Product Group Tests

Endpoint UTM (2010)

Group Summary

Trend Micro's Enterprise Security for Endpoints 10 is our Best Buy for its ease of use, great value for money and its strong feature-set.

For the high number of protection technologies and features, we rate Sophos Endpoint Security and Data Protection 9 Recommended.

Scroll To Full Group Summary Below

Click for a side by side comparison of products
Click for a side by side comparison of products

Full Group Summary

Endpoint unified threat management (UTM) solutions combine anti-virus, desktop firewalls and host-based intrusion prevention in one box. By Nathan Ouellette.

Keeping endpoints secure in any organisation is a challenge that many security and IT stakeholders are facing these days. Whether it is applying the latest patches or updating signatures, as new threats emerge, the bar is being raised with regards to ensuring a higher level of information protection. This means keeping data secure, keeping the bad guys out and avoiding excessive operational overhead.

Endpoint security is yet another sector in the security product space that has seen some growth and convergence. One of the primary drivers is the fact that managing multiple agents for each and every host is becoming more cumbersome and unacceptable for IT programs. As new technologies and protection mechanisms become available from a security perspective, operations stakeholders are weary about having to deploy and manage a growing number of host-based software components, especially in larger and more complex environments. Vendors recognise this challenge and have been integrating more features and protection options into one agent.

In this issue
Typically, security solutions can be dissected into two categories: network and host-based. Host-based security solutions are applied as agents or software components on each and every host that warrants protection. We see these every day on servers and desktops in the form of anti-virus clients, desktop firewalls or even host-based intrusion prevention applications.

We tested only host-based products. We have also defined that endpoint protection can be labelled as unified threat management when they combine the previously mentioned three technologies into one agent. This agent also has to enforce its protection mechanisms through some sort of policy configuration.

All of the products submitted for testing in this group review were software solutions (no appliances), which provided host-based endpoint protection mechanisms that exceeded our criteria.

Each group consisted of a management server that allowed administrators the ability to configure the various endpoint features and ultimately deploy the client agents to servers, desktops or even mobile devices. The types of endpoint protections available varied, with some vendors treading into the data leakage prevention arena and others including encryption.

In addition to our three basic requirements, some other common features include: reputation scoring for web browsing; protection for removable media devices (USB, DVD, etc); and integration with network access control (NAC) solutions for host integrity checking. Some of these features are already included in the solution and others are simply integration components for third party vendor products.

Just how well a solution performs depends on how good the policy configuration options are, how easy it is to manage, how it fits into the enterprise strategy and lastly, how it performs with regards to packaging, deploying and updating the agents.

Customers will want to weigh their current state against future state planning. This includes assessing the types of agents and host-based protections that already exist in their environment and what additional (or replacement) functionality is needed. For customers that have a fairly immature deployment of host-based endpoint defences, a vendor that provides different features in one package will be most attractive.

It is worth noting that two out of the six vendors in this group review included 24/7 support for 365 days a year as part of the licence model, but did not reference if this was a mandatory buying option or if less aggressive support models were available.

How we tested
Our lab server machines consist of both physical and virtual Windows 2003 RC2 standard edition images. Our virtual environment consists of Windows 2008 servers using Hyper-V or VMware as needed. All client software was installed on either physical or virtual instances of Windows XP SP3. We also installed IIS and MS SQL Server 2005 on our Windows 2003 server when necessary.

Each of the client agents supplied by the vendors in this review functioned as intended from a technology perspective in every domain (anti-malware, host IPS and firewall).

Ultimately buying decisions should come down to what types of data reside in the environment and what protection mandates exist (or may exist in the future state) for the hosts that store or transmit this data. Administrative ease and licensing are also very important buying choices. Verifying this information with any potential vendor is critical and the organisation's support needs should be considered. Keep in mind the convergence of security features in the endpoint market and inquire about a vendor's product roadmap before considering a purchase.

All Products In This Group Test