by
Scott Glew
Sophos UTM provides some on-box reporting which, by industry standards, is not too bad. So why do you need Sophos Reporter over Sophos UTM's Reporting?
Here is a challenge. Try answering any of these questions with Sophos UTM's built in reporting features:
You'll soon find out that there is no way to answer these questions using Sophos UTM's Web Protection reports. The video below takes you through the above seven points in detail, using Fastvue Sophos Reporter.
Here are six ways people are enjoying the new reporting that Sophos Reporter provides, over and above what the Sophos UTM on-box reports provide.
One of the main reasons people choose Fastvue Sophos Reporter is for the detailed Activity reporting.
Sophos UTMs on-box reports provide Top Users, Top Sites and so on. They even provide some filtering options to narrow down what sites a user visited for example.
However if you want to know more details such as when a user visited those sites, you're out of luck.
To illustrate, here is a screenshot of Sophos UTM's on-box reporting when investigating allowed traffic to google.com.
Notice the lack of any time based information, making it impossible to see when the user accessed each site.
Sophos Reporter's Activity Reports puts time based reporting front and center. Here is a screenshot of an Activity Report from Sophos Reporter, also showing allowed traffic to google.com.
Notice how each Google domain is rolled up into its own browsing session, complete with start time, end time, total browsing time and size.
You can also click these browsing sessions to see log level details, such as all the downloaded resources from the site, along with timestamps, categories and whether Sophos UTM blocked or allowed the URL. Notice in the screenshot above how the sessions for Google Calendar and Google Plus have been expanded, detailing all activity for those sites.
Sophos UTM's on-box reporting lets you view websites that matched a specific category. But you can only view at one category at a time.
This makes it very difficult to gain an understanding of a user's overall productivity.
Sophos Reporter enables you to group Web Filtering categories into Productive, Unproductive, Acceptable or Unacceptable (pornography is Unacceptable, while facebook may be just unproductive). You can then filter your reports by these Productivity lists to easily identify problem areas without poking into all 110 Sophos web categories individually.
System and Network administrators are often inundated with reporting requests from all over the organization, such as Human Resources, School Principals, Department managers and so on.
Sophos UTM has a Department Report feature, but it requires creating these departments on the UTM itself, either by grouping users, IPs or networks.
Sophos Reporter on the other hand automatically pulls Department information from Active Directory so there is zero configuration required.
The Bandwidth dashboard shows your top departments and you can hover over them to run reports. Alternatively, go to Reports | Overview Report | Filter and select Department 'Equal to', then select the department you want to report on from the drop down list. You can also schedule these reports and send them to the Department Manager each day, week or month. Simple!
A lot of thoughtful design has gone into Sophos Reporter's reports to make them easy to consume and understand by non-technical audiences.
Click here for a screenshot from a Sophos UTM Executive Report. As you can see, it is designed to be read by the Sophos UTM administrator, but it is not very useful for the typical HR or Department manager.
The people asking Sophos UTM administrators for reports do not want to know about CPU and RAM utilisation of the Sophos UTM, interface statistics, or the top services or servers.
Sophos Reporter concentrates on outbound web activity, which is typically the only information Department managers want or care about. Overview Reports start with simple information such as Top User, Top Site, Top Application, and make it easy to find problem areas such as 'Unacceptable browsing by User'.
Sophos Reporter is easy to use and understand, but this doesn't mean it is not a useful troubleshooting tool for Sophos UTM administrators. Sophos UTM's on-box reporting provides no way to investigate what Policies or Filter Actions are responsible for a specific site being blocked or allowed.
Perhaps an old filter action created while testing has been left on and is allowing access to undesirable content. On the flip side, what productive or acceptable sites are being blocked by the UTM and causing a negative experience for your users? Reducing the productivity of employees should never be a side affect of implementing a UTM!
Sophos Reporter's live Productivity dashboards answers these questions in real-time. By running reports on these sites, users, or categories you can view the Filter Actions responsible, and make the appropriate adjustments to your UTM Policies.
Sophos Reporter also includes a customizable alerting engine and comes with a range of useful alerts out of the box, such as threats detected, excessively large downloaded files, and unacceptable browsing.
You can create your own alerts using any field in the Sophos UTM Web Filter logs, and anything Sophos Reporter imports from Activity Directory. For example:
Alert me when the Accounting Department downloads more than 100 MB from the Online Shopping category in under 30 minutes, where the Sophos UTM action is 'Pass'.
Now that Sophos Reporter has launched, we are hearing a growing number of anecdotes and stories on how it is making lives easier for many Sophos UTM customers.
The intuitive, easy to understand, yet detailed and useful reports increase your organization's productivity, reduce frustrations, and save you time troubleshooting web polices and running reports for others.
So join the party and get started now! You'll be up and running in minutes.
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
Fastvue Sophos Reporter v2.0 Out Now!
Active Directory SSO Authentication in Transparent Proxy Mode