ESET Endpoint Security
Strengths: Completeness, ease of use and deployment, documentation much improved.
Weaknesses: None that we found.
Verdict: For a complete endpoint security product, this one really is worth noting.
ESET Endpoint Security is one of the products that does a lot of different functions, including anti-malware, anti-spam, web control, firewall, cloud-assisted scanning, anti-phishing, botnet protection, exploit blocker, memory scanner and vulnerability shield, an extension of the firewall. In a virtual environment, this tool scans a virtual machine built as an exemplar or gold machine and then puts the known clean VM into "deep freeze." When the VM is cloned in the future, all clones also will be clean.
There are two components for the ESET Endpoint Security product: the endpoint and the management console. The management console, in addition to operating on the usual PCs, is mobile device friendly. We really like that as there are many times that managing an event from a mobile device is most convenient.
The endpoint sets up nicely and has a very good user interface. Policies are easy to set up and there are 27 categories and 140 subcategories that come with the product. These are for web filtering, which arguably is the most dangerous source of threats to endpoints.
The remote administrator opens to a familiar-looking dashboard. The administrator can be installed on Windows, Linux or as an appliance on VMware, HyperV or Virtual Box. The endpoint piece uses an agent to communicate with the administrator. It can be installed through the remote administrator or a third-party tool. There also is a live installer that can be run on the endpoint itself.
Going back to the administrator, the drill-down from the main dashboard is reminiscent of typical reports. There is a lot of good information for the administrator and, at the detailed level, the tool has what ESET refers to as an actionable dashboard. One of the things we liked was the ability for the administrator to create custom dashboards. These dashboards can be representative of those things in a particular enterprise that the administrator most wants to keep an eye on. To get you started there are several predefined dashboards as well.
A useful function of the tool is its rogue detector. This function watches the enterprise for computers that connect that it doesn't know about. While this is not a full-function network access control tool, it does pinpoint unknown devices.
Further, groups can be defined as static or dynamic, meaning that the membership changes or doesn't, and scanning for threats gives excellent, detailed drill-down reporting. As to reporting, there is a complete report creation function on the administrator device. Although there are a lot of predefined reports, you can create your own and to help you along ESET provides over 1,000 templates. Once a report is defined it can be programmed to be sent out to a list automatically. So management can get a quick-read status report every morning and IT can get a detailed remediation report at the same time.
Of course, the endpoint can be configured remotely by the administrator and the granularity for that task is excellent. There is a solid mobile device management piece to this remote configuration that does such standard tasks as anti-theft actions, operating system updates, and device enrollment. Similar to reporting, actions on the endpoint can trigger some sort of notification. There are quite a few provided but you also can roll your own. These alerts/notifications can be detailed if necessary.
The usual functions on the endpoint also are present, such as managing access rights, licenses and users. User rights are role-based and there is, again, excellent granularity. With this tool you can have multiple administrators, each covering a different set of tasks so that no one administrator has full control.
Exploit blocker focuses on the most vulnerable aspects of the endpoint - Java, for example - and takes extra measures to protect it. These weaknesses are in applications and the product watches for any attempt to exploit the application based on its prior knowledge of vulnerabilities for that app.
There is a lot more to this product than space here allows us to detail, but we liked it for its completeness and its ease of use and deployment.