Quick Heal Technologies Endpoint Security Total with DLP
Strengths: Very good DLP and some endpoint protection with the promise of lots more functionality in coming releases.
Weaknesses: Deployment of the management server is too complicated; quick-start documentation needs Q&A and there needs to be the ability to import and use intelligence feeds, particularly blacklists.
Verdict: This is a good DLP tool, but is not trivial to deploy. Over the next release we expect a lot of the rough edges to be smoothed out. Excellent support.
For starters, we did not find that this product really is "total security" for the endpoint. What we did find was a very competent endpoint DLP tool with some endpoint protection functionality. However, we understand that the next release will remedy this and make the product a complete endpoint protection tool. The product is in two - or, perhaps, two and a half - parts. There is the agent on the endpoint, the on-premises management server and the vendor's cloud management server.
The cloud service really is not a full management server in the sense that the on-prem one is (thus the "half"). Its purpose is to cover the endpoint when it cannot access the on-prem server. Thus, the endpoint always is protected and when the endpoint returns to the fold the on-prem server is updated.
The endpoint has its own console so that the user can see the state of their device and make necessary adjustments. There is an overarching pronouncement as to whether or not the system is secure. If there is action required on the part of the endpoint user, this frame will give details. The protected components - files and folders, emails, internet and network, and external drives and devices - each has its own menu for the user.
The management console is very clean and has good drill-down. One area that we see more frequently in endpoint protection products - in fact, it is the core functionality - anti-malware protection is part of this tool. Even so, the emphasis clearly is on DLP and it does a good job of that. However, one area that we missed on this one was the ability to add external intelligence feeds, such as blacklists. The tool has its own categories of sources from which the endpoint needs to be protected from data exfiltration and it depends on those to provide everything necessary. We don't agree. Black - or block - lists are very valuable. You can, of course, create your own, but that would be a bit tedious for the busy system administrator.
The tool integrates nicely with Active Directory and the view of client activity is very complete. There is enough information to do a credible forensic investigation of a data exfiltration attempt in the drill-down for clients. Policies are straightforward to keep updated. The system uses behavioral detection, which is an advanced capability, and it can disconnect an endpoint from the network automatically if necessary - and if the policy dictates it. The endpoint policy can be configured to prevent the user from disabling protection.
Really, the only complaint that we had overall - besides the issue of blacklists - was the installation. The agent went smoothly, but the administrator console did not. There is a lot of modification required for the console installation on a server and we found discrepancies in the documentation. This is not an easy tool to set up.
There were some innovative features, however. For example, one we've never seen done exactly in this manner is the way the company provides support. Everything one needs is built into the product. One doesn't need to crawl around the website to find a support portal. Should a user need support, however, there is 24/7 email and phone assistance available at no additional cost. The website is quite complete. There is a lot of good information on the website, such as quarterly threat reports and downloads for manuals. This is an India-based company, but it has a direct presence in 80 countries including the US. We spent some time with an American support engineer based in the US.