GFI EndPointSecurity 2012
Strengths: Highly configurable with granular controls.
Weaknesses: Management console takes some getting used to in order to feel totally comfortable using the product.
Verdict: Very strong offering with a lot of flexibility and control.
GFI EndPointSecurity 2012 provides administrators a simple way to lock down computers across the enterprise network to ensure only authorized removable media devices are used to protect against data leaks and potential infection from malware. This product features easy-to-use controls to allow or deny the use of USB flash drives and other types of portable media based on already existing Active Directory users, groups or computers. Furthermore, granular controls can be used to manage devices by class, physical ports on the machine, device ID or even specific file types and extensions.
Installation was quite straightforward. The two-part installation process consisted of installing the server software on a machine in the network and then deploying the agent service across the network using the administration console. We found the agent deployment to be seamless and straightforward because the application identified all Active Directory computers in the network on install. It took just a few clicks and we had agents deployed on all machines. As for the server software, installation only took a couple of minutes and was aided by an easy-to-follow installation wizard.
As for policy configuration, during the initial deployment the installation wizard allowed for a base policy to be set. We found this to be helpful as we could build a reasonable default policy right out of the gate without having to spend a lot of time learning how to configure policy before protection was deployed. After the initial policy was set in the wizard all further policy and configuration was done via the management console. We found this console to be a little bit scattered at first and it took a few minutes to become comfortable moving around within the console and configuring the various options. One thing that caught our attention was that changes are not applied and deployed immediately. The administrator can build policy and do all configuration necessary and then roll it out at their discretion to any or all of the machines in the enterprise.
Documentation included a getting-started guide along with a full administrator manual. The getting-started guide walked the administrator through the steps of initial installation, as well as how to get the base configuration set up. After that the administrator manual was used to find more in-depth information on using the product and configuring product features and functions. Both guides included a multitude of screen shots, step-by-step instruction that were easy-to-follow, and many diagrams and configuration examples.
GFI includes the first year of support in the initial purchase prices of the software. After the first year, customers can purchase additional aid as part of an annual contract. GFI offers 24/5 phone- and email-based technical support for customers along with a full assistance area on the website.
At a price starting around $600 for 25 machines, we find this product to be a great value for the money. While there are not very many flashy extra features beyond simple port and device management, this tool comes up solid for ensuring that machines are locked down on a granular level to prevent data leaks or any of the other potential problems that go along with use of unauthorized devices in the network.