Magic Quadrant for Endpoint Protection Platforms
21
Magic Quadrant for Endpoint Protection Platforms Gartner RAS Core Research Note G00208912, Peter Firstbrook, John Girard, Neil MacDonald, 17 December 2010, R3563 01092012 Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users. WHAT YOU NEED TO KNOW • This year’s analysis did not show considerable movement of vendors from last year’s analysis. • Malware detection accuracy has not improved significantly, while malware is improving in efficiency and volume. • The inclusion of basic vulnerability and configuration management in endpoint protection platform (EPP) suites is still low as vendors continue to focus on signature-based defenses rather than addressing root causes. • Application control (also referred to as “default deny” or “whitelisting”) holds significant promise, but with a few exceptions, most of the vendors in this analysis do not provide flexible enough solutions for larger enterprises. MAGIC QUADRANT Market Overview The threat environment continues to outpace improvements in malware detection effectiveness. High-profile attacks, such as Aurora and Stuxnet in 2010, illustrate the growing sophistication of malware attacks. While the volume and effectiveness of malware are growing rapidly, there have been few effective improvements in EPP vendors’ defensive technologies. Gartner clients are increasingly frustrated with having to clean PCs from well- known consumer infections like “Fake AV” and are concerned about the potential impact of more stealthy, undetected, targeted attacks. Signature-based malware detection has been limping along on life support for years, yet vendors seem unwilling to aggressively invest in more-effective solutions, preferring to “tweak” the existing paradigm. Dedicated host-based intrusion prevention system (HIPS) has failed to live up to its promise as a proactive protection method due to the management overhead required for marginal improvements in detection accuracy. The disillusionment with HIPS was illustrated by Cisco’s retirement of its CSA product in 2010. Some effective HIPS techniques are making their way into the core anti-malware engines, and these solutions provide significant additional value in detecting new threats. However, they are not sufficient to keep pace with the changing threat landscape.
Transcript of Magic Quadrant for Endpoint Protection Platforms
Magic Quadrant for Endpoint Protection Platforms
Gartner RAS Core Research Note G00208912, Peter Firstbrook, John Girard, Neil MacDonald, 17 December 2010, R3563 01092012
Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users.
WHAT YOU NEED TO KNOW
• Thisyear’sanalysisdidnotshowconsiderablemovementofvendorsfromlastyear’sanalysis.
• Malwaredetectionaccuracyhasnotimprovedsignificantly,whilemalwareisimprovinginefficiencyandvolume.
• Theinclusionofbasicvulnerabilityandconfigurationmanagementinendpointprotectionplatform(EPP)suitesisstilllowasvendorscontinuetofocusonsignature-baseddefensesratherthanaddressingrootcauses.
• Applicationcontrol(alsoreferredtoas“defaultdeny”or“whitelisting”)holdssignificantpromise,butwithafewexceptions,mostofthevendorsinthisanalysisdonotprovideflexibleenoughsolutionsforlargerenterprises.
MAGIC QUADRANT
Market OverviewThethreatenvironmentcontinuestooutpaceimprovementsinmalwaredetectioneffectiveness.High-profileattacks,suchasAuroraandStuxnetin2010,illustratethegrowingsophisticationofmalwareattacks.Whilethevolumeandeffectivenessofmalwarearegrowingrapidly,therehavebeenfeweffectiveimprovementsinEPPvendors’defensivetechnologies.GartnerclientsareincreasinglyfrustratedwithhavingtocleanPCsfromwell-knownconsumerinfectionslike“FakeAV”andareconcernedaboutthepotentialimpactofmorestealthy,undetected,targetedattacks.
Signature-basedmalwaredetectionhasbeenlimpingalongonlifesupportforyears,yetvendorsseemunwillingtoaggressivelyinvestinmore-effectivesolutions,preferringto“tweak”theexistingparadigm.Dedicatedhost-basedintrusionpreventionsystem(HIPS)hasfailedtoliveuptoitspromiseasaproactiveprotectionmethodduetothemanagementoverheadrequiredformarginalimprovementsindetectionaccuracy.ThedisillusionmentwithHIPSwasillustratedbyCisco’sretirementofitsCSAproductin2010.SomeeffectiveHIPStechniquesaremakingtheirwayintothecoreanti-malwareengines,andthesesolutionsprovidesignificantadditionalvalueindetectingnewthreats.However,theyarenotsufficienttokeeppacewiththechangingthreatlandscape.
2Wearestartingtosoundlikeabrokenrecord.Asfarbackas2004,wehavebeensayingthatenterpriseanti-malwarevendorsarefallingbehindindealingwiththecurrentsecuritythreats.Thisyear,theyhavefallenevenfurtherbehind.Testaftertesthasillustratedthatcurrentsolutionsarelessthan50%effectiveatdetectingnewvariationsofexistingthreatsandmuchworseatdetectingtargetedorlow-volumethreats,althoughtestingmethodologieshavealsonotkeptpacewithchangingEPPsuitecapabilities.
