The EndPointSecurity solution from GFI Software provides centralized management with a small agent footprint of only 1.2 MB. The server portion requires a .NET Framework and database backend. The documentation stated SQL, so we loaded that as our database engine. Later in the review, we found the ability in the management interface to connect to an MSDE, saving the licensing associated with going to a full SQL deployment.
Once we had the server set up, we were able to scan for devices on the network. We built an MSI package and were able to use AD to distribute it out to the endpoints. The deployment tool allows for hundreds of remote deployments with minimal work. After installation, the administrator is able to control (allow/deny) access to endpoint devices on any of the machines having an ESEC agent deployed.
Once we had agents on our test workstations, we began testing the controls over the devices. The list of device/ports that GFI can manage and control is far too extensive to list here. It is safe to say that if the endpoint had it, we could control it from the server. Through AD integration, we could have different policies for that one device based on group profiles. We had numerous options for granular programming of the various port controls. We also had both whitelist and blacklist capabilities for allowing certain devices.
The management dashboard is well-organized and easy to use. The dashboard provides numerous statistics on the groups, devices and ports under control. Event logging is done to the database installed prior to the software load. Email and SMS alerting is available for various event types.
The documentation was good, and we did need to reference it for several management server operations we wanted to perform. Maintenance is included in the software price and includes phone and email support. Yearly renewals are required for support after 12 months. Upgraded support options were not found.
This is a real nice solution in the port management category, providing great features and performance at an attractive price point.
Once we had the server set up, we were able to scan for devices on the network. We built an MSI package and were able to use AD to distribute it out to the endpoints. The deployment tool allows for hundreds of remote deployments with minimal work. After installation, the administrator is able to control (allow/deny) access to endpoint devices on any of the machines having an ESEC agent deployed.
Once we had agents on our test workstations, we began testing the controls over the devices. The list of device/ports that GFI can manage and control is far too extensive to list here. It is safe to say that if the endpoint had it, we could control it from the server. Through AD integration, we could have different policies for that one device based on group profiles. We had numerous options for granular programming of the various port controls. We also had both whitelist and blacklist capabilities for allowing certain devices.
The management dashboard is well-organized and easy to use. The dashboard provides numerous statistics on the groups, devices and ports under control. Event logging is done to the database installed prior to the software load. Email and SMS alerting is available for various event types.
The documentation was good, and we did need to reference it for several management server operations we wanted to perform. Maintenance is included in the software price and includes phone and email support. Yearly renewals are required for support after 12 months. Upgraded support options were not found.
This is a real nice solution in the port management category, providing great features and performance at an attractive price point.
