sophos

Six Reasons Why You Need Sophos Reporter Over Sophos UTM’s Reporting

by

Scott Glew

Scott Glew

Sophos UTM provides some on-box reporting which, by industry standards, is not too bad. So why do you need Sophos Reporter over Sophos UTM's Reporting?

Here is a challenge. Try answering any of these questions with Sophos UTM's built in reporting features:

  • Who is my most unproductive web user?
  • When did a user access a specific website?
  • What unproductive sites are being allowed through the UTM? And why?
  • What productive sites are being blocked by the UTM? And why?
  • What traffic is my latest web policy actually blocking or allowing?
  • How do I send a report to a Department manager detailing their employee's unproductive web usage?
  • How do I receive alerts when malicious activity, large downloads, or unacceptable browsing occurs?

You'll soon find out that there is no way to answer these questions using Sophos UTM's Web Protection reports. The video below takes you through the above seven points in detail, using Fastvue Sophos Reporter.

Here are six ways people are enjoying the new reporting that Sophos Reporter provides, over and above what the Sophos UTM on-box reports provide.

1. Activity Reports

One of the main reasons people choose Fastvue Sophos Reporter is for the detailed Activity reporting.

Sophos UTMs on-box reports provide Top Users, Top Sites and so on. They even provide some filtering options to narrow down what sites a user visited for example.

However if you want to know more details such as when a user visited those sites, you're out of luck.

To illustrate, here is a screenshot of Sophos UTM's on-box reporting when investigating allowed traffic to google.com.

Sophos UTM Report showing activity on google.com

Notice the lack of any time based information, making it impossible to see when the user accessed each site.

Sophos Reporter's Activity Reports puts time based reporting front and center. Here is a screenshot of an Activity Report from Sophos Reporter, also showing allowed traffic to google.com.

Sophos Reporter Activity Report on google.com

Notice how each Google domain is rolled up into its own browsing session, complete with start time, end time, total browsing time and size.

You can also click these browsing sessions to see log level details, such as all the downloaded resources from the site, along with timestamps, categories and whether Sophos UTM blocked or allowed the URL. Notice in the screenshot above how the sessions for Google Calendar and Google Plus have been expanded, detailing all activity for those sites.

2. Productivity Reporting

Sophos UTM's on-box reporting lets you view websites that matched a specific category. But you can only view at one category at a time.

This makes it very difficult to gain an understanding of a user's overall productivity.

Sophos Reporter enables you to group Web Filtering categories into Productive, Unproductive, Acceptable or Unacceptable (pornography is Unacceptable, while facebook may be just unproductive). You can then filter your reports by these Productivity lists to easily identify problem areas without poking into all 110 Sophos web categories individually.

Sophos Reporter Productivity Reporting

Unproductive Browsing By Site

3. Easy Departmental Reporting

System and Network administrators are often inundated with reporting requests from all over the organization, such as Human Resources, School Principals, Department managers and so on.

Sophos UTM has a Department Report feature, but it requires creating these departments on the UTM itself, either by grouping users, IPs or networks.

Sophos Reporter on the other hand automatically pulls Department information from Active Directory so there is zero configuration required.

The Bandwidth dashboard shows your top departments and you can hover over them to run reports. Alternatively, go to Reports | Overview Report | Filter and select Department 'Equal to', then select the department you want to report on from the drop down list. You can also schedule these reports and send them to the Department Manager each day, week or month. Simple!

Sophos Reporter Department Reports

4. Non-Nerd Reporting (N.N.R)

A lot of thoughtful design has gone into Sophos Reporter's reports to make them easy to consume and understand by non-technical audiences.

Click here for a screenshot from a Sophos UTM Executive Report. As you can see, it is designed to be read by the Sophos UTM administrator, but it is not very useful for the typical HR or Department manager.

The people asking Sophos UTM administrators for reports do not want to know about CPU and RAM utilisation of the Sophos UTM, interface statistics, or the top services or servers.

Sophos Reporter concentrates on outbound web activity, which is typically the only information Department managers want or care about. Overview Reports start with simple information such as Top User, Top Site, Top Application, and make it easy to find problem areas such as 'Unacceptable browsing by User'.

Sophos Reporter Overview Report

5. Troubleshoot Sophos UTM Policies

Sophos Reporter is easy to use and understand, but this doesn't mean it is not a useful troubleshooting tool for Sophos UTM administrators. Sophos UTM's on-box reporting provides no way to investigate what Policies or Filter Actions are responsible for a specific site being blocked or allowed.

Perhaps an old filter action created while testing has been left on and is allowing access to undesirable content. On the flip side, what productive or acceptable sites are being blocked by the UTM and causing a negative experience for your users? Reducing the productivity of employees should never be a side affect of implementing a UTM!

Sophos Reporter's live Productivity dashboards answers these questions in real-time. By running reports on these sites, users, or categories you can view the Filter Actions responsible, and make the appropriate adjustments to your UTM Policies.

6. Real-time Alerts

Sophos Reporter also includes a customizable alerting engine and comes with a range of useful alerts out of the box, such as threats detected, excessively large downloaded files, and unacceptable browsing.

You can create your own alerts using any field in the Sophos UTM Web Filter logs, and anything Sophos Reporter imports from Activity Directory. For example:

Alert me when the Accounting Department downloads more than 100 MB from the Online Shopping category in under 30 minutes, where the Sophos UTM action is 'Pass'.

Alert Customization:

Shopaholic Accountants Alert

Alert (triggered):

Shopaholic Accountants Alert

Alert Evidence:

Shopaholic Accountants Alert Evidence

Summary

Now that Sophos Reporter has launched, we are hearing a growing number of anecdotes and stories on how it is making lives easier for many Sophos UTM customers.

The intuitive, easy to understand, yet detailed and useful reports increase your organization's productivity, reduce frustrations, and save you time troubleshooting web polices and running reports for others.

So join the party and get started now! You'll be up and running in minutes.

Take Fastvue Reporter for a test drive

Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.

  • Share this story
    facebook
    twitter
    linkedIn

Fastvue Sophos Reporter v2.0 Out Now!

Finally! Fastvue Sophos Reporter v2.0 is now available! Fastvue Site Clean, Private Report Sharing, Better Web Activity Reports, Search Terms and more!
Sophos

Active Directory SSO Authentication in Transparent Proxy Mode

Sophos UTM allows Active Directory SSO Authentication in Transparent Proxy Mode. Find out limits and implementation steps for trouble-free authentication.
Sophos