- Madelyn Bacon, Assistant Site Editor
Endpoint security is a compliance requirement for government and industries, including healthcare and retail. But outside of compliance, the effectiveness of this host-based security system beyond signature-based malware has generated some debate.
Half of North American organizations indicated they had plans to add new layers of endpoint security to protect against zero-day threats as well as polymorphic and metamorphic malware, according to Milford, Mass.-based research firm, Enterprise Strategy Group.
Vendors are working hard to beef up their endpoint security products by adding firewall, IPS and threat intelligence among other features, often with technology gained through mergers and acquisitions. With all the changes, enterprises may face confusing choices when it comes to these products moving forward.
The two winners in this year's Endpoint Security category excelled in effectively detecting, blocking and cleaning up malware, according to voters. Both products are also advancing their functionality through cloud options or security intelligence features.
Winner: Kaspersky Endpoint Security for Business, Kaspersky Lab
Kaspersky Lab's Endpoint Security for Business put in an appearance in this category's top three product's last year, making this the second year in a row it has received high scores from readers for its ease of installation, configuration and administration of the product. Endpoint Security for Business is sold in three tiers. The "Select" tier includes antimalware (including antimalware for file servers), an endpoint firewall, dynamic whitelisting, Web access filtering, and an MDM package for mobile endpoints. The "Advanced" tier adds disk encryption to the mix, while the "Total" tier steps outside the realm of what you'd strictly speaking consider endpoint protection to provide extras like email and Internet gateway security. All three are managed from a "single pane of glass" or unified console.
This is a product that definitely falls into the "suite" end of the spectrum, as opposed to being straight-up antivirus. One of the more interesting features built into the package is automatic vulnerability scanning, coupled with patch management functions, that let organizations prioritize and automatically distribute patches across their corporate networks. The antimalware engine combines signature-based technologies, heuristic analysis and cloud-assisted protection, with updates delivered automatically from the Kaspersky Security Network. Endpoint components in the package run on Macintosh, Linux and Windows operating systems.
As is increasingly the case with products in this category, the Kaspersky Security Network builds cloud-based threat analysis into the equation. The service automates the collection of information about suspicious behavior and malware on millions of consenting customers' computers. This real-time flow of information ensures that Kaspersky can deliver a faster response and determine whether a new anomaly is a false positive or the real thing. Kaspersky says the Kaspersky Security Network can identify new threats within as little as 0.02 seconds.
However fast it manages its network-wide detection of new threats, Kaspersky certainly has a solid reputation for doing its homework back in the lab. Its Global Research and Analysis Team (GReAT) was established in 2008 and has since gone on to discover and dissect sophisticated attacks you've heard of, such as Flame, RedOctober and Careto.
Winner: Sophos Endpoint Antivirus, Sophos Ltd.
Sophos' Endpoint Antivirus product received high marks from readers this year for its frequency and speed of signature updates, as well as its ease of installation, configuration and administration of the product. The antivirus technology can be deployed either on-premises using the Sophos Enterprise Console or in the cloud using Sophos Cloud.
A newcomer to the winner's circle in 2014, Sophos Endpoint Antivirus is a pure play antivirus offering. The product features a connection to SophosLabs for threat intelligence updates. It also uses threat-aware patch assessment to scan, identify and prioritize critical patches from vendors such as Microsoft, Adobe and Oracle (Java).
Endpoint Antivirus integrates advanced Web threat detection to protect against malicious websites and to block inappropriate content from entering the network. All inbound and outbound emails on the network are scanned for spam, viruses, phishing and spyware.
Other features of this product include automatic threat identifiers and blockers, a built-in host intrusion prevention system to defend against malware, as well as a website filter with malware scanning for malicious and inappropriate content. Endpoint Antivirus can be used to manage and protect removable storage, optical media and wireless networking devices. This product also monitors threats from technology and applications such as P2P file sharing, VoIP, instant messaging and games.
Sophos Endpoint Antivirus works on Windows, Macintosh and Linux and virtual machines. A single console can run the set up and installation for all devices, and like AVG, administration can be done remotely. Each user license includes 24/7 support, threat updates and software upgrades. Sophos Cloud is licensed per user instead of per device. The technology integrates with Active Directory so new users are automatically added.
Send comments on this article to firstname.lastname@example.org.
Curious about last year's winners? Check out the best of endpoint security 2013.