Feature

Product review: Seven integrated endpoint security products

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."

Download it now to read this article plus other related content.

Trend Micro and Symantec came next in our exploit testing. Neither identified nor blocked a single client exploit. Trend Micro support personnel indicated that the HIPS protection it licensed from Third Brigade (as well as the protections offered by other vendors) is often configured by default to look for browser exploits only on TCP ports 80 and 8080. Again, independent of our scoring, we tweaked our test to verify this claim, and Trend Micro did detect our attacks on those ports. Administrators can add lists of additional ports for browser and other HTTP-related defenses. Ideally, an admin would configure the endpoint security suite so it monitored for HTTP and HTTPS attacks on all ports allowed out through the enterprise's network firewall. In many organizations, unfortunately, the number of ports allowed outbound are rather high and change on a regular basis, making this synchronization of network firewall and endpoint security tool difficult.

Both Trend Micro and Symantec detected and blocked all of our services exploits, but neither detected our zero-day attack.

CA fared worst of the seven products in this series of tests, failing on most. It didn't detect or block any of the client exploits with its default security policy. Although not part of the scoring, we experimented with its "Restrictive Policy," which did block all of the exploits, but also prevented

    Requires Free Membership to View

Firefox from accessing the network.

The next set of results were, if anything, poorer, as it did not alert or block our services exploits, even when we applied Restrictive Policy.

The one success was that CA detected and blocked our zero-day exploit under default policy.

REPORTING
We evaluated each product's reporting functionality, used to pull information such as long-term attack and infection trends, policy compliance information, and lists of the most problematic groups of machines. In particular, we looked at comprehensiveness, flexibility and ease of use

ENDPOINTS | Reporting
The good news
McAfee ePO's reporting features are excellent, including more than 70 different reports that break down all aspects of the enterprise.

The bad news
Sophos' reporting capabilities are quite skimpy. Only about a dozen reports are available.

This was first published in November 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: