Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
Endpoint antimalware is an essential layer in an organization's security defense apparatus. While these products tend to share many common features, choosing the right product means paying attention to the details and matching organizational needs to product features, platform coverage, performance and cost.
All but one of the products in this article are considered highly rated when compared to the dizzying and immense array of antimalware protection products available on the market, but some stand out more than others in specific situations.
Let's look at products from Kaspersky Lab, McAfee LLC (Intel Security), Microsoft, Sophos Ltd., Symantec Corp. and Trend Micro Inc. to see how they stack up against one another, and which products are the best fit for small, midsize and enterprise environments. The product an organization ultimately picks from any vendor depends not only on the organization's size, but also on what features it needs.
Endpoint antimalware protection software performance
Most products, except Microsoft System Center Endpoint Protection (SCEP) and Sophos Endpoint Protection, achieved moderately high to high scores among independent software testing sites, such as AV-TEST. Unfortunately, no single site reported on all of the products featured in this article during the same time period.
In tests performed by AV-TEST on Windows 10 in November and December 2016, Kaspersky Small Office Security grabbed a perfect score of 18 out of 18. Those tests focused on protection, performance and usability. Trend Micro OfficeScan and Symantec Endpoint Protection both scored 17, and McAfee Endpoint Threat Protection came in at 16.5. The lowest scores in this lineup were Microsoft SCEP at 15 and Sophos Endpoint Protection at 14.5.
No independent tests were available for Trend Micro Worry-Free Business Security, but it uses the same engine and pattern files as OfficeScan -- i.e., the products are essentially the same under the hood.
Antimalware products for small organizations
Endpoint antimalware products ideal for small organizations with 100 or fewer users include Kaspersky Small Office Security; McAfee Endpoint Threat Protection; Sophos Endpoint Protection; Symantec Endpoint Protection Small Business Edition, which is on premises; and Trend Micro Worry-Free Business Security, which offers Standard and Advanced versions for on-premises installation, and the cloud-based Services and Advanced Services versions.
For McAfee products, Intel Security points out that very small organizations -- those with 10 or fewer users -- should consider an alternate product, such as McAfee Total Protection.
Most products geared toward small organizations are designed for easy installation and administration, assuming that these environments have limited IT administrative staff or expertise. Symantec Endpoint Protection Small Business Edition and Trend Micro Worry-Free Business Security, in particular, require minimal IT savvy.
The base feature set for all five products includes antivirus and antimalware protection, a firewall, URL blocking, web browsing protection and device control, and nearly all of them provide antiransomware functionality. Kaspersky Small Office Security offers the broadest set of additional features, including application control, file-level encryption, online banking and phishing protection, online backup, password management, and more.
Regarding platform coverage, all the products support Microsoft Windows. Sophos Endpoint Protection appears to cover the broadest range of platforms outside of Windows, including Mac, Linux and all the leading virtual environments and mobile device operating systems. Kaspersky and McAfee are similar, although McAfee doesn't include mobile device protection natively. Kaspersky focuses on Windows, Mac and Android devices -- not Linux or virtual -- and Symantec Endpoint Protection Small Business Edition does not support Linux, virtual or mobile environments. Trend Micro Worry-Free Business Security, the Advanced and Advanced Services versions, supports macOS, but not Linux. The Advanced version protects Android, iOS, BlackBerry and Windows Phone devices for IT shops running Microsoft Exchange ActiveSync.
Products in the small organization category can be managed from a central management console running on a server, with agents running on client endpoints. However, Kaspersky Small Office Security is installed on stand-alone clients, and administrators can choose to manage those clients from a server.
These companies license their products either per user or per device. When purchasing up to 25 licenses with one year of maintenance, retail licensing costs run from a low of $28 per license, for Symantec Endpoint Protection Small Business Edition, to a high of about $60 per license, for Sophos. Buying more licenses at one time decreases the price.
The maintenance portion of licensing packages includes receipt of program updates and standard support, and all licenses have two-year and three-year options. Most companies enable small business customers to purchase licenses online or through a sales representative.
Thus, organizations that need a wide range of features, but only for Windows, Mac and Android, will find Kaspersky Small Office Security to be the best choice. However, organizations that have all kinds of platforms to support (Windows, Mac, Linux, virtual and mobile) should consider Sophos Endpoint Protection, and those without Linux desktops should also look at Trend Micro Worry-Free.
Antimalware products for midsize organizations
Solid antimalware choices for organizations with 100 to 999 users include Kaspersky Total Security for Business, McAfee Endpoint Threat Protection, Sophos Endpoint Protection, Symantec Endpoint Protection -- which is aimed at environments with more than 250 users -- and Trend Micro OfficeScan.