Webelievethatattentiontobettersoftwaremanagementandmaintenanceisthekeytoreducingtheattacksurfaceandprotectingusersfromsocialengineeringattacks.“Defaultdeny”methodsofcontrollingwhatsoftwareisloadedontomachines(akaapplicationcontrol),configurationmanagement,andvulnerabilitydetectionandremediationarethemosteffectiveproactiveformsofmalwaredefense.Thesemethodsreducetheoverallattacksurfaceandneuterthevastmajorityofthreats.
However,wecontinuetoseeveryslowprogresstowardintegratingthesesolutionsintocurrentEPPsuites.LANDesk,BigFix-IBM,LumensionSecurity,CATechnologies,CheckPointSoftwareTechnologiesandMcAfeehavebeguntoaddressapplicationcontrolneeds,butfallshortofpointsolutionsthataddressthismarket.Symantechasinvestedinauniquefilereputationsystemforitsconsumerproducts,butitisstillunavailableinitsenterpriseengine.McAfee,Symantec,Lumension,BigFix,LANDeskandeEyeDigitalSecurityaresimilarlyaddressingvulnerabilityand/orconfigurationcompliancechecking.However,thesetoolsneedtobebetterintegratedintothebaseEPPsuite,andmakeiteasiertoacquire,understandandmanagethisinformationfromtheEPPmanagementconsoles.BecausemostmalwareisWeb-borne,itisnotsurprisingthatafewvendorsarestartingtobeefupprotectionfrommaliciouswebsites.CheckPoint,TrendMicro,GFISoftware,KasperskyLab,McAfee,SophosandSymantechaveintegratedsomelevelofWebprotection,butthereissignificantroomforimprovementinprotectingdevicesfromtheWebinfectionvector.
Port/devicecontrolisanothertopicthatisrisingtothetopofRFPrequirements.MoreandmoreorganizationswanttobeabletocontrolwhichUSBperipheraldevicesareusedandhow.
Lumension,SkyReconSystems,CheckPoint,CA,LANDesk,McAfee,SophosandSymantecallofferport/devicesolutions,butthereissignificantvariationinthelevelofsophisticationofthesetools.
Dataprotectiontools,suchasfulldiskandfile/folderencryptionanddatalossprevention(DLP),arebecomingstandardcomponentsofendpointsecuritytoolkits,ascompaniesattempttoaddressinsidertheft,governmentcomplianceanddataprotection.WhileitisnotentirelynecessarythatthedataprotectioncapabilitybeincludedwithmalwaredefenseinanEPPsuite,itcanbesignificantlylessexpensiveandeasiertomanageifitis.McAfee,Symantec,TrendMicro,SophosandCAareprovidersthatofferdataprotectiontools,althoughthelevelofintegrationofthesetools
©2010Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.oritsaffiliates.ThispublicationmaynotbereproducedordistributedinanyformwithoutGartner’spriorwrittenpermission.Theinformationcontainedinthispublicationhasbeenobtainedfromsourcesbelievedtobereliable.Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformationandshallhavenoliabilityforerrors,omissionsorinadequaciesinsuchinformation.ThispublicationconsistsoftheopinionsofGartner’sresearchorganizationandshouldnotbeconstruedasstatementsoffact.Theopinionsexpressedhereinaresubjecttochangewithoutnotice.AlthoughGartnerresearchmayincludeadiscussionofrelatedlegalissues,Gartnerdoesnotprovidelegaladviceorservicesanditsresearchshouldnotbeconstruedorusedassuch.Gartnerisapubliccompany,anditsshareholdersmayincludefirmsandfundsthathavefinancialinterestsinentitiescoveredinGartnerresearch.Gartner’sBoardofDirectorsmayincludeseniormanagersofthesefirmsorfunds.Gartnerresearchisproducedindependentlybyitsresearchorganizationwithoutinputorinfluencefromthesefirms,fundsortheirmanagers.ForfurtherinformationontheindependenceandintegrityofGartnerresearch,see“GuidingPrinciplesonIndependenceandObjectivity”onitswebsite,http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp
Figure 1. Magic Quadrant for Endpoint Protection Platforms
Source:Gartner(December2010)
challengers leaders
niche players visionaries
completeness of vision
abili
ty to
exe
cute
(From "Xxxxxx xx Xxxxxx Xxxxxxxxx," XX Xxxxxxx 2010) As of December 2010
Symantec McAfee
Trend Micro Sophos
LANDesk BigFix-IBM
Lumension Security eEye Digital Security
Check Point Software Technologies
SkyRecon Systems
Kaspersky Lab
GFI Software
Microsoft
CA Technologies Eset
Panda Security
3isstillacriticaldifferentiator.DataprotectionthatiswellintegratedwiththeEPPcapabilitiescanoffercorrelatedpolicyoptionsthataddresscomplexbusinessusecasesandaremoreflexible.
