Sophos Email Gateway - Nightmare Experience
March 23, 2022
Sophos Email Gateway - Nightmare Experience
Score 1 out of 10
Overall Satisfaction with Sophos Email
Sophos Central is currently deployed for endpoint protection, phishing training, and as an email gateway solution for filtering inbound and outbound emails. This product pre-dates my time with our current company but the experience and product performance has been very poor.
- Rules processing does not perform impersonation filtering properly. For example, if the email gets classified as spam the impersonation rule is not processed against it. This means your users will release these quarantined emails to their inboxes. Impersonation rules should be a top-level rule.
- The product boasts it has AI and advanced processing but regularly lets credential harvesting emails through constantly. URL filtering does not block them and when they are reported it takes up to an hour to block the malicious URL in the filtering. This is too slow since users typically are clicking on these links in emails within minutes
- Support is nonchalant with no sense of urgency. They don't follow simple requests for contact hours and will reach out to you hours after your day has ended. Support engineers agree with you that the product fails to meet standards and think this is an ok thing.
- Emails will get rejected by unknown filters and require research to be done against logs by Sophos support. This is absurd, if an email is blocked it should not require a support ticket for investigating
- The processing of rules is inconsistent. The same email from the same email address and same IP address is classified as SPAM for some and allowed for others
- Makes IT look bad as too many phishing and social engineering emails are allowed to be delivered. This has greatly reduced the confidence in IT from an SLT perspective doing nearly irreparable harm to our reputation as a department.
- The amount of time spent trying to tune this platform to get it to perform has been excessive and has yielded no success. We still have very inconsistent handling of emails.
I was not part of selecting Sophos for this organization. I would recommend a full POC before landing on this as your decision. Some things that you should test for are targeted credential harvesting sites, impersonation rules processing, and general consistency in the processing of SPAM, BULK, Malicious emails. I have had past experience with all three of the aforementioned platforms and all 3 greatly outperform Sophos in every aspect.
Do you think Sophos Email delivers good value for the price?
Are you happy with Sophos Email's feature set?
Did Sophos Email live up to sales and marketing promises?
Did implementation of Sophos Email go as expected?
I wasn't involved with the implementation phase
Would you buy Sophos Email again?
Sophos email gateway is not suitable as an email gateway product. Support is lackluster, the product is inconsistent in how it handles emails and allows far more malicious emails to be delivered than it should. I would not recommend this product to anyone. We are considering legal action against Sophos for failure to deliver a warrantable product as it relates to the email gateway specifically.
Sophos Email Feature Ratings
Using Sophos Email
3 - We have IT Security, IT Infrastructure and IT Engineers using this product.
- Block phishing emails
- Block malicious attachments
- Block spam and unwanted emails
- There are no ways to really be innovative with this product as it is not very granular in its control capabilities
- We have tried tuning this platform excessively 100's of hours now spent and it does not deliver reliable the core promise of what an email gateway should deliver
Sophos Email Support
Support is slow to respond. They call back outside of normal business hours despite clearly being advised when they should call. They try to BS you that the platform is working properly although there is hard evidence to the contrary. Once you get to senior level of support they agree that the product is incapable of performing properly in its current iteration.
Problems left unsolved
Difficult to get immediate help
Need to explain problems multiple times
Support doesn't seem to care
Slow Initial Response
Yes, we are entitled to premium support. However, I am unsure of what premium implies to Sophos. I have waited 4 weeks now for the sales team to get a call with me after senior engineers have agreed that the product is failing to deliver on its core promises.
Yes - No the bug still exists months after bringing it to their attention. The bug is in the way that the impersonation rules are being applied last. This has caused emails to be classified as spam that are really social engineering attempts from bad actors. Because the bad actor is impersonating SLT members and other senior leaders within the company and these get classified as spam users are able to release impersonated emails to their imbox and engage in dialog with bad actors attempting to socially engineer them. This is absolutely unacceptable and has resulted in elevation of attacks. We are constantly chasing bad emails as if there are no rules in place at all.