Windows XP retirement: Using Sophos products to secure XP
So here are some tips on how you can use Sophos products to maintain security for your yet-to-be-decommissioned XP systems during the transition period.
1. Run the Sophos endpoint
With the Sophos endpoint you will of course get our award-winning anti-malware scanner, but you’ll also get Host Intrusion Prevention System (HIPS), Application Control, and Patch Assessment (if you are licensed for it).
- Using HIPS is easy and requires no work on your part — HIPS is enabled by default. The guys and gals at SophosLabs are constantly tweaking the detection rules for HIPS to make sure we detect and block exploits of new vulnerabilities.
- By using Application Control you reduce the threat surface further by blocking thousands of applications from running at all.
- Bonus tip: While you are at it, make sure you uninstall any software on your XP systems that isn’t absolutely necessary.
- Our endpoint is also available with Patch Assessment. Use this to find vulnerable software on your XP machines. Missing patches will be listed in order of priority starting with the most critical (currently exploited), making it easy for you to decide where to start.
2. Use Sophos Client Firewall
Sometimes overlooked, the client firewall allows you to really lock down the machine as much as you like — to the point of making it near unusable if you so wish!
- Train the firewall to only allow traffic to and from your known good processes.
- You can also enable checksumming to identify known processes. It’s more secure, but will require more work from your side to maintain.
- You can also manage ICMP request to stop the system from responding to Ping requests.
Learn more about Sophos products
Those are the choices for the top two technologies you really should consider for any remaining XP systems. There are more you can use. I haven’t mentioned Device Control, Data Control, Web Control or Full-Disk Encryption — they all play a part in endpoint security. Or you may want to take it one step further and take full control of the network traffic using our SG Series network appliances. Your requirements will of course vary. In any case, we will have a product that can help you stay secure and it will be as easy as possible to implement.
You can read the original article here.