Promptedbytherapidgrowthofemployee-owneddevices,suchaslaptopsandiPads,andsignificantlymorecapablesmartphones,suchasiPhones,WindowsPhone7andAndroids,organizationsarebecomingincreasinglyconcernedaboutthepotentialfordatalossandmalwareintroductionfromthesedevices.Sofar,thethreatenvironmentremainsverylowontheseplatforms,soanti-malwareisnotyetanessentialontheseplatforms.However,theabilitiestomanagethesedevices,enforcenativesecurityfunctions(forexample,passwords,encryptionandremotewipe),andsimplifyActiveSyncintegrationaremovinguptherequirementslist.McAfee,LANDeskandCheckPointarevendorsthatarebeginningtodirectlyaddressthisissue.MobiledevicemanagementandsecurityisanotherdomainthatsitsattheintersectionbetweenPClifecyclemanagement(PCLM)toolsandEPPsuitesandisanotherbenefitofthesesolutionsbecomingmoretightlyintegrated.
Otherimprovementswedetectedinthisyear’sanalysiswerefocusedaroundimprovementsinmanagementconsolesandreportingandimprovementsinthebreadthofplatformcoverage(forexample,64-bitWindows7,SharePointandMacintosh).Onlyafewvendors(McAfeeandTrendMicro)haveaddressedthespecificneedsofvirtualization;however,weseethiscapabilityincreasinginimportancetobuyers.
Market Definition/DescriptionTheenterpriseendpointprotectionplatformmarketisacompositemarketprimarilymadeupofsuitesofproducts—whichincludeanti-malware;anti-spyware;personalfirewall;host-basedintrusionprevention;portanddevicecontrol;encryptionoffulldisks,filesandfolders;andendpointDLP.
Despitetheintroductionofnewplayers,thedisplacementofincumbentsisstillasignificantchallengeinthelarge-enterprisemarket.ThebiggestimpactoftheChallengersandVisionariesistopushthedominantmarketplayersintoinvestinginnewfeaturesandfunctionality,andtokeeppricingrational.Thismarketcontinuestobeverycompetitiveinthesub-thousand-seatlevel.Currentpricesforcomparableofferingsaredownfromourlastanalysis;however,vendorsareoftensubstitutingmore-completesuiteofferingswithlittleornoincreaseinannualcosts.
In2009(thelastyearforwhichwehavefull-yearnumbers),theenterprisemarketwasstilldominatedbyMcAfee(24%),Symantec(27%)andTrendMicro(17%),whichrepresentapproximately68%ofthetotalenterprisemarket.However,theshareofthesedominantplayersisdownconsiderablyfrom85%in2007.Thesemarketleadersarelosingmarketsharetoincreasedcompetitioninthelowerendofthemarketwithlessthan1,000seats.Sophos(9%)andKaspersky(4%)aretheprimarybeneficiariesofthistrendandareimprovingmindshareandmarketshareintheenterprisemarket.
Themarketsizeattheendof2009wasaround2.7billion,flatfrom2008,duetoincreasinglycompetitivepricing,slowgrowthofenterprisePCinventoryandcannibalizationofpointproductrevenuebysuites.Weanticipategrowthratesofapproximately5%in2010and2011.
Despiteourpreviousoptimisticpredictions,Microsoft’simpactontheenterprisemarkethasbeenminimalasithasrepeatedlydelayeditsnext-generationofferinguntiltheendof2010,andourexpectationsforfuturegrowtharetemperedbyMicrosoft’sglaciallyslowdevelopmentpace.
Inclusion and Exclusion CriteriaInclusioninthisMagicQuadrantwaslimitedtovendorsthatmetthefollowingminimumcriteria:
• Detectionandcleaningofmalware(thatis,malware,spyware,rootkits,trojansandworms),apersonalfirewall,andHIPSforserversandPCs.
• Centralizedmanagement,configurationandreportingcapabilitiesforallproductslistedabove,whicharesufficienttosupportcompaniesofatleast5,000geographicallydispersedendpoints.
• Globalserviceandsupportorganizationstosupportproducts.
Added
• WeaddedGFISoftwareandLumensionSecuritytothisyear’sanalysis.
Dropped
• PrevxwasrecentlyacquiredbyWebroot.WebrootdoesnothaveasignificantenterprisepresenceintheEPPmarket.
• F-Secureappearedinourlastanalysisbutdidnotrespondtoourrequestforinformationforthisyear’sanalysis.
