Endpoint Protection Solutions - JafSec's Recommendations and Reviews
Last reviewed - July 2011
Kaspersky is an excellent anti-malware vendor with a very good solution designed for small and medium sized networks. The central management system known as Administration Kit provides very good and granular functionality and ease of management.
The downside to Kaspersky is they do not provide any flexibility within their device control utility and do not really provide anything other than anti-malware protection. However if that is all you require then Kaspersky would be a solid option.
Mcafee provide a solid EPP solution and all products integrate into its EPO central management system. The Mcafee solution is a web based central management software known as Epolicy Orchestrator (EPO). We tested EPO with a number of endpoint products including encryption, anti-virus, HIPS, DLP as well as integration with their gateway products such as MDM and Mcafee's Enterprise firewall. In a nutshell EPO does take a few days getting used to driving the interface and understanding how software is deployed and configured. However EPO and it's endpoint products integrate very well. EPO is a very powerful central management solution and offers complete unified capabilities. EPO also provides granular reporting and dashboards and powerful role based access control. We like the Mcafee tagging feature where you can tag systems with certain information such as clients with a certain application installed and from a certain manufacturer and then you can run reports to find these clients. For example you may want to find all Dell laptop clients with Adobe Reader installed. You can also perform other clever processes with the tagging functionality. We were impressed with the encryption module that fully integrates into EPO, simply because it has been completely re-built from scratch (formally Safeboot stand alone solution). Mcafee are the first with an endpoint protection solution that can also deliver full encryption capabilities from the same console.
Sophos is a company based in UK and have a range of security solutions for business users. We have personally seen the Sophos anti-malware team in action and how they are able to find new threats (very impressive). Sophos products are a doddle to use. We tested their central management system and their endpoint security products and found them very easy to work with. It had taken about half an hour to install the solution and seeing the interface for the first time we were able to drive the product without any difficulty. Deploying their software to clients and configuring settings was straight forward, everything just seems to work and we did not have to rely on the admin guides at all.
Symantec specialise in security and storage solutions. Symantec have an EPP product that can also integrate with their NAC solution and managed through their SEPM management console. We like Symantec because it is a mature vendor and a strong presence worldwide. The Symantec Endpoint Protection Suite is a software based solution which we found to be simple to work with and easy to install. We liked the interface and layout and found it to be user friendly. We tested all endpoint protection modules and in particular we liked the port and device control and client firewall. Symantec does not however integrate all of it's products into one central console such as endpoint encryption and content DLP, however it is an excellent overall solution and can still provide the full endpoint protection portfolio. We also liked the NAC module which has the ability to whitelist clients via client MAC addresses, the local and global file reputation service checks that protect clients and servers from unknown files, the status functionality which shows problems with clients such as download problems with Symantec's update servers, shared insight cache feature which in virtual environments allows clients to share file scanning information so one client does not need to scan a file another client has already scanned.