Product Group Tests
Endpoint security (2009)April 01, 2009
A full suite of protection for endpoints at an attractive price make Symantec Endpoint Protection 11.0.4 this month's Best Buy.
A complete package that gives a lot of security: StormShield Security Suite 5.1 is our Recommended product.
How do you secure so many devices? We put nine products to the test. By Michael Lipinski.
Both my desktop PC and my notebook computer allow me to perform the many tasks associated with my job. These same devices also enable me to print to a local printer, sync to a PDA device, plug in my camera and transfer images, add new software and attach to my private secured wireless network as well as any public unsecured wireless network. I can burn CDs, plug in numerous USB devices, plug in other storage media into my smartcard reader, transfer data to other systems using the firewire connection or sync my phone via Bluetooth... on and on we can go.
As our technologies continue to expand to meet the challenges of component integration and data sharing, as mobile workforces continue to grow, and more and more people access corporate resources over unsecured public networks, the business challenge becomes controlling what data should be allowed to be on those endpoints or mobile devices and, when allowed, securing that data while at rest and while in transit.
Audit after audit, I am always amazed at the amount of data that can walk out of organisations. These challenges have far-reaching implications: the protection of corporate data and personal information, and compliance and audit requirements.
I find myself always weighing the security advantages of totally locking down an endpoint versus the business gains of allowing people to use the technology we give them to be more productive and innovative.
To be effective, endpoint security must balance the security risk with the productivity benefit. The right solution must also address the IT challenges we all face today, namely, overburdened and understaffed IT departments. The right solution should deploy easily and provide centralised policy management and reporting and tunable alerting.
This month, we have reviewed endpoint security solutions. Our criteria for evaluating the submissions this month were specific: we were looking for products that could manage, assess or control security at the endpoint, were centrally managed and provided centralised reporting and alerting.
We can classify the products we reviewed into four categories: network security - providing protection such as firewalls, anti-virus and spyware; encryption - the ability to encrypt the local drive or partitions, as well as any removable media that would be allowed; port management - providing tools to manage and lock down everything from USB ports to printers, CD/DVD devices, com ports, smartcard readers and various wireless interfaces such as Bluetooth, infrared and WiFi. The final category covers products addressing the host-based intrusion protection aspect with solutions that monitor and prevent application loads, registry changes, privilege escalation, block use of copy-and-paste features and kernel event management.
We reviewed nine products, most of which fit nicely into one of the definitions above. Some spanned the categories and provided protection for multiple types of endpoint.
We did find a few solutions that provided a comprehensive set of capabilities; others concentrated on one area of protection while providing integration with solutions that delivered the rest.
We focused a lot of our testing efforts on server side management, reporting and alerting, along with the product's ability to integrate with various directory structures for setup, agent/client deployment and management of the environment. Most products required the use of a backend database engine. One or two shipped with their own embedded database, the rest required us to load either an MSDE or SQL database prior to loading the application. This will be something to pay attention to when evaluating these products in your own test labs.
Besides features and functionality, addressed in the individual reviews, we found a few differences in the products. The first was related to the ease of the installation - some went quickly with a fully integrated install script; others took some time and required things such as database configuration and loading of various versions of .Net and other dependencies. Another difference was in the maturity of the server side component, the management console or dashboard.
A few of the products really did a nice job delivering an intuitive interface, with an effective and comfortable look-and-feel. Others required us to really dig into the documentation and work more to move around the various screens.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator