It takes more than antivirus to stop todays advanced threats. Protecting corporate assets requires a complete security solution that includes anti-malware, hostbased intrusion prevention (HIPS), web protection, patch assessment, application and device control, network access control, data loss prevention, rewall and other capabilities. In addition to complete protection you need a solution thats easy to install and manage, and that can grow with your needssaving you time and ensuring comprehensive protection for years to come. In short, you need an endpoint protection solution. Evaluating the many components that make up an endpoint security solution can be overwhelming. This buyers guide is designed to help. Weve provided you with independent research and test results to help you determine your endpoint security solution requirements and identify the vendor that best meets your needs. We examine the top vendors according to market share and industry analysis: Kaspersky Lab, McAfee, Sophos, Symantec and Trend Micro. Each vendors solutions are evaluated according to: Product features and capabilities Effectiveness Performance Usability Data protection Technical support
Sophos
Leaders Quadrant
Symantec
Leaders Quadrant
McAfee
Leaders Quadrant
Trend Micro
Leaders Quadrant
Kaspersky Lab
Leaders Quadrant
4 stars
3.5 stars
2.5 stars
2.5 stars
NA
5 stars
NA
5 stars
4 stars
5 stars
Complete
Partial
Complete
Partial
Partial
Leaders demonstrate balanced progress and effort in all execution and vision categories.Their capabilities in advanced malware protection, data protection and/ or management features raise the competitive bar for all products in the market, and they can change the course of the industry. A leading vendor isnt a default choice for every buyer, and clients should not assume that they must buy only from vendors in the Leaders quadrant. Some clients believe that Leaders are spreading their efforts too thinly and arent pursuing clients special needs. Cascadia Labs: Endpoint Security for Enterprises (January 2010)
Independent technology evaluator Cascadia Labs tested four top security providers in six categories: installation, conguration, policies, management, visibility and threat awareness. Sophos took top scores in performance, data protection and technical support, followed closely by Symantec, which faltered on support. McAfee and Trend Micro received lower marks for complexity.
Effectiveness
The primary goal of an endpoint security solution is to prevent malware infection. As the anchor solution in EPP suites, the quality of the malware scan engine should be a major consideration in any RFP, according to Gartner. However, no antivirus engine can provide 100% protectioneven against known threats. You should therefore also consider the solutions advanced features, such as behavior detection and HIPS capabilities. Also worth noting is whether the solution leverages the cloud to deliver real-time signature updates. Live protection from the cloud means protection against the latest threats with minimal impact on network bandwidth.
Review
VB100 (Oct 2010)
Sophos
79.6%
Symantec
NA
McAfee
NA
Trend Micro
NA
Kaspersky Lab
85.5%
84.2%
NA
Failed
NA
84.4% / 88.3%
96% / 99.74%
96% / 97.16%
80% / 91.38%
92% / 99.59%
92% / 98.83%
90.7%
NA
NA
NA
Failed
87.9%
NA
NA
NA
94.3%
% represents: VB100 - percent of previously unseen malware detected. AV Test - percent of real infection vectors/prevalent malware detected
Performance
Performance measures how a security solution impacts user experience and the number of help desk calls. Ideally, users wont experience slowdown when a security solution is scanning their system: during scheduled scans, at boot up or when opening a le. This should still be the case on a loaded or low-memory system. Strong security performance can improve IT efciency and end-user productivity.
Review
Cascadia Labs: Endpoint Security for Enterprises (Jan 2010) AV-Comparatives Scanning Speeds Test (Dec 2010) AV-Comparatives PC Mark Tests (Dec 2010)
Sophos
High scan speeds
Symantec
Solid performance
McAfee
Slow scan speeds
Trend Micro
Solid performance
Kaspersky Lab
NA
2nd
7th
13th
19th
16th
Usability
Usability, which includes installation, conguration, policies and management, impacts the time you spend on day-to-day security tasks. IT teams need a solution thats straightforward, with single-console management, easy implementation, a simple user interface and the ability to make changes easily. Policies should be exible, but not too complex so they dont confuse or overwhelm. For usability we will review three reports from Cascadia Labs, AVComparatives and Enex TestLab. Read the report summaries and see the at-a-glance tables for more information. According to Gartner,
Reporting capabilities are a signicant differentiator of EPP solutions and can make a signicant difference in the administration overhead. Buyers should consider both point-in-time reporting as well as real time dashboard capabilities. Cascadia Labs: Endpoint Security for Enterprises (January 2010)
Cascadia Labs in-depth usability report counted the number of hours involved in installation and conguration, and gave a star rating for ease of management. It also counted the number of clicks and hours required for basic tasks. Sophos had the fewest number of clicks and hours needed for installation and conguration. McAfee required the highest, with ve hours and 166 steps necessary to set up the system. Cascadia didnt include Kaspersky in this assessment. In both installation/conguration and day-to-day management, Sophos required the fewest steps and the least amount of time, while McAfee required the most. Below we examine each usability componentinstallation and conguration, policies and management, and visibilityin more detail. Installation and Conguration: Steps and timeThis test counted the total number of steps and time required to complete installation tasks. Sophos had the fastest set up time with the fewest number of steps, with Trend Micro next, then Symantec, followed by McAfee, which took twice as long as Sophos to set up. Policies and ManagementCascadias report also examined available policies and management, ranking vendors by simplicity and ease of use. It looked at details such as how many windows the interface uses, and how policies are created and arranged. Cascadia gave both Sophos and Symantec a high four-star rating for clear interfaces, and gave Trend Micro the lowest rankingtwo stars for non-centralized management. According to the reports authors,
Sophos keeps everything in one location, so unlike with the Trend and McAfee products you dont need to go to multiple places in the interface or bring up additional menus.
