Endpoint security shootout: Five products compete to protect client systems

Every computer that connects to the Internet must have some form of anti-virus protection installed. The number and type of virus threats increase every year, with new ones appearing at an alarming rate. However, threats to the desktop are not limited to simple viruses, but often come as a coordinated attack via drive-by installation of malware and spyware. Further, not all threats are from the Internet: Unprotected vendor laptops can inject malicious programs directly into the enterprise, or malicious employees can siphon secrets to USB thumb drives. Security applications must be able to protect the desktop from both internal and external threats.

Because securing the client device – the endpoint, if you will – is so important, I decided to put five of the top enterprise endpoint security packages to the test. They include: Check Point Endpoint Security – Secure Access Edition; McAfee Total Protection for Endpoint 4.0; Sophos Endpoint Security and Control; Symantec Endpoint Protection 11; and Trend Micro OfficeScan Client/Server Edition 8.0.

All five products worked well in my test lab, performing their anti-virus and anti-spyware security duties flawlessly. However, there were other factors to consider in evaluating these products beyond the effectiveness of their virus and malware protection, as well as their other security services. I looked at how easy they are to administer, how straightforward it is to update and manage clients, and how well the systems report back the security health of the enterprise. I also considered OS support; some of the products support an array of platforms, whereas others are Windows-only.

Check Point Endpoint Security – Secure Access Edition
Endpoint Security - Secure Access Edition from Check Point is a good all-around package of client-security services for Windows users. The package includes anti-virus, anti-spyware, a desktop firewall, NAC, program control, and a VPN client bundled in a single agent. The browser-based management console is less cumbersome that McAfee Total Protection's, but it's also not as intuitive as that of Trend Micro OfficeScan. Check Point's reporting engine is very utilitarian but provides all of the information IT needs to keep up with the network's security status without information overload.

I installed Endpoint Security on a virtualized Windows Server 2003 server and had no trouble loading the associated applications. Endpoint Security's management platform runs on a Windows Server 2003 or Check Point SecurePlatform (Check Point's version of Linux). Unlike offerings from McAfee and Sophos, the Endpoint Security client supports only Windows 2000 Pro (SP4), Windows XP Pro (SP2), and Vista Enterprise.

Once up and running, the Endpoint Security management platform consumed more than 350MB of RAM (mostly in use by the included Web engine, Tomcat) but had minimal CPU impact on the server. The client claimed about 102MB of RAM, both at idle and during a manual scan, with a rise in CPU usage from about 0 percent to approximately 55 percent. As expected, Endpoint Security detected, caught, and handled all threats without fail.

Check Point's protection engine is based on anti-virus and anti-spyware technology licensed from Kaspersky Labs in addition to Check Point's own anti-spyware technology. This two-pronged approach uses both signatures and heuristics to detect potential threats before they land on the system.