A few notes about the Sophos Cloud...

One control panel for everything - management server managed by Sophos (it's in the cloud).

It automatically manages server services and applies the adapted policies.

The AV service is fast - it has low impact on server performance.

It has integrated whitelisting with AV and HIPS (Host IPS) - (unique market feature).

Single-user based policy for various devices (servers, workstations etc.).

Multi-platform capabilities: Windows, Windows Server, Mac, iOS and Android.

Lock Down: only certain apps can run (it uses drivers within the OS to accomplish this).

One-click Lock Down installs the Lock Down software and creates a whitelist of all the software already been installed on the server. Regarding this, it's advisable to in fact prepare a server to be used as-is before the lockdown (i.e. to install all the features and roles wanted, to update the system etc.). The lock-down procedure (creating the whitelist) might take some time - depending on a quantity of software installed on the server, naturally.

After clicking Lock Down, everything is sent from the Cloud Management to the Sophos Cloud, checked there and only then added to the whitelist. At the same time, a profile / fingerprint executable is created, and at the end, the trust is also modified.

To access the Sophos Cloud, you only need a browser - at the beginning you'll see a (pretty clear and intuitive) dashboard with the following tabs:
Users & Devices

Servers

Reports

Global Settings

Downloads

Policy can be customized (regarding the anti-malware behavior, as in common AV applications - for example, there are exclusions for the archive files etc.).

Server lockdown policies can also be modified (you can exclude already installed - whitelisted software etc.).

All the servers can be locked down at the same time (by one click).