Endpoint security is yet another sector in the security product space that has seen some growth and convergence. One of the primary drivers is the fact that managing multiple agents for each and every host is becoming more cumbersome and unacceptable for IT programs. As new technologies and protection mechanisms are available, operations stakeholders are weary about having to deploy and manage a growing number of host-based software components, especially in larger and more complex environments. Vendors recognize this challenge and have been integrating more features and protection options into one agent.
In this issue
Typically, security solutions can be dissected into two categories: network and host-based. Host-based security solutions are applied as agents or software components on each and every host that warrants protection. We see these everyday on servers and desktops in the form of anti-virus clients, desktop firewalls or even host-based intrusion prevention applications. For our test, we've tested only host-based products. Endpoint protection can be labeled as unified threat management when it combines the previously mentioned three technologies into one agent. This agent also has to enforce its protection mechanisms through some sort of policy configuration.
All of the products submitted for testing in this Group Test review were software solutions (no appliances in this group), which provided host-based endpoint protection mechanisms that exceeded our criteria. Each group consisted of a management server, which allowed administrators the ability to configure the various endpoint features and ultimately deploy the client agents to servers, desktops or even mobile devices. The types of endpoint protections available varied by products, with some vendors treading into the data leakage prevention arena and others including encryption as well. In addition to our three basic requirements, some other common features include: reputation scoring for web browsing, protection for removable media devices (USB, DVD, etc), and integration with network access control (NAC) solutions for host integrity checking. Some of these features are native and others are simply integration components for third-party vendor products.
The real meat of how a solution performs is in the details of how granular the policy configuration options are, how easy it is to manage, how it fits into the enterprise strategy and lastly, how it performs with regards to packaging, deploying and updating the agents. Customers will want to weigh their current state against future state planning. This includes assessing the types of agents and host-based protections that already exist in their environment, and what additional (or replacement) functionality is needed. For customers that have a fairly immature deployment of host-based endpoint defenses, a vendor that provides many different features in one package will be most attractive. It's worth nothing that two out of the six vendors in this review included 24/7/365 support as part of the license model, but did not reference if this was a mandatory buying option or if less aggressive support models were available.
How we tested
Our lab server machines consist of both physical and virtual Windows 2003 RC2 Standard Edition images. Our virtual environment consists of Windows 2008 servers using Hyper-V or VMware as needed. All client software was installed on either physical or virtual instances of Windows XP SP3. We also installed IIS and MS SQL Server 2005 on our Windows 2003 server when necessary.
The areas we assessed were implementation, administration, usability in an enterprise environment, user experience (transparency and performance), support, price and overall value for the money. Each of the client agents supplied by the vendors in this review functioned as intended from a technology perspective in every domain (anti-malware, host IPS and firewall). Ultimately, buying decisions should come down to what types of data reside in the environment and what protection mandates exist (or may exist in the future state) for the hosts that store or transmit this data. Administrative ease and licensing are also very important buying choices. Verifying this information with any potential vendor is critical, and the organization's support needs should be considered. Keep in mind the convergence of security features in the endpoint market and inquire about a vendor's product roadmap before considering a purchase.