4Evaluation Criteria
Ability to ExecuteThekeyAbilitytoExecutecriteriausedtoevaluatevendorsin2010wereoverallviabilityandmarketresponsivenessandtrackrecord.ThefollowingcriteriawereevaluatedfortheircontributiontotheverticaldimensionoftheMagicQuadrant:
• Overall Viability:Thisincludedanassessmentoffinancialresources(suchastheabilitytomakenecessaryinvestmentsinnewproductsorchannels)andtheexperienceandfocusoftheexecutiveteam.Wealsolookedatthebusinessstrategyofeachvendor’sendpointprotectiondivisionandhowstrategicitistotheoverallcompany.
• Market Responsiveness and Track Record:Weevaluatedeachvendor’strackrecordinbringingnew,high-qualityproductsandfeaturestocustomersinatimelymanner.
• Sales Execution/Pricing:Weevaluatedthevendor’smarketshareandgrowthrate.Wealsolookedatthestrengthofchannelprograms,geographicpresence,andthetrackrecordsofsuccesswithtechnologyorbusinesspartnerships.
• Marketing Execution:Weevaluatedthefrequencyofvendors’appearancesonshortlistsandRFPs,accordingtoGartnerclientinquiries,aswellasreferenceandchannelchecks.Wealsolookedatbrandpresenceandmarketvisibility.
• Customer Experience:Weprimarilyusedreferencecustomers’satisfactionscoringofthevendorinanonlinesurveyanddatareceivedfromGartnerclientsduringourinquiryprocesstoscorevendorsoncustomersatisfactionwiththecompanyandtheproduct.
• Operations:Weevaluatedcompanies’resourcesthatwerededicatedtomalwareresearchandproductR&D.
Completeness of VisionThemostimportantvisioncriteriainthisanalysisweremarketunderstandingandthesumoftheweightedoffering/productstrategyscore:
• Market Understanding:Thisdescribesvendorsthatunderstandcustomerrequirementsforproactiveandintegrateddefensesacrossallmalwarethreattypes,considertheneedforbettermanagementanddatasecurity,andhaveaninnovativeandtimelyroadmaptoprovidethisfunctionality.
• Offering (Product) Strategy:Whenevaluatingvendors’productofferings,welookedatthefollowingproductdifferentiators:
• Anti-malware detection and prevention capabilities:Thisisthespeed,accuracy,transparencyandcompletenessofsignature-baseddefenses,aswellasthequality,quantity,accuracyandeaseofadministrationofnon-signature-baseddefensesandremovalcapabilitiesforinstalledmalware.WelookedattestresultsfromvariousindependenttestingorganizationsandusedGartnerinquiriesasguidestotheeffectivenessofthesetechniquesonmodernmalware.
• Personal firewall capabilities:Thisisadvancedpersonalfirewallcapabilitiesthatexceedthebuilt-incapabilitiesofMicrosoftWindows.Welookedatfeaturessuchasdynamicpolicyenforcement(forexample,location-basedpolicy,specificvirtualprivatenetwork[VPN]policyandwirelesspolicycapability),thebreadthoffirewalllogcaptureinformation,anti-firewall-tamperingcapabilitiesandapplication-specificfirewallpolicy.
• Management and reporting capabilities:Thisiscomprehensivecentralizedreportingthatenhancesthereal-timevisibilityofend-nodesecuritystateandadministrationcapabilities,whicheasesthemanagementburdenof
Evaluation Criteria
MarketUnderstanding
MarketingStrategy
SalesStrategy
Offering(Product)Strategy
BusinessModel
Vertical/IndustryStrategy
Innovation
GeographicStrategy
Weighting
High
Norating
Norating
High
Norating
Norating
Standard
Low
Table 2. Completeness of Vision Evaluation Criteria
Source:Gartner(December2010)
Evaluation Criteria
Product/Service
OverallViability(BusinessUnit,Financial,Strategy,Organization)
SalesExecution/Pricing
MarketResponsivenessandTrackRecord
MarketingExecution
CustomerExperience
Operations
Weighting
Norating
High
Standard
High
Standard
Standard
Standard
Table 1. Ability to Execute Evaluation Criteria
Source:Gartner(December2010)
5policyandconfigurationdevelopment.VendorsthathaveembarkedonPCLM-styleoperationintegrationshowedconsiderableleadershipandweregivenextracreditforshowinguppositiveonthiscriterion.
• Data and information protection:Thisisthequantityandqualityofintegratedtechnologytoprotectdatathatresidesonendpoints,suchasfull-diskencryption,dataleakprevention,andportanddevicecontrols.Althoughwearguedabovethatthesetechnologiesaren’tmandatoryrequirementsofeverybuyer,theydodemonstratevendorvisionandleadershipinthismarket.
• Device and port control capabilities:Weexploredthegranularityandintegrationofpolicy-basedcontrolsforabroadrangeofportsandperipheraldevices,suchasUSBandprinterports.Welookedforgranularcontrolofarangeofdevicetypes,interactionwithencryptionandDLPpolicy,andconvenienceelements,suchasend-userself-authorizationoptions.
