Windows XP retirement: Using Sophos products to secure XP

CorporateEnduserNetworkSecurity TipsAntivirusApplication ControlEndpointFirewallHIPSMicrosoftSG SeriesUTMWindowsXP

xp-retirementIn April, Microsoft retired its long serving Windows XP operating system. As we’ve mentioned, we will continue to support XP for at least another 18 months.

While this gives you time to move to newer solutions, it means another year and half where you might be running systems that are not maintained by Microsoft.

So here are some tips on how you can use Sophos products to maintain security for your yet-to-be-decommissioned XP systems during the transition period.

1. Run the Sophos endpoint

With the Sophos endpoint you will of course get our award-winning anti-malware scanner, but you’ll also get Host Intrusion Prevention System (HIPS), Application Control, and Patch Assessment (if you are licensed for it).

– Using HIPS is easy and requires no work on your part — HIPS is enabled by default. The guys and gals at SophosLabs are constantly tweaking the detection rules for HIPS to make sure we detect and block exploits of new vulnerabilities.

– By using Application Control you reduce the threat surface further by blocking thousands of applications from running at all.

– Bonus tip: While you are at it, make sure you uninstall any software on your XP systems that isn’t absolutely necessary.

– Our endpoint is also available with Patch Assessment. Use this to find vulnerable software on your XP machines. Missing patches will be listed in order of priority starting with the most critical (currently exploited), making it easy for you to decide where to start.

2. Use Sophos Client Firewall

Sometimes overlooked, the client firewall allows you to really lock down the machine as much as you like — to the point of making it near unusable if you so wish!

– Train the firewall to only allow traffic to and from your known good processes.

– You can also enable checksumming  to identify known processes. It’s more secure, but will require more work from your side to maintain.

– You can also manage ICMP request to stop the system from responding to Ping requests.

Learn more about Sophos products

What I mentioned above are my choices for the top two technologies you really should consider for any remaining XP systems. There are more  you can use. I haven’t mentioned Device Control, Data Control, Web Control or Full-Disk Encryption — they all play a part in endpoint security. Or you may want to take it one step further and take full control of the network traffic using our SG Series network appliances.

Your requirements will of course vary. In any case, we will have a product that can help you stay secure and it will be as easy as possible to implement.

4 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s