Endpoint security shootout: Five products compete to protect client systems
InfoWorld testing reveals key differences in platform support, security features, and reporting functions among Check Point, McAfee, Sophos, Symantec, and Trend Micro solutionsFollow @infoworld
Total Protection is a solid, well-rounded endpoint security package that fires on all cylinders. I like the enhanced reporting capabilities in ePO, and the single-engine virus and malware scanner works very well. Moreover, the expanded platform support fits in nicely with most large organizations. My biggest complaint is that it's hard to easily see my policies and how they're assigned to each group or individual client.
Sophos Endpoint Security and Control
Sophos Endpoint Security and Control offers a tight mix of virus and spyware protection, along with client firewall, application control, host intrusion protection, and network access control. Furthermore, its intuitive browser-based management platform works well.
I had no trouble installing Sophos' Enterprise Console on my Windows Server 2003 virtual test bed. Like Trend Micro's OfficeScan, server resources were pleasingly light, requiring only about 100MB of RAM when logged into the console using Internet Explorer. During installation, I chose to have Sophos install MSDE on my server. Alternatively, admins can elect to use an existing Microsoft SQL server.
Deploying the Sophos client to users' PCs is a push process from the Enterprise Console. The Find New Computers wizard lets admins choose between importing a list of computers from Active Directory or performing a network scan based on network (NetBIOS name) or IP address range. I used the Active Directory method and had no problems installing the full client to my test machines.
Endpoint Security provides protection for not only Windows machines, but also Mac, Linux, Unix, NetWare, and OpenVMS systems. The list of supported platforms is extensive and includes both 32- and 64-bit platforms. Best of all, admins can manage and monitor all flavors of clients from a single Sophos Enterprise Console. Like Trend Micro's and Symantec's respective products, Sophos includes virtual environments as part of the supported package.
One feature that busy admins will appreciate is Sophos' ability to uninstall any third-party anti-virus programs already present on users' PC. One of my target systems came with another vendor's endpoint client package, and Sophos cleanly removed it prior to installing the new package.
Enterprise Security and Control is exactly what its names suggests: a full suite of security services blended together to allow administrators to tailor both inbound and outbound security. The real-time anti-virus and anti-spyware detectors share the same engine and the same virus/malware definitions. Endpoint generates an MD5 hash of each scanned file. If, on subsequent scans, the hash is unchanged, then Sophos skips scanning the file, saving CPU cycles.
Complementing the signature-based detection is what Sophos calls Behavioral Genotyping. This behavioral engine checks potentially malicious traffic against existing definitions in order to help stop new or unknown attacks. As long as the attack is a variant of an existing virus -- and most viruses are -- Sophos will detect it and block it. Each threat I threw at Endpoint Security was caught and handled according to my security policy. No surprises here.
Sophos' Application Control allows admins to create whitelists of approved programs: You can block specific applications or entire groups, such as remote-management tools. Beyond application control, Sophos also helps cut down on data leakage by blocking users' access to local storage devices, wireless connections such as Wi-Fi and infrared, instant messaging, and file-sharing applications.