Integration with Sophos Endpoint Protection

SafeGuard Enterprise Synchronized Encryption protects your data by removing keys when malicious activity is detected on an endpoint.

Important: This feature is only available if you use web-based Sophos Central Endpoint Protection together with SafeGuard Enterprise.

It ensures that Sophos SafeGuard communicates with Sophos Central Endpoint Protection. SafeGuard Enterprise and Sophos Central Endpoint Protection will share the health status of your system. If your system becomes infected, SafeGuard Enterprise will protect your sensitive files. When no keys are available, encrypted data cannot be accessed.

When that happens, users will be informed that they have an unhealthy system but SafeGuard has protected their encrypted files and they cannot open them for a while. Endpoints will remain in this state until they return to a healthy state. Then SafeGuard Enterprise will provide the keys again. Users will be informed that their endpoint is secure and that they can access encrypted files again.

In situations where you regard the unhealthy state of endpoints as no longer justified and the endpoints remain in an unhealthy state you can give users access to their key ring by setting the Remove keys on compromised machines option to No and assign the modified policy to your user groups, see Creating policies for removing keys on compromised machines.

Important: You must be aware that disabling Remove of keys on compromised machines represents a potential security risk. You have to analyze and assess the situation carefully before doing that.

The computer's security status is displayed on Sophos SafeGuard Client Status dialog on the endpoint.

Prerequisites

  • Sophos Central Endpoint Protection 1.0.3 or higher has to be installed on the endpoints.
    Note: Under Programs and Features, check if Sophos System Protection is present.
  • A policy of type General Settings with activated Remove keys on compromised machines option has to be assigned.