The base feature set for the products includes antivirus and antimalware protection, a firewall, application and device control, data loss prevention -- with some caveats -- URL blocking, and web browsing protection. Most also provide protection from ransomware.
Kaspersky Total Security for Business focuses on Windows workstations and file servers, macOS and antimalware and antitheft protection for Android devices. The package's feature set is comprehensive: file-level encryption; password management; patch distribution; vulnerability scanning; mobile device management (MDM); centralized and remote management; the protection of web gateways, email servers and collaboration systems; as well as online banking protection and online backup.
Beyond the base features, McAfee Endpoint Threat Protection includes email server protection, which is an antispam functionality. Customers who also require mobile device protection should consider McAfee Complete Endpoint Protection -- Business.
Sophos Endpoint Protection includes application control; a host-based intrusion prevention system; email protection, including antispam; patch assessment; plus MDM and management of mobile applications and email. Organizations that run Microsoft Exchange also get antispam, antimalware and data loss protection.
Symantec Endpoint Protection is a client/server endpoint antimalware product aimed at environments with more than 250 users; it includes intrusion prevention, host integrity checking and network access control, along with the product's Power Eraser, which enables organizations to kill off an endpoint infection remotely. Symantec Endpoint Protection does not protect mobile devices natively.
Trend Micro OfficeScan provides functionality for data loss prevention in email and USB devices, Mac and virtual desktop infrastructure support, network-level host intrusion prevention, endpoint encryption, and endpoint application control. To protect mobile endpoints and provide MDM, enterprises must also install Trend Micro Mobile Security, which supports Android, iOS, BlackBerry and Windows Phone devices.
Regarding platform coverage, all the products support Windows and Mac environments. Kaspersky Total Security for Business and Sophos Endpoint Protection natively support many mobile operating systems.
McAfee Endpoint Threat Protection, Sophos Endpoint Protection, Symantec Endpoint Protection and Trend Micro OfficeScan cater to VMware, Citrix and Microsoft virtualization platforms, too.
Endpoint antimalware products for midsize organizations incorporate central management consoles run on servers, and they typically run agents on the endpoints. Some offer cloud-based management. Although Kaspersky Total Security for Business is designed for central management, as well, the software can be installed on individual endpoints as a stand-alone product.
Much like the options for small organizations, products for midsize companies are licensed per user or per device, depending on the vendor. When purchasing 149 licenses, for example, retail licensing costs run from a low of under $24 per license, for Symantec Endpoint Protection, to a high of about $59 per license, for Kaspersky Total Security for Business.
Prices decrease with purchase volume, but customers must work with a sales representative or channel partner to place orders. Typically, base licensing also includes a one-year maintenance agreement.
For the midsize organization with many different platforms to support, Sophos Endpoint Protection is the most inclusive. Kaspersky Total Security for Business and Trend Micro OfficeScan are good for mainly Windows environments, with Kaspersky offering a larger feature set, including support for various mobile devices.
Antimalware products for large and enterprise organizations
All of the products covered for midsize organizations apply to enterprises, as well.
However, organizations already running Microsoft System Center may want to consider SCEP, formerly called Forefront. This module integrates into System Center and provides adequate protection against viruses, spyware and similar threats -- although all of the competitive products rank higher on overall protection -- along with a Windows Firewall management component. It requires the Microsoft System Center Configuration Manager, which is included in the System Center package, to install the SCEP agent to clients and to distribute updates.
SCEP is attractive to enterprises because it's part of the Microsoft Enterprise Client Access License and Core CAL Suite. Each Client Management License is good for two years and costs $22.
Support from endpoint antimalware vendors
Self-help customers can find ample resources in the form of knowledge bases, how-to articles and videos, product documentation, updates, and more on all of the companies' websites.
If an admin needs phone support, keep in mind that Kaspersky and Trend Micro offer business hours in their standard support packages, while the others provide 24/7 access. Customers can also purchase premium support packages that provide services such as priority response and direct access to support engineers. Those prices vary quite a bit, so you'll need to check with the vendors for current pricing.
The endpoint antimalware protection market is huge and changes regularly, which means there are plenty of other good products that didn't appear in this article. If an organization is already using a product that's working well in its environment and experiencing low infection rates -- or, better yet, no infections -- stick with it. But if the organization is new to endpoint antimalware or isn't satisfied with the performance or feature set of the current product in place, deploying any of the featured products can help them achieve a much higher level of security and increase their peace of mind.
Explore endpoint antivirus alternatives for malware protection
Learn about some of the emerging endpoint security technologies