Endpoint security products aid in client defense

1 2 Page 2
Page 2 of 2

F-Secure provides an excellent Web-based reporting module for generating graphs on a number of data points, including virus infections, general alerts, system status and attack details. Reports can be exported to a variety of formats including CSV, HTML and XML .

Sygate provides some log viewers and a mechanism for generating graphs from the logs in the database. It also includes the ability to view statistics on client status by group or individual system, which lets you see which clients have not reported in for a while that may require investigation. We would like to see reports generated for this information.

Check Point includes a reporting section, but it generally is just providing query results from the logs. We would like to be able to create graphs and summary reports, and export to PDF or another format. Print views are available in HTML, but they only show the query results displayed onscreen, not all of the results. We also would like to see options for custom reports and the ability to generate reports from the client status monitor information.

Symantec does not include any reporting functionality. If the client is online, you can remotely view the local client logs. InfoExpress includes a Web reporting console, but it needs to provide more information and options. The reports generated are minimal and did not provide a way to export them.

Conclusions

From an attacker's perspective, a client endpoint system is a viable path of attack into a company. Therefore, the ability to defend these systems and the ability to centrally manage and monitor their defenses are important components of any network defense strategy.

While these products offer significant defensive capabilities, depending on which defenses are important in a network, the state of the art is not at the level where it offers a sufficient level of resilience against the state of the state of the attackers. Improvements in reporting and management, improvements in containment techniques and improvements in the types of attacks the products detect are needed.

Blink 1.0 OVERALL RATING
4.13
Company: eEye Digital Security (866) 339-3732. Cost: Starts at $56 per node. Pros: IPS notifications were useful; excellent reporting capabilities; built-in client deployment. Con: Connecting to remote hosts for log viewing was non-intuitive.
Anti-Virus Client Security OVERALL RATING
3.5
Company: F-Secure (408) 938-6700. Cost: Starts at $32 per client. Pros: Strong reporting engine; built-in client deployment that is easy to use; single product can provide anti-virus and firewall. Cons: No anomaly detection; hard to get management logging working.
Integrity 5.0 OVERALL RATING
3.5
Company: Zone Labs, a Check Point company (415) 633-4500. Cost: Starts at $65 per end user. Pros: Intuitive GUI; resilient client. Cons: No anomaly detection; does not include a complete reporting engine.
Secure Enterprise 4.0 OVERALL RATING
3.38
Company: Sygate Technologies, (510) 741-2600. Cost: Starts at $20 to $70 per seat. Pros: Combines network and application policy rules well; can create graphs from the GUI to analyze log data. Cons: No anomaly detection; no full report generation functionality.
Client Security 2.0 OVERALL RATING
2.5
Company: Symantec (408) 517-8000. Cost: Starts at $43.40 per user. Pro: Single product provides anti-virus and firewall. Cons: Spoofing possible because of logs being stored on the client; no anomaly detection; separate components not well integrated.
CyberArmor 3.0 OVERALL RATING
2.0
Company: InfoExpress (650) 623-0260. Cost: Starts at $55 per seat. Pros: Strong policy development engine. Cons: Firewalling component reports many sockets as closed, which suggest a less- sophisticated firewalling algorithm; inadequate documentation; poor GUI.
The breakdown   eEye F-Secure

Zone Labs/

Check Point
Sygate Symantec

Info

Express
Policy management 25% 3.5 3 3.5 3 2.5 3
Setup, deployment and documentation 25% 4.5 4.5 4.5 4.5 2.5 2
Reporting capabilities 25% 5 5 2.5 3 1.5 1
Attack defense capabilities 25% 3.5 1.5 3.5 3 3.5 2
TOTAL SCORE 4.13 3.5 3.5 3.38 2.5 2
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

Learn more about this topic

Andress is president of ArcSec Technologies, a security company focusing on product reviews and analysis. She can be reached at mandy@arcsec.com. Thayer is an independent security consultant. He can be reached at rodney@canola-jones.com.

NW Lab Alliance

Andress and Thayer are also a members of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2