Fastvue Sophos Reporter has allowed me to do queries/searches for specific data/occurrences based on users, IP’s, times, etc. that without FSR is extremely difficult to get results for through the Sophos base logging/reporting system. What normally would have taken half an hour to find in the Sophos web protection / web usage report can now be done in a few minutes with much more detail. It’s allowed me to actually be able to monitor web traffic a lot more and find those that may be abusing or violating our policies. In addition the graphs and visual top lists make monitoring the network much easier as well.
It’s main use has been ensuring users do not violate policies in place. Although web filtering is pretty easy with the Sophos UTM, people find ways around it and some things can’t simply be blocked and need to be monitored. Main functionality of FSR for me has been the alert system that I set up common things to look for such as search terms, downloads of large sizes over an hour, and malicious site visitations. All of these are important to be notified about ASAP in a school environment to ensure the proper use and performance of our network. I find myself using the user activity reports frequently in conjunction with looking at “top users” for bandwidth to see where, how long, what types of file extensions, etc. students have visited to get on that top bandwidth area.
Although the web filtering part of Sophos UTM is great, the reporting and ease of going through the data logged was lacking. At this point it wasn’t a do or die situation, however as our district moves towards BYOD and 1:1 initiatives, gaining hundreds of more devices connecting to our wireless every year, the need to have this ability to monitor and report on such use would have been required sooner rather than later.