may be allowed outside of normal work/school hours; or there can be quotas to allow a maximum amount of time allowed on categories per day.
As mentioned in our previous video, you can also configure safe search per policy, along with user overrides enabling teachers to create temporary codes to unblock certain categories and websites for educational purposes. This coincides perfectly with the custom block pages that can be setup when a user may be looking at content that is high on the safe guarding radar. This block page could offer support for the student rather simply blocking their access.
How many websites these days have their own applications? This means blocking a website just does not cut it out completely anymore. Application filtering is another great way to block unwanted internet behavior and prevent students from accessing content they shouldn’t. This can especially be useful for BYOD devices without a certificate installed for SSL inspection.
Know what works with reports and alerts
The network is protected, and we are working to prevent students from accessing content they shouldn’t – but how do you know it’s working? Sophos XG reporting has built-in reports that can be set up for regular alerts, and the ability to set up custom reports to target any safeguarding concerns. Additionally, there is also the ability to connect a syslog server for even more reporting capabilities. On top of this, on the main Sophos XG dashboard you’ll see alerts such as user threat quotient (UTQ) that will provide a simple-to-use report and a graph highlighting the riskiest users.
Combine Sophos Intercept X with EDR and Synchronized Security with a Sophos XG, and network and endpoint infrastructure will be protected from known and unknown attacks. Additionally, the Sophos Synchronized Security concept means that authentication information can be forwarded for the endpoint to the Sophos XG, ensuring the most reliable information is available for reporting and the correct filtering is applied.
Add Sophos Mobile to the mix with Sophos Intercept X for Mobile, and now you can protect and add additional layers of security and prevention to BYOD devices.
This can all be managed in one single pane of glass: Sophos Central.
Secure, scalable, simple.