Icon-White

Security Status at a Glance With Sophos Security Score.

Quickly identify areas needing attention in your Sophos Endpoint and Server Protection, and track progress in posture improvement

Health Scores are the latest addition to Sophos Endpoint and Sophos Server Protection to identify ad address configuration issues with their Sophos protected devices. It can be found in the Sophos Central platform, which provides a simple, clear numeric security posture score out of 100. It enables customers running Sophos Endpoint and Server Protection to quickly identify configuration that requires attention, and track and report on efforts to improve their security configurations. It includes both an overall score for the customer environment, as well as individual scores for each separate check. 

The scores are a useful tool in overall cybersecurity posture management and should be used alongside broader assessments of your wider environment and security technology stack to provide a complete picture of your cyber health. 

There are different things the scores measure:

Protection Installed

The protection installed score of 45 in the above example is a combination of an endpoint protection score of 0 (indicating that none of the 30 devices have all the Sophos protection software that the customer has licensed, installed on them) and a server protection score of 90 (one device out of ten doesn’t have the licensed protection software installed). These two individual scores result in an overall protection score of 45 (0 + 90 / 2).

 the overall scores are the summed average of the individual scores, not a weighted average or percentage. The score of 45 does not reflect the disparity in the number of server and endpoint devices. This is a deliberate approach to ensure small but critical areas of protection do not get missed.

Consider, for example, an organization with 200 endpoints that are all running up-to-date protection and 10 servers, of which five are unprotected. The weighted average score would be 98 (205 / 210) but the summed average is 75 (100 + 50 / 2). Using the weighted average, it would be easy to overlook the lack of server protection with potentially devastating consequences.

Tamper Protection

Tamper protection is a critical layer of defense, preventing adversaries from disabling Sophos protection. In the example, the global tamper protection score of 100 reflects that the feature has been activated at a global level, however the endpoint (0) and server (90) tamper protection scores make clear that it has been disabled on a number of individual machines. The overall score of 45 reflects the average of the endpoint and server scores. 

Exclusions

The exclusion score leverages real-world insights from the Sophos MDR team to focus on the most common and impactful issues, such as the exclusion of an entire drive. The Account Health Check assesses the types of exclusions that we have checks for, focusing on the biggest security risks and the issues most seen in the wild.

The score reflects the proportion of assessed exclusions where we have not identified any issues. For example, if an organization has one exclusion that we check for and one that we don’t cover, their score would be based solely on the exclusion that we check for (in this case, 0 or 100). 

Scroll to Top

Let’s connect

Shoot us a message and we will get back shortly!