• Application control capability:Welookedfortheabilitytoapplyaflexibledefaultdeny-applicationpolicythatallowsfortrustedsourcesofchangeandcanhandlerequirementsrangingfromfulllockdowntoallowinganytrustedapplicationtorun.Wefocusedoneaseofadministrationandexceptionmanagement.
• Supported platforms:SeveralvendorsfocusedsolelyonWindowsendpoints,buttheleadingvendorsareabletosupportthebroadrangeofendpointandserverplatformstypicallyfoundinalarge-enterpriseenvironment.Inparticular,welookedforsupportforspecializedservers,suchase-mail,collaborationportals(suchasSharePoint,storageareanetworksandnetwork-attachedstorage),theabilitytooptimizesecurityforvirtualizedenvironments,andsupportforMacandmobiledevices.
Theothercriteriaevaluatedwere:
• Sales Strategy:Weevaluatedeachvendor’slicensingandpricingprogramsandpractices.
• Innovation:Weevaluatedvendors’responsestothechangingnatureofcustomerdemands.Weaccountedforhowvendorsreactedtomaliciouscodethreats,suchasspywareandtargetedattacks,howtheyinvestedinR&D,orhowtheypursuedatargetedacquisitionstrategy.
• Geographic Strategy:Weevaluatedeachvendor’sabilitytosupportglobalcustomers,aswellasthenumberoflanguagessupported.
LeadersLeadersdemonstratebalancedprogressandeffortinallexecutionandvisioncategories.Theircapabilitiesinadvancedmalwareprotection,dataprotectionand/ormanagementfeaturesraisethecompetitivebarforallproductsinthemarket,andtheycan
changethecourseoftheindustry.Aleadingvendorisn’tadefaultchoiceforeverybuyer,andclientsshouldnotassumethattheymustbuyonlyfromvendorsintheLeadersquadrant.SomeclientsbelievethatLeadersarespreadingtheireffortstoothinlyandaren’tpursuingclients’specialneeds.
ChallengersChallengershavesolidanti-malwareproductsthataddressthebasicsecurityneedsofthemassmarket,andtheyhavestrongersales,visibilityand/orsecuritylabclout,whichadduptoahigherexecutionthanNichePlayersoffer.Challengersaregoodatcompetingonbasicfunctionsratherthanonadvancedfeatures.Challengersareefficientandexpedientchoicesfornarrowlydefinedproblems.
VisionariesVisionariesinvestintheleading-edge(aka“bleeding-edge”)features—suchasadvancedmalwareprotection,dataprotectionand/ormanagementcapabilities—thatwillbesignificantinthenextgenerationofproducts,andwillgivebuyersearlyaccesstoimprovedsecurityandmanagement.Visionariescanaffectthecourseoftechnologicaldevelopmentsinthemarket,buttheyhaven’tyetdemonstratedexecution.ClientspickVisionariesforbest-of-breedfeatures,andinthecaseofsmallvendors,clientsmayenjoymorepersonalattention.
Niche PlayersNichePlayersofferviable,uncomplicatedanti-malwaresolutionsthatmeetthebasicneedsofbuyers.NichePlayersarelesslikelytoappearonshortlists,butfarewellwhengivenachance.NichePlayersmayaddresstheadvancedsecurityneedsofhighlyattackedorganizationsorlow-overhead,basicanti-malwareforthebroadermarket.ClientstendtopickNichePlayerswhenthefocusisonafewspecificfunctionsandfeaturesthatareimportanttothem.
Vendor Strengths and Cautions
CA TechnologiesCA’sEPPproductshaveundergoneacompleteredesignsinceourlastanalysis.Release12ofitsWeb-basedmanagementconsoleforbothanti-malwareandHIPScapabilitiesimprovedrole-basedaccesscontrol,unmanagedendpointdiscoveryandclientinstallation,reporting,andauditing.Italsoconvergeditstwoclientsintoasingleanti-malwareandHIPSclient.However,in2010,CAhasmoveddowninitsabilitytoexecuteduetoslowmarketresponsiveness,stagnantmarketshareandlowvisibilityamongnon-CAcustomers.CAcustomersandglobalorganizationsseekinguncomplicatedEPPcapabilitiesshouldconsiderCAThreatManagerr12.
Strengths
• Thenewr12consolebasedonanAdobeFlexuserinterfaceofferssignificantlyimprovedmanagementandreporting,ascomparedwithpriorversions,andincludesthecapabilitytostreamalertsaboutcriticalexternaleventsdirectlytotheconsolefromCA.
6• Withtheconvergedanti-malwareengine,CAThreatManager
TotalDefensesolutionisonparintermsofthebasicfunctionalspecificationsforanEPPsolution.
