Endpoint security tools: A buyer's guide
A collection of articles that takes you from defining technology needs to purchasing options
Endpoint antimalware is an essential layer in an organization's security defense apparatus. While these products tend to have a lot of features in common, choosing the right product means paying attention to the details and matching organizational needs to product features, platform coverage, performance and cost.
All of the products in this article are considered best-of-breed when compared to the dizzying and immense array of antimalware protection products available on the market, but some stand out more than others in specific situations. Let's look at some top-notch products from Kaspersky, McAfee, Microsoft, Sophos, Symantec and Trend Micro to see how they meet the procurement criteria laid out in the previous article in this series, and how they fit into small, mid-size and enterprise environments. The product an organization ultimately picks from any vendor depends not only on the organization's size, but also on what features it needs.
Antimalware products for small organizations
Endpoint antimalware Products ideal for small organizations with 100 or fewer users include Kaspersky Small Office Security, McAfee Endpoint Protection Suite, Sophos Enduser Protection, Symantec Endpoint Protection Small Business Edition (on-premise) and Trend Micro Worry-Free Business Security (Standard and Advanced versions). For McAfee, the company points out that very small organizations (with 10 or fewer users) should consider an alternate product such ass McAfee All Access or McAfee Total Protection.
This is part four of a series examining endpoint antimalware protection. Part one looks at the basics of antimalware protection in the enterprise, part two examines the different use cases for antimalware products, and part three offers insight into procuring and deploying antimalware products.
Most products geared for small organizations are designed for easy installation and administration, assuming these environments have limited IT administrative staff or expertise. Symantec Endpoint Protection Small Business Edition and Trend Micro Worry-Free Business Security in particular require minimal IT savvy.
The base feature set for all five products includes antivirus/antimalware protection, a firewall, URL blocking and Web browsing protection. All products except Symantec Endpoint Protection Small Business Edition support device control. (Device control allows IT to restrict or block user access to removable devices and enforce device access rules.) Kaspersky Small Office Security offers the broadest set of additional features, including application control, file-level encryption, online banking and phishing protection, online backup, password management and much more.
Regarding platform coverage, all products support Microsoft Windows. Sophos Enduser Protection covers the broadest range of platforms outside of Windows -- Mac, Linux, and all leading virtual environments and mobile device operating systems (OSs). McAfee Endpoint Protection Suite is similar, but doesn't include mobile device protection. Kaspersky focuses on Windows and Android devices (not Mac, Linux or virtual), and Symantec Endpoint Protection Small Business Edition does not support Linux, virtual or mobile environments. Trend Micro Worry-Free Business Security Advanced supports Mac OS X but not Linux. The Advanced version protects Android, iOS, Blackberry and Windows Phone devices for IT shops running Microsoft Exchange ActiveSync.
Products in the small organization category can be managed from a central management console running on a server, with agents running on client endpoints. However, Kaspersky Small Office Security is installed on standalone clients, and administrators can choose to manage those clients from a server.
Endpoint antimalware software performance
All products, except Microsoft System Center Endpoint Protection, achieved moderately high to high scores among independent software testing sites, such as Virus Bulletin, Ltd., Dennis Technology Labs and AV-TEST. Unfortunately, no data was available from any single site, during the same time period, for all the products featured in this article.
To try to compare as many apples to apples as possible, Dennis Technology Labs results from July-September 2014 ranked Symantec Endpoint Protection as the pack leader at 99 percent for total accuracy, followed by Kaspersky Endpoint Security, upon which the company's Total Security for Business product is based, at 98 percent. A Dennis Technology Labs score indicates the accuracy with which an application protected the test system from Internet-based threats and allowed legitimate software to run.
In the same set of tests, Sophos Anti-Virus Business scored 94 percent for total accuracy (no tests on Sophos Endpoint Protection per se were found), McAfee VirusScan scored 84 percent and Trend Micro OfficeScan and Intrusion Defense Firewall scored 93 percent.
In tests performed by AV-TEST, Trend Micro OfficeScan scored a total of 17 out of 18 in September and October 2014. Those tests focused on protection, performance and usability. Symantec Endpoint Protection scored 16.5 out of 18-- and McAfee VirusScan Enterprise with ePO scored 14.2-- when evaluated for protection, system load and usability during the March through August 2013 testing phase.
No independent tests were available for Trend Micro Worry-Free Business Security.
The lowest score found was for Microsoft System Center Endpoint Protection, which scored 72 percent for total accuracy during the July-September 2014 Dennis Technology Labs tests.
These companies license their products either per user or per device. When purchasing up to 25 licenses with one year of maintenance, retail licensing costs run from a low of $23.95 per license (for Kaspersky Small Office Security) to a high of about $48 per license (for McAfee Endpoint Protection Suite and Sophos Enduser Protection). Buying more licenses at one go decreases the price. The maintenance portion of licensing packages includes receipt of program updates and standard support, and all licenses have two-year and three-year options. Most companies enable small business customers to purchase licenses online or through a sales representative.
So organizations that need a wide range of features, but only for Windows, will find Kasperky Small Office Security to be the best choice. However, organization's that have all kinds of platforms to support (Windows, Mac, Linux, virtual and mobile), should consider Sophos Enduser Protection.
