Product Group Tests
Endpoint UTM (2010)July 01, 2010
Trend Micro's Enterprise Security for Endpoints 10 is our Best Buy for its ease of use, great value for money and its strong feature-set.
For the high number of protection technologies and features, we rate Sophos Endpoint Security and Data Protection 9 Recommended.
Endpoint unified threat management (UTM) solutions combine anti-virus, desktop firewalls and host-based intrusion prevention in one box. By Nathan Ouellette.
Keeping endpoints secure in any organisation is a challenge that many security and IT stakeholders are facing these days. Whether it is applying the latest patches or updating signatures, as new threats emerge, the bar is being raised with regards to ensuring a higher level of information protection. This means keeping data secure, keeping the bad guys out and avoiding excessive operational overhead.
Endpoint security is yet another sector in the security product space that has seen some growth and convergence. One of the primary drivers is the fact that managing multiple agents for each and every host is becoming more cumbersome and unacceptable for IT programs. As new technologies and protection mechanisms become available from a security perspective, operations stakeholders are weary about having to deploy and manage a growing number of host-based software components, especially in larger and more complex environments. Vendors recognise this challenge and have been integrating more features and protection options into one agent.
In this issue
Typically, security solutions can be dissected into two categories: network and host-based. Host-based security solutions are applied as agents or software components on each and every host that warrants protection. We see these every day on servers and desktops in the form of anti-virus clients, desktop firewalls or even host-based intrusion prevention applications.
We tested only host-based products. We have also defined that endpoint protection can be labelled as unified threat management when they combine the previously mentioned three technologies into one agent. This agent also has to enforce its protection mechanisms through some sort of policy configuration.
All of the products submitted for testing in this group review were software solutions (no appliances), which provided host-based endpoint protection mechanisms that exceeded our criteria.
Each group consisted of a management server that allowed administrators the ability to configure the various endpoint features and ultimately deploy the client agents to servers, desktops or even mobile devices. The types of endpoint protections available varied, with some vendors treading into the data leakage prevention arena and others including encryption.
In addition to our three basic requirements, some other common features include: reputation scoring for web browsing; protection for removable media devices (USB, DVD, etc); and integration with network access control (NAC) solutions for host integrity checking. Some of these features are already included in the solution and others are simply integration components for third party vendor products.
Just how well a solution performs depends on how good the policy configuration options are, how easy it is to manage, how it fits into the enterprise strategy and lastly, how it performs with regards to packaging, deploying and updating the agents.
Customers will want to weigh their current state against future state planning. This includes assessing the types of agents and host-based protections that already exist in their environment and what additional (or replacement) functionality is needed. For customers that have a fairly immature deployment of host-based endpoint defences, a vendor that provides different features in one package will be most attractive.
It is worth noting that two out of the six vendors in this group review included 24/7 support for 365 days a year as part of the licence model, but did not reference if this was a mandatory buying option or if less aggressive support models were available.
How we tested
Our lab server machines consist of both physical and virtual Windows 2003 RC2 standard edition images. Our virtual environment consists of Windows 2008 servers using Hyper-V or VMware as needed. All client software was installed on either physical or virtual instances of Windows XP SP3. We also installed IIS and MS SQL Server 2005 on our Windows 2003 server when necessary.
Each of the client agents supplied by the vendors in this review functioned as intended from a technology perspective in every domain (anti-malware, host IPS and firewall).
Ultimately buying decisions should come down to what types of data reside in the environment and what protection mandates exist (or may exist in the future state) for the hosts that store or transmit this data. Administrative ease and licensing are also very important buying choices. Verifying this information with any potential vendor is critical and the organisation's support needs should be considered. Keep in mind the convergence of security features in the endpoint market and inquire about a vendor's product roadmap before considering a purchase.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry