Buyer's Handbook: Assess endpoint security tools to fulfill organizational needs Article 3 of 3

10 endpoint security products to protect your business

Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting.

Large data breaches often start when hackers successfully target an endpoint device, such as a computer, mobile device or laptop. To address this issue, companies can deploy endpoint security protection, which guards these endpoints from malicious attacks. Some of the features of endpoint security software include easy installation, proactive protection and removal of malware, as well as the capability to block a wide variety of attacks.

Some of the main endpoint security products on the market include the following:

Kaspersky Small Office Security

Kaspersky Small Office Security specifically caters to small businesses with five to 25 employees. The product advertises itself as easy to install and manage and provides security to computers, file servers, laptops and mobile devices. It protects businesses from cyberattacks, financial fraud, ransomware and data loss. Although Small Office Security is a good value in general, users stated on the Capterra website that it can be expensive for organizations that don't need file server protection.

Features include the following:

  • Web and email security protect businesses from attackers trying to hack into networks and steal data and automatically blocks malicious websites.
  • A management portal allows companies to manage security from anywhere via an online portal, send installation links to remote users, create technical support tickets and remotely manage Kaspersky Lab applications.
  • Password management remembers and secures all user passwords; users just have to remember one. It also creates and securely stores new passwords for every site a user visits.
  • Mobile device protection secures Android-based smartphones and tablets from malware. It also enables companies to remotely lock devices as well as locate them and wipe them if they're lost or stolen.
  • Sensitive data protection secures sensitive data and protects businesses from data breaches, fines and lost business with backup and encryption technologies. A data vault provides password-protected storage on computers to keep sensitive data safe.

Kaspersky Total Security for Business

Kaspersky Total Security for Business is most suitable for large, complex networks, but is flexible enough for small environments that need comprehensive features in their endpoint security products. It includes all the functions available in Kaspersky Endpoint Security for Business Advanced, as well as security for mail servers and web gateways. Total Security for Business markets itself as easy to use and quick to complete scans. Because it takes a while to load, however, admins should load it after office hours, according to some user reviews on Kaspersky Total Security for Business page.

Features include the following:

  • Exploit prevention stops malware-executing and exploiting software or operating system vulnerabilities, providing an extra layer of protection against unknown, zero-day threats.
  • Patch management provides advanced in-depth scanning for vulnerabilities and automated patch distribution.
  • Unique anomaly and application controls automatically elevate security to the highest level appropriate for each role in a company. They also offer enterprise-grade application control and an always-up-to-date whitelisting database.
  • Innovative antimalware technologies combine real-time protection with artificial intelligence-based, proactive and cloud-assisted detection; web protection; and on-demand and scheduled scans.
  • Behavioral detection and automatic rollback identify and protect against advanced threats, including ransomware, admin account takeovers and file-less attacks.
  • Traffic security filters traffic flowing through gateways or external systems supporting the Internet Content Adaptation Protocol and automatically blocks incoming threats before they reach endpoints and servers.

Malwarebytes Endpoint Protection

Malwarebytes Endpoint Protection is an advanced threat prevention tool for endpoints that uses a layered approach with multiple detection techniques. This provides businesses with full protection against known and unknown malware, ransomware and zero-day threats. Malwarebytes Endpoint Protection is delivered via the Malwarebytes cloud-based endpoint management platform. According to Gartner, users like Malwarebytes' real-time protection, but some say it takes a lot of time to perform a deep scan, even though the application runs in the background.

Features include the following:

  • Application hardening reduces the vulnerability surface, making the endpoints more resilient. It proactively detects fingerprinting attempts from advanced exploit attacks.
  • Web protection prevents access to malicious websites and command-and-control servers.
  • Exploit mitigation proactively detects and blocks attempts to compromise application vulnerabilities as well as attempts to execute code on endpoints remotely.
  • Application behavior ensures applications behave as intended so attackers can't use them to infect endpoints.
  • Payload analysis uses a combination of heuristic and behavioral rules to identify entire families of known malware.
  • Anomaly detection machine learning proactively identifies unknown viruses and malware based on anomalous features from known good files.
  • Ransomware mitigation uses signature-less behavioral monitoring technology to detect and block ransomware from encrypted files.
  • Malwarebytes cloud platform provides consolidated threat visibility and centralized policy management across all endpoints. It also enables asset management capabilities.

McAfee Endpoint Security

McAfee Endpoint Security is the company's modern, integrated endpoint security platform. It replaces several legacy McAfee products with single-agent architecture and integrated advanced defenses, including machine learning analysis, containment and endpoint detection and response. This product claims to be easy to deploy and manage, but according to some user reviews of this tool on Gartner, scanning infected files takes a long time, which interferes with the daily productivity of a device.

Features include the following:

  • Machine learning pre-execution and post-execution analysis detects zero-day threats by what they look like and how they act.
  • Threat prevention offers several new, advanced malware scanning features that defend against emerging and targeted attacks. It includes exploit prevention capabilities to mitigate a broader set of endpoint threats, such as file-less, ransomware and zero-day attacks.
  • Web security prevents users from browsing to malicious or unauthorized websites.
  • Firewall stops malicious inbound and outbound network traffic.
  • Application containment quarantines malicious applications and processes on endpoints even when they're offline.
  • Behavior monitoring records process-level behavior while analyzing for attack techniques and procedures. It prioritizes alerts with attack "playback" of events.
  • Endpoint detection and response includes integrated, easy-to-use incident hunting and response.
  • Migration assistant performs automatic tasks and moves companies' existing policies into McAfee Endpoint Security.

Seqrite Endpoint Security

Seqrite Endpoint Security, from Quick Heal Technologies Ltd., integrates innovative technologies, such as anti-ransomware, advanced DNA scan and a behavioral detection system, to protect networks from today's advanced threats. It provides a wide variety of advanced features in one integrated platform, including advanced endpoint protection with antivirus, intrusion detection, firewall and others.

Features include the following:

  • Advanced device control configures device policies for various types of devices for Windows and Mac platforms to safeguard networks against unverifiable devices.
  • Web filtering blocks websites to limit web access for employees.
  • Ransomware protection uses Seqrite's behavior-based detection technology to detect and block ransomware threats. It also backs up a company's data in a secured location to make it easier to restore files in case of a ransomware attack.
  • Application control enforces control over the use of unauthorized applications within a network.
  • Asset management monitors the hardware and software configurations of every endpoint to allow administrators to know of any changes on their companies' systems.
  • Vulnerability scan targets known application and operating system vulnerabilities to enable users to update the necessary security patches.
  • Centralized patch management is included.
  • File activity monitor keeps tabs on confidential company files and alerts administrators when such files are copied, renamed or deleted.

Sophos Intercept X

Sophos Ltd. Intercept X uses a comprehensive defense-in-depth approach to endpoint security protection rather than just rely on one main security technique. Intercept X integrates with the top-rated malware detection and exploit protection with built-in endpoint detection and response. Intercept X keeps attackers at bay by blocking the exploits and techniques they use to distribute malware, steal credentials and escape detection. Implementation is reportedly simple; however, according to Gartner and a Sophos review page, users say support can be hit or miss.

Features include the following:

  • Exploit prevention stops the techniques attackers use to control vulnerable software.
  • Root cause analysis enables companies to see what the malware did and where it came from.
  • Ransomware prevention utilizes behavioral analysis to stop unknown ransomware and boot-record attacks. It stops and removes compromised files or processes without user interaction or help from IT.
  • Deep learning malware detection is built-in AI -- a deep learning neural network, an advanced form of machine learning -- that detects known and unknown malware without the need to rely on signatures.
  • Endpoint detection and response provides advanced protection to detect additional threats and investigate them further.

Symantec Endpoint Protection 15 (cloud)

Symantec Endpoint Protection 15 offers endpoint security products with multilayered defense delivered via the cloud, as well as a simplified single-agent and single-console management with AI-guided security management. It also integrates with Symantec products and third-party products. The product integrates with existing security infrastructures to rapidly address threats. Although Endpoint Protection 15 works in the background and is not very intrusive, it can become resource-intensive and sometimes slows down computers, according to some user reviews taken from a TrustRadius review page.

Features include the following:

  • Antivirus scans and wipes out malware that arrives on a system.
  • Firewall and intrusion prevention block malware before it spreads to the machine and controls traffic.
  • Application and device control manages file, registry and device access and behavior. It also provides blacklisting and whitelisting capabilities.
  • Power eraser can be triggered remotely by user IT teams to address advanced persistent threats and eradicate malware.
  • Host integrity ensures endpoints are secure and compliant by enforcing policies, detecting unauthorized changes and conducting damage assessments with the ability to isolate a managed system that doesn't meet company requirements.
  • System lockdown allows whitelisted applications to run or, on the opposing end, blocks blacklisted applications from running.
  • Simplified endpoint security management allows admins to manage complete endpoint security from a single cloud console.
  • Behavior monitoring watches and blocks files that display suspicious behaviors.

Trend Micro Apex One

Trend Micro Apex One is the rebranded name for Trend Micro Inc.'s endpoint security product. Apex One integrates malware prevention technology with endpoint detection and response capabilities. The software combines advanced threat protection techniques to eliminate security gaps across any endpoint and user activity. This product touts itself as user friendly; however, some users on the software advice reviews page say full scans take up resources, and administrators should complete them after business hours, if possible.

Features include the following:

  • Advanced malware and ransomware protection defends endpoints -- on or off the corporate network -- against malware, Trojans, worms, spyware and ransomware. Apex One adapts to protect against unknown variants and advanced threats, including crypto-malware and file-less malware;
  • Advanced detection and response capabilities such as Trend Micro Endpoint Sensor, an optional investigation tool, and Trend Micro's managed detection response service are available as add-ons.
  • Virtual patching covers known and unknown vulnerabilities before a patch is available or deployed.
  • Connected threat defense integrates with other security products locally on a company's network as well as via Trend Micro's global cloud threat intelligence to deliver network sandbox rapid response updates to endpoints when it detects new threats.
  • Centralized visibility and control manages numerous capabilities via a single console, offering central visibility and control across the enterprise.
  • Mobile security integration with Trend Micro Mobile Security via Apex Central centralizes security management and policy deployment across all endpoints. This includes mobile device threat protection, mobile app management, mobile device management and data protection.

Webroot Business Endpoint Protection

Webroot Inc. Business Endpoint Protection is a fully cloud-based endpoint security product that uses machine learning to continuously monitor and adapt endpoint threat detection, protection and prevention. It defends many types of physical and virtual systems and their users against modern, multi-vector threats. While this tool is good for businesses looking for endpoint protection, it's not suitable for businesses looking for basic antivirus, according to a critique of the product on an expert insights review page.

Features include the following:

  • Layered user and device defenses stop attacks that take advantage of poor user awareness. They also stop attacks that target device vulnerabilities.
  • Malware detection, prevention and protection prevents a number of endpoint threats, including viruses, malware, Trojans, phishing, ransomware, spyware, browser-based attacks, cryptojacking and credential-stealing malware.
  • Whitelisting and blacklisting provide direct control over which applications to execute, based on the information they receive.
  • Intelligent firewall supplements the built-in Windows firewall to protect users on and off the corporate network.
  • Infrared dynamic risk prevention analyzes individual user behavior to customize malware prevention.
  • Full offline protection stops attacks when offline or creates separate file execution policies for local disk, USB, CD and DVD drives.
  • Multi-OS, virtualization, terminal server and Citrix support provides support for Windows computers and servers, MacOS devices as well as virtualization, terminal servers and Citrix environments.

Windows Defender Advanced Threat Protection (ATP)

Windows Defender ATP is a platform designed to help enterprise networks prevent, detect, investigate and respond to advanced threats. According to Gartner, many users rate the product highly because it is lightweight and simple to manage centrally, but some say it can be a bit overwhelming for new users because of its power and the number of options.

Features include the following:

  • Attack surface reduction means it is the first line of defense in the stack to resist attacks and exploitations.
  • Next-generation protection reinforces the security perimeter of a network, using next-generation protection aimed at catching all types of emerging threats.
  • Endpoint detection and response provides advanced near real-time, actionable attack detection. Security analysts can effectively prioritize alerts, gain visibility into the full extent of a breach and take actions to remediate threats.
  • Advanced hunting includes a powerful search and query language to create custom queries and detection rules.
  • Automated investigation and remediation help reduce the volume of alerts in minutes at scale.
  • Secure score quickly assesses security postures and pinpoints machines that need attention and offers recommendations for actions to better protect the business.
  • Management and APIs support a wide variety of tools to help companies manage and interact with the platform to integrate the service into their existing workflows.

Editor's note: Using extensive research into endpoint security products, TechTarget editors focused on leading vendors currently on the market. Our research included Gartner, Forrester Research and expert review sites.

Dig Deeper on Network security

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close