• TheCAfirewallcanenforcepoliciesbynetworkcontext,anditprovidesexcellentcapabilitiestosetpoliciestodefendordenytheoperationofanewnetworkinterface,includingrestrictingwhichportsandservicesareactive.
• CA’sHIPScapabilityincludesnumeroussystemchecks,aswellasvulnerabilityshielding,sandboxexecutionandbehavioralanomalydetection.Itslearningmodecapabilityeasessetupandpolicycreation.
• CAoffersunifiednetworkcontrol(UNC)initsr12suite,whichprovidesMicrosoftNetworkAccessProtection(NAP)capabilities,includinginventory,patch,vulnerabilityandconfigurationassessment.
• CAhasmadesignificantinvestmentsinenterprisedataprotectionandhasstrongendpointdataprotectionoptions.Itisamongasmallnumberofrankedvendorswiththeabilitytoblockcertaindataleakageoperationsonaper-applicationbasis,suchasusingtheclipboard.
• r12providesportanddevicecontrols,includingcontroloverUSB,Bluetooth,CD,infrareddevice,DVDandfloppydiskdrives.
• CAoffersverybroadplatformsupport,includingseveralvarietiesofUnix/Linux,Mac,Palm,WindowsMobile,VMware,MicrosoftHyper-VandCitrixpresentationservers,aswellasspecializedservers,suchasMicrosoftExchange,LotusNotes/Domino,NovellNetWare,NetAppandEMCstorageservers.
• CAofferssolidapplicationcontrolcapabilities,withoneofthelargestdatabasesofapplicationsgroupedintocategories(forexample,games).
Cautions
• CA’slong-awaitedr12consoleismuchimproved,butbringsitonlytoparitywithwhatotherEPPleadersalreadyofferandisnotyetwellfield-tested.Somefeaturesarestilllagging,suchasextensivecontroloverscheduledscans,flexibleadministratorrolecreationandcustomdashboardwidgets.
• CA’slackofparticipationinindependentanti-malwaretestingmakesitdifficulttovalidatemalwaredetectioneffectiveness.CAreleasesonlytwosignatureupdatesperday.
• CA’sfirewalltechnologyispowerful,butpoliciescanbecomplextoconfigure.
• CAlacksintegratedfull-disk/fileencryptionproducts,andCAlackstheabilitytoenforceencryptionondatawrittentoexternalstoragedevices.
• CA’sDLP(acquiredfromOrchestriain2008)isstillaseparateproductmanagedfromaseparatedivisionandhasnotyetbeenfullyintegrated.
• ThereisnointegrationbetweenCAEPPanditsPCLMofferings.
• ReferencecustomerswerelukewarmintheirendorsementofCA.
Check Point Software TechnologiesWell-knownintheenterprisenetworkfirewallandVPNmarket,CheckPointcontinuestoimproveitsEPPproductsuitewithanemphasisonaddressingtheincreasingproliferationofunmanageddevices.Despiteitslaudableenterprisenetworkpresence,brandandchannel,thecompanyhasfailedtosignificantlyimproveitsmarketshareormindshareinthismarket.Organizationsthatvaluestrongintegrationbetweenremote-accesssolutionsandtheEPPsuite,full-diskandmediaencryption,andapplicationcontrolsolutionsshouldincludeCheckPointontheirshortlists.
Strengths
• CheckPointEndpointSecuritysuiteincludespersonalfirewall,anti-malware/anti-spyware(licensedfromKasperskyLab),full-diskencryption,networkaccesscontrol(NAC)andintegratedVPNinasingleclientdeployment.
• CheckPoint’smanagementconsolewasrecentlyimprovedandintegratesmalwareprotectionanddataencryptionsuiteofferings.Itoffersacleaninterfacewitheasynavigationandquickaccesstosummarydata(overview/dashboard,organization,policies,reportsanddeployment)thatisverysimilartoanetworkfirewallinterface.Reportingissignificantlyimproved.Thedashboardcanbecustomizedforeachadministrator.Itprovidesgoodhierarchicalandobject-orientedpolicyandcanexploitnetworkfirewallpolicyobjects,suchasnetworkzones,inclientfirewallpolicyandcanleverageinstalledgatewayappliancesasrelaysforclientupdates.CheckPointoffersauniqueuser-basedmanagementcapabilitythatallowsadministratorstodevelopandviewuser-specificpoliciesacrossmultipledevices.
• Thepersonalfirewalliscomprehensiveandincludesextensiveprepopulatedprogramprofiles,excellentlocation-basedpoliciesandverygoodVPNclientintegration.
• CheckPointhassomebasicHIPStechniquesinitsfirewallandaspartoftheKasperskyengine.
