Endpoint security shootout: Five products compete to protect client systems
InfoWorld testing reveals key differences in platform support, security features, and reporting functions among Check Point, McAfee, Sophos, Symantec, and Trend Micro solutionsFollow @infoworld
Network access control is managed through a separate browser-based UI accessible from the Enterprise Console. The predefined policies and profiles make quick work of getting a NAC system up and running, and the wide range of configuration options means admins can create a system to meet just about any situation.
The Enterprise Console is where admins will spend most of their time, and unlike with McAfee's ePO, it is time well spent. The console is well laid out and easy to navigate, with the graphical dashboard providing at-a-glance status reports of the network. The reporting engine is good if not overly flashy. I like that I can click on a detected item name in the Alerts report and find out additional information about the threat.
I was really impressed with Sophos Enterprise Security and Control. The administrative console provides an overview into the health of the enterprise, and the policy quick links make accessing specific policy items fast and easy. I like that I can manage my heterogeneous enterprise from one console, and the level of protection is top notch.
Symantec Endpoint Protection 11
One of the best-known vendors of anti-virus software, Symantec scores with its latest offering, Symantec Endpoint Protection (SEP) 11. A bundled mix of anti-virus, anti-spyware, firewall, intrusion prevention, and application and device control, SEP provides a well-rounded suite of protection for both clients and servers. The centralized management console, Endpoint Protection Manager, does a good job of providing a one-stop management tool for admins, and the reporting engine issues a wealth of information, but only if you know how to look for it.
Installation of SEP on my test Windows 2003 Server went off without a hitch. Make sure your host server has plenty of resources: Between SEP's database engine and other core services, it consumed more than 300MB of RAM. Also, Endpoint Protection is the only product in this roundup that has a Java-based management console, and it suffers from mild Java lag. On the client side, RAM demand is light, with only about 10MB in use at idle and less than 55MB and 28 percent CPU utilization during a full system scan.
Symantec Endpoint Protection comes with a nifty deployment wizard that walks admins through the process of pushing out the agent to unprotected clients. If your organization has a standard software-distribution system in place, you can simply distribute a single executable install package to unprotected systems or allow individuals to launch the install from a shared folder. SEP can also talk to Active Directory to import organizational groups for better client management.
Like McAfee's and Sophos' offerings, SEP will protect not only 32- and 64-bit Windows systems, but also 32- and 64-bit Linux, Novell Open Enterprise Server, and VMware ESX. Unlike Sophos, SEP does not currently support Mac.
The heart of Endpoint Protection is the anti-virus and anti-spyware detection engine. SEP employs a single-protection technology composed of multiple scan engines to detect and scan for viruses and malware. As files are copied or created, SEP intercepts them and passes them to the appropriate scan engine.