jesterchen42Mar 1, 2024

Hey, #infosec community. I need some help "against" #sophos.

We need to establish some #endpoint protection #EDR/#XDR and some of my colleagues want to introduce #interceptX.

I personally don't like Sophos. All infections I've witnessed were on machines "protected" with Sophos. I do not want Sophos. But I need some input, links, news, reports on how and why Sophos sucks, things like "oops, a leap year? We didn't think of that!" (https://www.heise.de/news/IT-Sicherheitsloesungen-von-Sophos-verschlucken-sich-am-Schaltjahr-9642801.html)

Can you help me and provide input?

IT-Sicherheitsprodukte von Sophos verschlucken sich am Schaltjahr

Aufgrund eines Fehlers können Sophos Endpoint, Home und Server vor dem Besucht legitimer Websites warnen. Erste Lösungen sind bereits verfügbar.

heise online
Show threadExpertenkommision Cyberunfall

@jesterchen

What products would you prefer?

Mar 2, 2024 at 7:58amWeb
Show threadjesterchen42Mar 2, 2024

@expertenkommision_cyberunfall Well... speaking business I've grown fond of Falcon (by crowdstrike) and the whole suite, depending on the maturity of the company from "falcon complete" to self managed and monitored.

Speaking privately I don't use protection at all - knowledge and diligence and experience have protected me enough* for a very long time. ;-)

*having data wiped once in a while actually is very refreshing!

Show threadExpertenkommision CyberunfallMar 2, 2024

@jesterchen

Indeed, knowledge, training and time for careful working are the best investment, but unfortunately the basis, i.e. the user, is very heterogeneous and often unreliable and sometimes disappears abruptly :)
So business wise a mixture of user based and software based is recommended. Hybrid approaches… always turn out to be the best