This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
Price: $69 per device
ZENworks Endpoint Security Management 3.5 (formerly Senforce Endpoint Security Suite) is a comprehensive endpoint security management solution that lets organizations control applications, protocols and removable storage devices. It delivers encryption to files and folders, and network access control to ensure protection levels are current.
Installations were straightforward; the client required us to choose between obtaining policy updates through ESM or files. The Policy Distribution Service checks what is sent out against the Management Server, which interfaces with directory services. Password protection for the client prevents removal and tampering.
Setting up the server required extensive networking, security and SQL knowledge.
Multiple installs on secured machines connected to the server are possible, but a Web-based interface would make configuration and management easier.
The console allows navigation through the taskbar and expandable submenus, but we'd prefer to see items like reporting and alerts accessible through a click.
Policies are distributed via SSL through a Web services application, pulling users and groups from directory services. Policies are easily edited and instantly updated.
Alert thresholds are adjustable. For example, we enabled an alert if data in excess of 5 GB is copied to removable storage media or device.
ESM offers 10 reporting categories--adherence, alert drill-down, endpoint activity, encryption solution, client self-defense, integrity enforcement, outbound content compliance, administrative overrides, endpoint updates and wireless enforcement. If you want to create custom reports, however, you'll have to use an ODBC-compliant app such as Crystal Reports.
Despite those shortcomings, policies were automatically distributed to clients. ESM blocked noncompliant clients that were assigned specific requirements (such as up-to-date antivirus signatures).
Testing methodology: The single-server installation was deployed on a Windows-based network behind a firewall. Clients were installed on a variety of endpoint systems located within and outside of the firewall. Policies were enabled for a variety of scenarios, including remote and mobile endpoints.
This was first published in November 2007