Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5728 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detecting machines without Sophos

JhunBanz

Hi ,

What is the best way to detect or locate machines without running Sophos Endpoint Protection clients.?

Regards,

Jhun

:48328


This thread was automatically locked due to age.
Parents
  • 0

    Hello Jhun,

    arguably the "best" way is some kind of NAC.

    Now, Machines Without Sophos are, as set theory tells us, the complement of Machines With Sophos in All Machines. Assuming, for simplification, that you know the Machines With Sophos as they report to SEC the requisite is that enumerate All Machines. Excuse my lecturing but it boils down to this.

    In practice it first depends on your definition of running with protection, i.e. whether you allow unmanaged clients or not. This aside SEC has several built-in methods for discovery, all have prerequisites. Please see step 6 in the Sophos endpoint deployment guide and the linked articles for details.

    HTH

    Christian 

    :48332
Reply
  • 0

    Hello Jhun,

    arguably the "best" way is some kind of NAC.

    Now, Machines Without Sophos are, as set theory tells us, the complement of Machines With Sophos in All Machines. Assuming, for simplification, that you know the Machines With Sophos as they report to SEC the requisite is that enumerate All Machines. Excuse my lecturing but it boils down to this.

    In practice it first depends on your definition of running with protection, i.e. whether you allow unmanaged clients or not. This aside SEC has several built-in methods for discovery, all have prerequisites. Please see step 6 in the Sophos endpoint deployment guide and the linked articles for details.

    HTH

    Christian 

    :48332
Children
No Data