Implement a console type interface into the UTM for controlling the endpoints.
The UTM endpoint protection should have a way to view the quarantine items on the endpoints and authorise or clean what it has discovered. If the application is to be authorised there should be a way to auto add this directly to the exceptions policy. The ability to run a scan of the endpoint from the UTM should also be included. Currently the UTM implementation of the endpoint protection is more like a notice than a central management point, meaning the admin has to go to the machines in question (either physically or with a remote connection) to investigate the actual details. Being able to view the endpoints local logs would also be beneficial.
Adrien Belcourt commented
I know there is project to create a cloud security console taking a unified security view over new integrated network and endpoint security functionality. Ultimately this will supersede the endpoint management console on either the UTM or the more traditional Server used for classic AV/endpoint management.
However, there are two issues here. First the UTM endpoint management capability is poor. I am sorry but a management console that does not allow you to check what is going on, without having to visit each PC whether physically or virtually. Not good enough for a company like Sophos - that understands so well the operational issues for managing infection on endpoints.
Second, if we wait for the new functionality of cloud managed network/endpoint security integration to fix the poor UTM endpoint management capability - then we risk losing opportunities and momentum.
Customers are being asked to go without now, because “you will feast later on and it will be fantastic”. Well with all the competition out there - why should we wait? May as well go with the competition and by the time Sophos delivers, maybe the competition will have delivered as well and we don’t need to swap back.
If this GameOver virus hits as hard as we expect with 1 in 30 infected in the UK, lack of ability by Sophos in its UTM AV offering will not reflect well. Not at all. Being able to do effective management of endpoint security has never been so important or have the risk to reflect so badly on the UTM version.
Being able to manage endpoints from a management console is *table stakes* functionality.
If the AV management console on the UTM was a painting, then the painting would have been done in crayons by some toddler in engineering playgroup.
There may be better futures coming with cloud/SUM/network security console, *but* in the real world where real customers are dealing with real issues like mitigating the very real threat of the GameOver Zeus virus
In that world - we need the functionality now.
Not in some unspecified timeline in the future.