Endpoint security shootout: Five products compete to protect client systems
InfoWorld testing reveals key differences in platform support, security features, and reporting functions among Check Point, McAfee, Sophos, Symantec, and Trend Micro solutionsFollow @infoworld
Unlike with all of the other reviewed products in this roundup, admins must either install the Endpoint Security client via traditional software-distribution methods or from a shared location; there is no push support in the Endpoint Security Dashboard. For organizations already running a Check Point firewall, the vendor offers an interesting method for installing the client on captive portal users' systems: Admins can force users to install the client in order to gain access to the Internet.
I like the level of control offered by Check Point's policy editor. Each policy falls into either a trusted zone (that is, a local network) or an untrusted zone (the Internet and all other networks) and provides different levels of access for each. The client firewall comes with a decent set of predefined rules, and it's easy to customize inbound and outbound rules to meet your needs. The application control gives IT broad yet easily manageable control over programs. Each policy includes "enforcement settings," Check Point-speak for NAC, which worked well in my test scenarios.
The application permissions engine provides an easy-to-manage system for allowing or denying program execution on both clients and servers. This whitelisting service allows admins to create logical groups of applications, such as browsers and mail clients, and to determine whether each program is permitted to run. I could restrict which browsers my test clients could run by simply adding the specific executable to the Browsers group, then denying access. I find this to be very powerful yet easy to use.
At first glance, Check Point's reporting engine seems a bit sparse, as if reports and charts are missing. But upon further inspection, when compared to Symantec Endpoint Protection's information overload, Check Point's almost simplistic reporting engine is a nice change of pace. Three major groups of reports -- endpoint monitor, endpoint activity, and infection history -- break out nicely, allowing a quick and uncluttered view into each endpoint's status. Unfortunately, infection history detail goes back only 14 days.
Check Point's Endpoint Security – Secure Access Edition is a good mix of endpoint protection and flexibility. I like the granular control available in each policy definition, and the concept of trusted and untrusted zones doubles the security footprint. Unfortunately, client OS support is limited to Windows systems, and there is no push installation support in the product.
McAfee Total Protection for Endpoint 4.0
McAfee Total Protection for Endpoint bundles anti-virus, anti-spyware, host-intrusion prevention, and network access control. All of these systems are tied together with the management console, ePolicy Orchestrator (ePO) 4.0, which is a welcome upgrade from previous versions, featuring a completely retooled reporting engine that allows admins to create many different custom reports. Total Protection is not Windows-centric and provides protection for other popular operating systems.