The Sophos WS1000 Web Security Appliance provides easy-to-manage security against web-based threats with one efficient, high-performance scanning engine in a compact appliance. It filters for both security risks (e.g. spyware, viruses and phishing) and content/productivity concerns (such as adult and gambling sites) and allows the administrator to eliminate the full spectrum of inbound and outbound web-based network threats without compromising end-user expectations for speed and efficiency.

 

We are building on over 20 years’ experience providing best-of-breed security solutions that protect against threats to network security. Acknowledging the growth of web-based threats to enterprise network security, such as spyware, we are expanding our product range beyond email, hacking and malware solutions by offering a comprehensive web security solution.

We have been an active part of this market through a range of OEM relationships with companies such as Bluecoat and Secure Computing for many years. There are also many parallels between email and web filtering, and we will leverage the millions of messages that SophosLabs receives daily to identify known bad URLs, phishing attacks and websites that contain malicious code.

 

The WS1000 is the industry’s first web security solution to provide truly integrated security against all web-based threats in an easy-to-manage appliance, setting a new standard for security and performance. It is industry-leading in terms of time to protection and has the fastest scanning engine available. Innovations include bi-dimensional URL classification and risk-sensitive scanning.

 

Traditional URL filters allow or block access to websites based on a one-dimensional view of their assigned category (e.g. entertainment, media or search). The major limitation of this approach, aside from the challenge of simply keeping up with the proliferation of websites and how to categorize them, is that allowed sites may still pose a risk to network security based on their underlying code and file types.

 

Sophos’s bi-dimensional URL classification also inspects the conduct of the site (i.e. how it behaves regardless of its category), delivering a true assessment of both the security and productivity risk of a website. This approach evaluates a site’s history of malicious behavior, such as spyware distribution or the use of dangerous scripts and executables, and avoids the over-blocking that often plagues traditional URL filtering solutions attempting to ensure greater security.

 

Risk-sensitive scanning works in tandem with bi-dimensional URL classification to adapt the scope of the scan based on the web content’s assessed risk, enhancing the browsing performance of the WS1000. The result is faster access to safe web pages and more rigorous scanning of less safe pages.

 

A low-risk site, such as the sports site espn.com, would (if the administrator allows access to sports sites) not have its HTML and images scanned by the WS1000. However, a medium-risk site, such as download.com, would (if access to this category is permitted) have all files types and sub-directories scanned.

 

IMPORTANT NOTE: While the scope of the scan is variable, its depth remains the same. Files that are scanned are checked for the full spectrum of web-based threats (spyware, viruses, Trojans, worms, etc).

 

We offer this unique combination of protection and control through the visibility of SophosLabs™ - our global network of threat detection centers. SophosLabs maintain unrivaled visibility into the source and nature of web-based threats by constantly analyzing a database of billions of web pages and uncovering thousands of new malicious URLs every day. Our unrivaled visibility into web-based threats and the sites where they reside equips us to deliver unmatched security and control to our customers.

 

The WS1000 also scans web traffic for spyware, viruses and other malware, and is able to detect and block "phone home" traffic from bots (zombies) within the network.

 

You can request an evaluation. We will then contact you about your requirements and discuss system pre-configuration and signing our Hardware Loan Agreement.

 

The WS1000 is ideal for organizations with 100-1,500 users per location that want to:

 

 

 

The WS1000 scans data transferred via HTTP (Hyper Text Transfer Protocol) and data sent on FTP (File Transfer Protocol) via HTTP. The WS1000 also ensures secure transmission via HTTPS by validating certificates. It takes a comprehensive approach to web filtering, scanning for security risks as well as offensive content and productivity concerns (such as adult or gambling sites).

 

The WS1000 uses Sophos’s industry-leading scanning engine that combines anti-virus, anti-spyware and potentially unwanted application control on a hardened Linux operating system. It also features the industry’s most advanced web reputation filtering system, based on the millions of URLs captured by SophosLabs.

 

No. All administration requirements are addressed via the web-based management console. Access to the command line is not required.

 

Does the WS1000 support Active Directory?