• CheckPoint’sProgramAdvisorserviceallowsadministratorstoenableapplicationcontrolofacceptableapplicationsbasedonanexistinginventoryofapplications,certificatesand/orCheckPoint’sdatabaseofknowngoodapplications.
• CheckPointhasverystrongfull-diskandfile/mediaencryption,aswellasextensiveportcontrol,includingverygranulardeviceandfileidentification.
7• NACisextensiveforremoteaccessviaCheckPoint’sVPN
andSecureSocketsLayer(SSL)VPNproducts,anditincludesanon-demandscannerforunmanagedmachines.LANNACislimitedtopersonalornetworkfirewallenforcement,orparticipationinaninfrastructureNACsolution(thatis,802.1X).
• CheckPointaddedbrowserprotectiontechnologyfromZoneAlarm,whichhelpsclientsavoidmaliciousWeb-basedmalware.
Cautions
• CheckPointischallengedinsufficientlydifferentiatingitselffromitscoremalwaredetectionenginepartner,Kaspersky,forclientsseekingbasicprotection,orfrommarketleadersforclientsseekingdataprotectionsolutions.
• AlthoughthemanagementconsoleprovidesagoodsummaryviewoftheEPPagentstatus,itdoesnotincludeanyvulnerabilityorconfigurationassessments,nordoesithaveanyintegrationwithoperationstools.
• CheckPointisdependentonKasperskyforanti-malwaresignaturestoreviewsuspiciouscodesamplesandtopreparecustomsignaturesfortargetedmalware.Althoughsignaturesarebecomingareplaceablecommodity,businessdisruptionsinKasperskycouldimpactCheckPointcustomers.
• TheCheckPointmanagementconsoleisaWindowsclient/serverapplicationratherthanbrowser-based.CheckPointisdependentonsoftwaredistributiontoolstoinstalltheinitialclient,andlackstheabilitytoremoveotheranti-malwareproducts.Thesolutiondoesn’tincludemanyoptionstominimizetheimpactofscheduledscans,suchastheimpactonCPUuse,ortoavoidconflictswithcriticalprograms.
• CheckPoint’sprogramcontrolsolutioncan’tpreventprogramsfrominstalling.Itonlyblocksnetworkaccessviafirewallpermissionsandterminatestheprocess.Programcontroldoesn’tclearlypinpointmachineswithparticularrogueapplications,therebymakingremediationmoredifficultthannecessary.Programcontrolisnotflexibleenoughforlargerenterprises.Itdoesn’thaveagoodcentralizedwayofallowingtrustedsourcesofchange.
• TheSmartDefenseHIPSpolicyisn’ttunableanddoesn’tallowadministratorstowhitelistapplicationsthatincurfalsepositives.
• TheNACsolutiondoesn’tsupportguestNACenforcement.
• Portcontroldevicemanagementisincludedinthemediaencryptionsolutionratherthaninthefirewall.
• CheckPoint’sdataprotectionstrategyisstillmissingclient-basedcontent-awareDLP.
• CheckPointprotectionislimitedtoWindowsendpointPCs.Itdoesn’tofferprotectionforMacsorspecializedservers,suchasMicrosoftExchange,LotusNotesorMicrosoftSharePoint.
eEye Digital SecurityeEye’shistoricalstrengthhasbeeninvulnerabilityanalysis.AstheEPPmarkethasevolvedtobroaderplatformcapabilities,eEyehasremainedfocusedonitstraditionalstrengthofmalwareandintrusionpreventioncapabilities,backedbyitsownmalwareresearchlabsandaugmentedbyalicensedsignaturedatabase.Sinceourlastreview,eEyehasredesignedandunifiedthemanagementconsolesofitsvariousofferings,includingvulnerabilityanalysis,providingamuchmoreholisticsecuritystateassessment.ThisimprovementmovedeEyeoverthelineintotheVisionariesquadrant.ExistingeEyeRetinacustomersshouldshortlistBlink.Otherbuyers,suchasenterprisesseekingatacticalHIPSsolutiontosupplementsignature-basedprotectionandnativefirewallsonWindowsclientsandservers,andenterprisesthatvalueintegratedvulnerabilityanalysis,shouldconsidereEyeBlink.
Strengths
• TheRetinaCSmanagementconsolehasbeenredesignedwithamodern,Flash-baseduserinterfaceandhasbeenunifiedacrossthevariouseEyeofferings.
• BlinkusesanembeddedversionofeEye’sRetinaNetworkSecurityScannertoperformlocalvulnerabilityassessmentsandreportthefindingstotheRetinaCSconsole.eEyehaslaunchedtheRetinaProtectionAgent(RPA),whichisasubsetofBlink(minusantivirusandfirewall),designedtoworkalongsideotherEPPandantivirussolutions,andtoprovideagent-basedvulnerabilityassessmentandintrusionpreventionservices.
