Setting up policies is quite easy. A sample policy might require Windows XP to have Service Pack 2 installed with all of the associated hotfixes, the Sophos Anti-Virus 6 running, and with updated DAT files, and also the Sophos personal firewall installed and running. If the client fails to meet those criteria, the machine can be placed in either a partially compliant state, or, if more controls are missing, the device will be placed in a non-compliant state.
The tool has three methods for enforcing the network policy should a device be placed into a non-compliant state. The first is to work with a Microsoft or Lucent Dynamic Host Configuration Protocol (DHCP) server to assign an address, which only allows the client to have access to the remediation server and the internet. The second is to use 802.1x to assign the non-compliant machine to a VLAN, which places the machine in quarantine. The third is to work with the Cisco NAC platform to further restrict access.
Sophos includes 24/7/365 support to all users with no additional charge.
Pricing is based on per seat licensing. The per-seat fees are $14 per user per year with a minimum of 1,000 seats. This places the offering in the middle to upper range in this Group Test, but when free lifetime support is added, the offering is very affordable.