The WS1000 integrates seamlessly with Active Directory. Synchronization is configurable through the management console and occurs automatically.

 

A setup wizard walks the administrator through the basic steps. Manual configuration is also available using the web-based management console.

 

The administrator can opt certain groups and IP addresses out of content filtering.

 

Threat definition updates (distributed at no charge) are downloaded automatically every five minutes from SophosLabs. This process is monitored by Sophos, so if it detects that an appliance has not been downloading its updates on schedule, a support technician will proactively contact the administrator to inform them their WS1000 is not up to date and help take corrective action.

 

Sophos compiles a list that assesses sites based both on security risk and content category. This list is a combination of internal data from SophosLabs, third-party web indexing sources and customer feedback. We will respond in a timely fashion to all re-categorization requests.

 

Software updates and upgrades occur automatically via the Sophos online repository, at no charge. The administrator can schedule non-critical updates to occur at convenient times. Critical patches and updates are installed automatically.

 

 

 

The WS1000 is a managed appliance - most of its functions are automated and its performance is maintained by Sophos, requiring negligible regular administrator involvement. All administrative functions are easily accessible through the web-based management console. This console is built around the principle of "three clicks to anywhere" - simplified navigation that ensures easy access to every function within the appliance. On-demand remote assistance and remote "heartbeat" monitoring also help to decrease the management time required for the WS1000.

 

No. All administrative functions are available through the web-based management console.

 

Policy settings include:

The WS1000 combines site access control with advanced risk avoidance, allowing administrators to set policy according to website category and the degree of code or application risk posed by an individual site. For example, the administrator can allow access to sites that deliver streaming audio or video (category), and through the second dimension (risk), block access to a particular streaming audio site that is known by SophosLabs to host malicious content. This provides the optimum balance of control and security that competitive solutions cannot match, effectively eliminating the over-block/under-block risk and the immense administrative burden of constantly tweaking the security policy to handle such situations.

 

All policy settings are easily reviewed and modified through the management console. Reports are also generated through the console. Logs can also be searched against a range of variables.

 

Reports are available based on security and productivity concerns, and include:

Yes. Users who think a site is incorrectly blocked or allowed can submit a request directly to the administrator, who can then determine how to handle the specific URL. The administrator can add new sites and determine the access policy through the management console.

 

 

 

You can access Sophos’s industry-leading support network via inbound telephone or email requests 24/7/365. You can also access the Sophos knowledgebase for extensive self-help. Sophos does not outsource support, and serves as the first and only line of contact on all matters relating to hardware and software.

 

Are the support contacts different from other Sophos products?

No. We maintain a single support structure for all Sophos products. Support is not outsourced, and is available 24 hours a day, seven days a week.

 

The WS1000 uses an intelligent array of built-in sensors that constantly monitor and report on system status. These sensors monitor hardware health, network connectivity, threat definition and software update status, and more.

 

The built-in sensors trigger email notifications that get sent to the system administrator and, for some issues, to Sophos as well. If we need to respond, we will do so via email or text messaging (Standard support). If you opt for Sophos’s Premium support package, we will respond via telephone.

 

Sophos receives Event Driven Notifications (EDN) in the case of any mission-critical system failure. EDNs typically cover elements such as software updates and hardware performance such as disk space, temperature and component failure.

 

The WS1000 also offers instant remote assistance via a secure tunnel (SSH) connection between the appliance and Sophos.

 

SSH connections are fully encrypted for security, and responses are restricted to Sophos IP addresses to eliminate interception. The connection can only be initiated by the appliance administrator, as an outbound request to Sophos. The session remains open until the administrator closes it or 4 hours have passed. Furthermore, all changes made to the appliance configuration and settings are logged, providing complete transparency into everything that a Sophos support engineer does.

 

Yes. The administrator can turn off the remote monitoring function.

 

What is the warranty on the WS1000?

The hardware comes with an Advance Replacement Warranty against manufacturer defects for up to three years and as long as a valid license is in place. In the event of hardware failure, Sophos will replace the appliance unit at no cost to the customer before the customer returns the failed unit to the local depot (Boston or Eindhoven).