Product Group Tests
Endpoint security (2009)
A full suite of protection for endpoints at an attractive price make Symantec Endpoint Protection 11.0.4 this month's Best Buy.
A complete package that gives a lot of security: StormShield Security Suite 5.1 is our Recommended product.
Full Group Summary
How do you secure so many devices? We put nine products to the test. By Michael Lipinski.
Both my desktop PC and my notebook computer allow me to perform the many tasks associated with my job. These same devices also enable me to print to a local printer, sync to a PDA device, plug in my camera and transfer images, add new software and attach to my private secured wireless network as well as any public unsecured wireless network. I can burn CDs, plug in numerous USB devices, plug in other storage media into my smartcard reader, transfer data to other systems using the firewire connection or sync my phone via Bluetooth... on and on we can go.
As our technologies continue to expand to meet the challenges of component integration and data sharing, as mobile workforces continue to grow, and more and more people access corporate resources over unsecured public networks, the business challenge becomes controlling what data should be allowed to be on those endpoints or mobile devices and, when allowed, securing that data while at rest and while in transit.
Audit after audit, I am always amazed at the amount of data that can walk out of organisations. These challenges have far-reaching implications: the protection of corporate data and personal information, and compliance and audit requirements.
I find myself always weighing the security advantages of totally locking down an endpoint versus the business gains of allowing people to use the technology we give them to be more productive and innovative.
To be effective, endpoint security must balance the security risk with the productivity benefit. The right solution must also address the IT challenges we all face today, namely, overburdened and understaffed IT departments. The right solution should deploy easily and provide centralised policy management and reporting and tunable alerting.
This month, we have reviewed endpoint security solutions. Our criteria for evaluating the submissions this month were specific: we were looking for products that could manage, assess or control security at the endpoint, were centrally managed and provided centralised reporting and alerting.
We can classify the products we reviewed into four categories: network security - providing protection such as firewalls, anti-virus and spyware; encryption - the ability to encrypt the local drive or partitions, as well as any removable media that would be allowed; port management - providing tools to manage and lock down everything from USB ports to printers, CD/DVD devices, com ports, smartcard readers and various wireless interfaces such as Bluetooth, infrared and WiFi. The final category covers products addressing the host-based intrusion protection aspect with solutions that monitor and prevent application loads, registry changes, privilege escalation, block use of copy-and-paste features and kernel event management.
We reviewed nine products, most of which fit nicely into one of the definitions above. Some spanned the categories and provided protection for multiple types of endpoint.
We did find a few solutions that provided a comprehensive set of capabilities; others concentrated on one area of protection while providing integration with solutions that delivered the rest.
We focused a lot of our testing efforts on server side management, reporting and alerting, along with the product's ability to integrate with various directory structures for setup, agent/client deployment and management of the environment. Most products required the use of a backend database engine. One or two shipped with their own embedded database, the rest required us to load either an MSDE or SQL database prior to loading the application. This will be something to pay attention to when evaluating these products in your own test labs.
Besides features and functionality, addressed in the individual reviews, we found a few differences in the products. The first was related to the ease of the installation - some went quickly with a fully integrated install script; others took some time and required things such as database configuration and loading of various versions of .Net and other dependencies. Another difference was in the maturity of the server side component, the management console or dashboard.
A few of the products really did a nice job delivering an intuitive interface, with an effective and comfortable look-and-feel. Others required us to really dig into the documentation and work more to move around the various screens.