Integrated Client Security

Product Assessment reports from Current Analysis provide a timely and in-depth evaluation on how leading products and services in a market measure up to their competition. Updated regularly by our industry-leading analysts, the reports deliver an objective and un-biased look at a product's strengths and weaknesses, ratings on how well the product meets specific customer buying criteria, and relevant product metrics. Compare selected products with side-by-side listings of product metrics and other factors, with a focus on actionable intelligence.

Subscription clients can access Product Assessment reports on our CurrentCOMPETE™ Intelligence Portal (See Client Access links below). They get real-time analysis of breaking industry news and events, as well as intelligence reports on companies, products, and markets. Click here to request more information.

Check Point Endpoint Security

Check Point Endpoint Security R80 joins other Check Point products delivered as software “blades,” allowing customers to select the specific functions they need, but still manage them as an integrated client from a centralized management console. (7/6/2011)

| Client Access |

IBM Proventia Desktop Endpoint Security

With Tivoli now in charge of IBM’s security products, IBM has refocused on its original integrated client security suite, but it has swapped the original antimalware engine with Trend Micro’s, although it still includes IBM’s HIPs and firewall. (6/6/2011)

| Client Access |

McAfee Total Protection for Endpoint

McAfee improved the speed and effectiveness in its Total Protection for Endpoint suites in early 2011 with new persistent file caching in VirusScan 8.0 and integration of the suites’ HIPS into its Global Threat Intelligence reputation system. (6/1/2011)

| Client Access |

Symantec Endpoint Protection 12.1

Symantec Endpoint Protection 12.1, four years in the making, could re-establish Symantec as a technology leader in desktop protection, thanks to innovations in reputation, file behavior analysis and scanning. (7/12/2011)

| Client Access |

Top

• Current Analysis Perspective
• Product Strengths & Weaknesses
• Product Point and Counterpoint
• Product Buying Criteria
• Product Metrics

Integrated Client Security Buying Criteria

• Detection and Response
• Methodology of detecting, preventing, alerting and auditing events; data analysis and correlating capabilities.
• Management Features
• Management features, including tools for helping administrators centrally manage individual desktops and reporting capabilities.
• Architecture
• The structure of the product, including OS requirements, integration and pre-configuration notations, and performance.
• Vendor Support
• The support customers can expect to receive during and after system set-up, in regard to routine signature updates and emergency response.

