In April, Microsoft retired its long serving Windows XP operating system. As we’ve mentioned, we will continue to support XP for at least another 18 months.
While this gives you time to move to newer solutions, it means another year and half where you might be running systems that are not maintained by Microsoft.
So here are some tips on how you can use Sophos products to maintain security for your yet-to-be-decommissioned XP systems during the transition period.
1. Run the Sophos endpoint
With the Sophos endpoint you will of course get our award-winning anti-malware scanner, but you’ll also get Host Intrusion Prevention System (HIPS), Application Control, and Patch Assessment (if you are licensed for it).
– Using HIPS is easy and requires no work on your part — HIPS is enabled by default. The guys and gals at SophosLabs are constantly tweaking the detection rules for HIPS to make sure we detect and block exploits of new vulnerabilities.
– By using Application Control you reduce the threat surface further by blocking thousands of applications from running at all.
– Bonus tip: While you are at it, make sure you uninstall any software on your XP systems that isn’t absolutely necessary.
– Our endpoint is also available with Patch Assessment. Use this to find vulnerable software on your XP machines. Missing patches will be listed in order of priority starting with the most critical (currently exploited), making it easy for you to decide where to start.
2. Use Sophos Client Firewall
Sometimes overlooked, the client firewall allows you to really lock down the machine as much as you like — to the point of making it near unusable if you so wish!
– Train the firewall to only allow traffic to and from your known good processes.
– You can also enable checksumming to identify known processes. It’s more secure, but will require more work from your side to maintain.
– You can also manage ICMP request to stop the system from responding to Ping requests.
Learn more about Sophos products
What I mentioned above are my choices for the top two technologies you really should consider for any remaining XP systems. There are more you can use. I haven’t mentioned Device Control, Data Control, Web Control or Full-Disk Encryption — they all play a part in endpoint security. Or you may want to take it one step further and take full control of the network traffic using our SG Series network appliances.
Your requirements will of course vary. In any case, we will have a product that can help you stay secure and it will be as easy as possible to implement.