Visibility: Clicks to viewThis report also studied the visibility a solution offers into the overall security system, and the users level of threat awareness, which can enhance transparency and ease of use. A dashboard should be clear and require few clicks to access critical information and common actions (e.g., sending an email when a virus is detected).
In some cases, solutions dont offer the full range of features, such as Trend Micro, which only lets you see out-of-date endpoints. Sophos and Symantec both include a complete range of dashboard options, leading the pack for this section, with Sophos requiring the fewest clicks for the most tasks. McAfee follows in third place with some included functionality, and Trend Micro falls in last place with limited capabilities. Cascadia Labs: Endpoint Security for Enterprises (Jan 2010)
Review:
Installation and conguration: Steps and time Policies and Management
Sophos
93 steps 2.5 hours 4 stars
Symantec
123 steps 3.5 hours 4 stars
McAfee
166 steps 5 hours 3 stars
Trend Micro
107 steps 3 hours 2 stars
Kaspersky Lab
NA NA NA
Sophos
0
Symantec
0
McAfee
7
Trend Micro
0
Kaspersky Lab
NA
13
NA
NA
Application-controlled users
NA
NA
Device-controlled users
NA
NA
NA
DLP-controlled users
NA
NA
NA
NA
Sophos
5 stars
Symantec
NA
McAfee
5 stars
Trend Micro
5 stars
Kaspersky Lab
5 stars
5 stars
NA
5 stars
3 stars
4 stars
Sophos
30 steps
Symantec
43 steps
McAfee
133 steps
Trend Micro
59 steps
Kaspersky Lab
18 steps
Endpoint deployment
35 steps
34 steps
81 steps
92 steps
41 steps
Role-based administration
74 steps
176 steps
109 steps
123 steps
56 steps
Maintain protection
28 steps
52 steps
62 steps
37 steps
67 steps
Policy management
49 steps
62 steps
49 steps
38 steps
63 steps
Device management
38 steps
64 steps
69 steps
13 steps
19 steps
Reporting
26 steps
40 steps
61 steps
11 steps
65 steps
Data Protection
Data protection technology is becoming increasingly important in todays distributed work environment. Introducing encryption and content awareness to the business makes users more aware of how they handle sensitive data, and impresses upon them the importance of data protection. Having encryption and data loss prevention (DLP) incorporated in an endpoint security solution offers a number of benets, including simplied management and cost savings. McAfee, Sophos, Symantec and Trend Micro all offer described content detection (for example, Social Security numbers), predened dictionaries and weightings to specic words. However, Sophos is the only vendor to provide these DLP capabilities integrated into a single endpoint agent. Trend Micro offers an optional hosted DLP agent as part of its Endpoint Security Platform. McAfee and Symantec use separate agents and licenses to provide host DLP capabilities. Kaspersky Lab does not have a DLP offering. And, Sophos and McAfee provide encryption capabilities in their endpoint protection, while the others do not.
Review
Cascadia Labs: Endpoint Security for Enterprises (Jan 2010) Enex TestLab Usability of Endpoint Security (Sept 2011)
Sophos
Full range of DLP options
Symantec
Few DLP options
McAfee
Still fewer DLP options
Trend Micro
Still fewer DLP options
Kaspersky Lab
NA
10
Technical Support
You can hope youll never need tech support for your endpoint security solution, but it should be a key part of any vendors product. Tech support requirements are fairly straightforward: a vendor that offers 24/7 local language support, with knowledgeable engineers answering the phone and short wait times (if you have to wait at all). Of the ve vendors we are looking at here, only Sophos support has been independently audited and approved by SCP. Its 24/7, follow-the-sun support operations (UK, U.S., Australia) are SCP certied.
Sophos
Four Stars
Symantec
Two Stars
McAfee
Three Stars
Trend Micro
Two Stars
Kaspersky Lab
NA
22
22
16
NA
Answered easy questions by Tier 1 Answered difcult questions by Tier 1 Hours of operation
Yes
Yes
Yes
Yes
NA
Yes
No
Yes
No
NA
24/7
24/7
24/7
NA
11
Summary
Endpoint security at its best is complete and simple. It protects your organization from threats and data loss across all platforms from a single management console. Finding the right solution may seem daunting, but ask the right questions and look at the research to nd the vendor that can serve your company best. This quick look at the major vendors sums up how each fared in third party tests in each of the areas evaluated.
Sophos
Overall Best
Symantec
Better
McAfee
Better
Trend Micro
Good
Kaspersky Lab
Good
Best
Good
Better
Good
Good
Effectiveness
Best
Better
Good
Good
Good
Performance
Best
Better
Good
Good
Good
Usability
Best
Best
Good
Better
Better
Data Protection
Best
Better
Good
Good
Not reviewed
Technical Support
Best
Good
Better
Good
Not reviewed
Boston, USA | Oxford, UK Copyright 2011. Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. 11.11.v1.dNA