Antimalware products for midsize organizations
Solid antimalware choices for organizations with 100 to 999 users are Kaspersky Total Security for Business, McAfee Endpoint Protection Suite, Sophos Enduser Protection, Symantec Endpoint Protection (aimed at environments with more than 250 users) and Trend Micro OfficeScan.
The base feature set for the products includes antivirus/antimalware protection, a firewall, application and device control, data loss prevention (with some caveats), URL blocking, and Web browsing protection.
Kaspersky Total Security for Business focuses on Windows workstations and file servers, but also provides antimalware and anti-theft protection for Android devices. The package's feature set is comprehensive: file-level encryption, password management; patch distribution; vulnerability scanning; mobile device management (MDM); the protection of Web gateways, email servers and collaboration systems; as well as online banking protection and online backup.
Beyond the base features, McAfee Endpoint Protection Suite includes email server protection (anti-spam functionality). Customers also requiring mobile device protection should consider McAfee Complete Endpoint Protection -- Business.
Sophos offers several endpoint antimalware bundles. Sophos Enduser Protection is part of the core product. From there organizations can choose other bundles that add protection for (1) mail and encryption, (2) Web and email or (3) Web, mail and encryption. Each bundle includes application control, a host-based intrusion prevention system (HIPS), email protection (such as anti-spam), patch assessment, plus MDM and management of mobile applications and email. Organizations that run Microsoft Exchange also get anti-spam, antimalware, and data loss protection.
Symantec Endpoint Protection is a client/server endpoint antimalware product aimed at environments with more than 250 users that includes intrusion prevention, host integrity checking and network access control, along with the product's Power Eraser that lets organizations kill off an endpoint infection remotely. Endpoint Protection does not protect mobile devices, and advanced Web and email filtering requires Symantec Protection Suite Enterprise Edition.
Trend Micro OfficeScan is modular: add-ons provide functionality for data loss prevention of email and USB devices, Mac and virtual desktop infrastructure support, network-level host intrusion prevention, endpoint encryption and endpoint application control. To protect mobile endpoints and provide MDM, enterprises must also install Trend Micro Mobile Security.
Regarding platform coverage, all products support Windows, Mac and Linux environments. Kaspersky Total Security for Business and Sophos End user Protection natively support many mobile operating systems. For mobile security with Trend Micro, organizations need to add Mobile Security, which supports the Android OS version 2 and higher and Kindle Fire OS.
McAfee Endpoint Protection Suite, Sophos Enduser Protection, Symantec Endpoint Protection and Trend Micro OfficeScan cater to VMware, Citrix and Microsoft virtualization platforms, too.
Endpoint antimalware products for mid-size organizations incorporate central management consoles run on servers and typically run agents on the endpoints. Although Kaspersky Total Security for Business is designed for central management as well, the software can be installed on individual endpoints as a standalone product.
Much like the options for small organizations, products for mid-size companies are licensed per user or per device, depending on the vendor. When purchasing 149 licenses, retail licensing costs run from a low of about $34 per license (for McAfee Endpoint Protection Suite and Trend Micro OfficeScan) to a high of about $59 per license (for Kaspersky Total Security for Business).
Prices decrease with purchase volume, but customers must work with a sales representative or channel partner to place orders. Typically, base licensing also includes a one-year maintenance agreement.
For the mid-sized organization with many different platforms to support, Sophos Enduser Protection is the most inclusive. Trend Micro OfficeScan is a good deal for Windows-only environments that don't need to cover mobile devices.
Antimalware products for large and enterprise organizations
All of the products covered for mid-sized organizations apply to enterprises as well. However, organizations already running Microsoft System Center 2012 or 2012 R2 should also consider System Center Endpoint Protection (SCEP), formerly called Forefront.
This module integrates into System Center and provides good protection against viruses, spyware and similar threats along with a Windows Firewall management component. It requires the Microsoft System Center Configuration Manager, which is included in the System Center package, to install the SCEP agent to clients and to distribute updates.
SCEP is attractive to enterprises because it's part of the Microsoft Enterprise Client Access License (CAL) and Core CAL Suites. Each Client Management (ML) license is good for two years and costs $22. The Core CAL Suite includes System Center 2012 Configuration Manager Client ML and Endpoint Protection Client ML. The Enterprise CAL Suite includes the Core CAL Suite plus a license that covers additional System Center modules.
Support from endpoint antimalware vendors
Self-help customers can find ample resources in the form of knowledge bases, how-to articles and videos, product documentation, updates and more on all of the companies' websites. If an admin needs phone support, keep in mind that Kaspersky, Symantec and Trend Micro offer business hours in their standard support packages, while the others provide 24/7 access. Customers can also purchase paid premium support packages that provide services such as priority response and direct access to support engineers. Those prices vary quite a bit, so you need to check with the vendors for current pricing.
The endpoint antimalware protection market is huge and changes regularly, which means there are plenty of other good products that didn't appear in this article. If an organizations is already using a product that's working well in its environment and experiencing low infection rates (or, better yet, none), stick with it. But if the organization is new to endpoint antimalware or isn't satisfied with the performance or feature set of the current product in place, deploying any of the featured products will help them achieve a much higher level of security and peace of mind.
Explore endpoint antivirus alternatives for malware protection
Learn about some of the emerging endpoint security technologies