Integrated Client Security Product Metrics

• Firewall Features
• Block or limit ICMP traffic
• Block or limit IPv6 traffic
• Block or limit Raw Ethernet traffic
• Block or limit IPX traffic
• Block or limit PPP traffic
• Block or limit EAP traffic
• Block or limit by Adapter Type
• Block or limit Wireless traffic
• Block or limit VPN traffic
• Block or limit Dial-up traffic
• Block or limit by Adapter Name
• Block or limit by Screensaver Status
• Block or limit by Time
• Unlimited number of locations
• Location Definition
• Define location by IP Address
• Define location by connection to management server
• Define location by DHCP and DNS server
• Define location by DNS lookup
• Define location by Wireless SSID
• Define location by connection type
• Define location by registry key / value
• Application level security control
• Application level security control by Name
• Application level security control by Application
• Stateful inspection
• Provides “zero-day” protection
• Maximum throughput
• Quarantine Mode
• Connection Isolation
• Traffic Log Blocked Traffic
• Packet Log Blocked Traffic
• Traffic Log Allowed Traffic
• Packet Log Allowed Traffic
• Log Upload
• Syslog Support
• Hot Spot Solution
• Driver Level Protection
• IDS/IPS Features
• Supports network signature-based threat detection
• Custom network IPS signature creation
• Vulnerability-based threat detection
• Safe Mode behavioral analysis
• Embedded shell code protection
• Filters cookies
• Detects malicious e-mail scripts
• Maximum throughput (IDS and IPS)
• Block USB port (binary)
• Specify blocked USB devices
• Specify allowed USB devices
• Block Bluetooth (Binary)
• Specify blocked Bluetooth devices
• Specify allowed Bluetooth devices
• Removable Media - Allow/Block read
• Removable Media - Allow/Block write
• Removable Media - Specify file types
• Block other devices (infrared, printer, etc.)
• Block Application Installation
• Block Application Removal
• Block Application from being turned off
• Block Application from being executed
• Prevent file write/delete per application
• Application shielding and enveloping
• Web server and database server protection
• Pre-defined HIPS reports
• Audit/Learn function
• Audit/Learn function by rule
• Multiple event actions
• Custom host IPS signature creation
• Integrated host IPS rule editor
• Customize client UI options
• Anti-virus Features
• Real-time AV file system scanning
• On-demand AV file system scanning
• Scheduled AV scanning
• Real-time AV scan for Lotus Notes/Microsoft e-mail
• Real-time AV scan for incoming/outgoing POP3/SMTP
• In-memory scanning
• Outbound e-mail worm blocking
• Network Server anti-virus protection
• Scan individual file, folder and drive
• Forced restart of real-time protection if disabled
• Heuristic scanning
• Includes scan throttling options
• Initiates scheduled events that are missed
• Identify host that dropped threat on machine
• Submit suspicious files for analysis
• Detect and remove Adware and Spyware applications
• Defend against zero-day attacks by HIPS rules
• HIPS rules enabled by default
• Protect against zero-day attacks by generic (N)IPS
• NIPS Signatures enabled by default
• Zero-day protection by analysis of behavior
• Behavior enabled by default
• Quarantine suspicious files
• Silent install
• Password protect client UI
• Compressed file scanning
• Client system roam to another management server
• Missed event handling
• Laptop battery optimization
• Maximum throughput
• On-access caching
• Rootkit memory scanning
• Rootkit disk scanning
• Integrated buffer overflow protection
• Access protection rules
• File, folder or share lockdown
• Self-protection
• Per-process scanning
• Integrated anti-spyware (PUP) protection
• Client UI control
• Infection trace
• Automatic Updating
• Security policies
• Firewall rules
• IDS signature
• Anti-virus signature and engine updates
• Expanded threat definitions (adware and spyware)
• Man. server “pushes” content updates to client
• Administrator can choose between "push" and "pull"
• Centralized content update server
• Master repositories
• Distributed repositories
• Any client can act as distribution point for peers
• Management Features
• Central console can manage client AV, FW & IDS
• Uninstall third-party AV software
• Web-based management UI
• Role-based administration
• Integration with Active Directory
• Integration with LDAP
• Can manage third-party AV software
• Deploy from management console
• Deploy with elevated privileges
• Define anti-virus/spyware policy based on location
• Define HIPS policies based on location
• Define (N)IPS rules based on location
• Define content updated policies based on location
• Define anti-virus/spyware policy using connection
• Define HIPS policies based on connection type
• Define (N)IPS rules based on connection type
• Define content updated policy based on connection
• Automatic reporting and push
• Central quarantine of suspicious files
• Internet-based sub./response of suspicious files
• Single response mechanism for updating definitions
• Custom query builder
• Save custom queries/filter
• Actionable queries
• Multi-server roll-up querying
• Policy enforcement
• Service provider support
• User or computer-based policies
• Technology Integration
• Integrates with network IPS
• Application-based network prioritization (QoS)
• NAC enforcement on endpoint
• Support Cisco NAC
• Support Microsoft NAP
• Support Trusted Computing Group TNC
• Supports 802.1x
• Other enforcement options (DHCP, in-line, gateway)
• Wireless network security policy controls
• Client firewall runs virus scan on outgoing files
• Firewall instructed to block offending IP address
• Remote Policy Compliance
• Real-time heuristic virus scanning enabled
• Real-time AV to scan specified types of access
• Content update complete within specified # of days
• A specified scan ran within the last (n) days
• Exchange/Outlook plug-in scanner installed/enabled
• Lotus Notes plug-in scanner installed/enabled
• Auto remediation if virus defs out of date
• Auto remediation if real-time protection off
• Auto remediation if firewall disabled
• Registry entry on client machine
• File on client machine by name, version, location
• File on client machine by checksum
• Application on client machine is running
• Control access to sensitive data files
• Removable media controls (CD, USB, Floppy)
• Clipboard (cut and paste) controls
• Application inventory analysis
• Acceptable usage controls
• Remediation options
• Remediation by: modify registry
• Remediation by: modify files
• Remediation by: download files
• Remediation by: install software/patches in system
• Remediation by: install software/patches for user
• Remediation by: inform user
• Remediation by: query user
• Remediation by: start applications/service
• Remediation by: stop applications/service
• Remediation by: run scripts
• Remediation by: run applications
• Alerts
• Customizable text in alert message
• E-mail
• SNMP trap
• Pager
• Run a program
• Write to system event log
• Tray icon shows alerts and disables
• Notification aggregation and throttling
• Logging and Reporting
• View detailed logs from console
• Logs date and severity of attacks
• Logs hack attempts
• Logs network information
• Logs malicious activity
• Real-time network status information
• Historical reports
• Can trace back to hacker’s origin
• Customizable, real-time summary dashboards
• Various dashboard charting options
• Export logs in various formats
• Automated log export
• Audit logging
• Platform Support: AV Client and Network Server
• Windows list
• Linux list
• Unix list
• Platform support: client firewall
• 32-bit and 64-bit support
• Vendor Backend Response
• Dedicated worldwide security research and response
• Regular security protection updates
• 365x24x7 outbreak protection updates
• Response centers worldwide
• Professional and Managed Services Available
• Security policy development
• Network security consulting
• Security architecture design and integration
• Incident handling and response planning/forensics
• Early warning service
• Education services – Deployment and Management
• Managed services
• Remote installation service
• Pricing & Licensing Options
• Pricing (base)
• Sold on a per-node basis
• Includes one-year technical support
• Includes one-year upgrade insurance
• 2nd year extended maintenance available
• 3rd year extended maintenance available
• Support Features
• 7X24X365 extended hours available
• Number of dedicated contacts – Level 1
• Number of dedicated contacts – Level 2
• Number of dedicated contacts – Level 3
• Additional dedicated contacts available
• Proactive alerting available
• Product notification service available
• Technical account manager available