• Allfunctionsarepackagedinasingleagent,includingtheNormansignatureengine.Layersoffunctionareeasilyenabledordisabledbytheadministratorwithoutmakingchangestotheinstalledimageordrivers.SecuritypoliciescanbemonitoredandupdatedfromoutsidethefirewallwithoutrequiringaVPN.ChangemanagementdetailsareheldinXMLfilesforrevisionmonitoringandcontrol.TheactualinstalledfootprintstoredandinRAMisrelativelysmall.
• Sinceourlastanalysis,eEyehasaddedanewgenericheap-sprayingdetectionandvulnerableActiveXprotectionforInternetExplorer.Ithasalsoaddedanon-accessscanningthrottletoallowdeeperscanningforuser-accessedfilesandimprovedbufferoverflowprotection.
• eEyeistheonlycompanyinthisanalysistoofferaservice-levelagreement(within48hours)onnewcriticalexploits,meaningthatitwillprotectagainsttheseexploitswithin48hoursevenifthesystemisunpatched.
• eEyeuniquelyoffersphysicalmanagementappliancesforrapiddeploymentandmanagement,andoffersasoftwareasaservice(SaaS)productforvulnerabilityassessment.
8• Anti-malwareperformanceisenhancedbynotrescanningfilesthat
werepreviouslymarked“good”ifthefilehashhasn’tchanged.
• eEyehasasmallbutveryskilledteamofmalwareexpertsthatprovidesexcellenttechnicalsupportandmalwareinformation.
Cautions
• eEyeisoneofthesmallestcompaniesinthismarket,andithasalimitedpresenceoutsideNorthAmericaandinorganizationswithmorethan500employees.Itstotalstaffsize,includingresearchandengineeringgroups,issmallcomparedwiththeEPPindustryaverage.
• Themanagementconsoleisimprovingbutstillmaybelimitingforlargerenterprises.Policyisbasedonphysicalhosts,notdirectorygroups.Althoughdirectoryinformationcanbeimported,itisaone-timeassociation.Someclientconfigurationoptionsmustbedoneonanendpoint,usingtheregistry,andexportedtothemanagementconsoleandappliedtoothergroups.TheadditionofvulnerabilityinformationinthemanagementconsoleisasignificantbenefitofeEye;however,thesolutionlacksactionableguidance.ThereisareportinglinkagebetweenvulnerabilitiesandHIPS-basedvulnerabilityshields,butitisnotinthedashboard.Itdoesnotofferanadhocreportingcapabilityorcustomdashboards.Thesolutionhasthecapabilitytoblacklistapplications,butitisamanualprocesswithnotrustedsourcesofchange.ItofferslimitedNACintegration.
• AlthougheEyedevelopsitsownspywaresignaturedatabaseandcleanuproutines,thesolutionreliesonNormanforanti-malwaresignatures.Althoughsignaturefeedsfromreputablelabsarebecomingareplaceablecommodity,businessdisruptionsinNormancouldimpacteEyecustomers.AlthoughtheNormananti-malwareengineistestedregularly,eEyedoesnotparticipateinmanyindustryteststodemonstratetheeffectivenessofitscollectionoftechnologies.Itoffersonlyonesignatureupdateperday,whileothervendorshavegonetoreal-timecloud-basedsignatureupdates.Automatedmalwaredamagecleanupcapabilitiesarelimited.
• eEyehaslimitedapplicationanddevicecontrolcapabilities,butnoencryptionorDLPcapabilities.Itlackstheabilitytoenforceencryptionondatathat’swrittentoexternalstoragedevices,butitdoeshaveanumberofpoliciestolimitaccessandwritingtoexternaldevices.
• ItsupportsonlyWindowsOSplatforms(including64-bitWindows,whichhasbeenadded),socompanieswithotherdevicesandserverswillneedtobuyotheroradditionalEPPs.
• AlthoughthestorageandRAMfootprintslookrelativelylow,eEye’sreal-timeevaluationsandquarantineIPStechniquesconsumeasignificantamountofresourcesandcanbeanissueonoldersystems.
• There’snoenhancedprotectionforwirelessinterfacesordirectsupportforwirelessLAN(WLAN)securitysupplicants.
EsetEsethasbuiltasubstantialinstalledbaseinEMEA,particularlyinEasternEurope,andithasarapidlygrowingsmallormidsizebusiness(SMB)presenceinNorthAmerica.ItsCompletenessofVisionscorebenefitsfromgoodmalwareeffectivenessinalightweightclient,butitstillsuffersfromweakenterprisemanagementcapabilitiesandlackofinvestmentsinmarket-leadingfeatures,suchasdataprotectionormore-holisticsecuritystateassessments.Esetisagoodshortlistoptionfororganizationsseekingeffective,lightweightanti-malwarescanenginesandpersonalfirewallsthatdonothaveextensivemanagementrequirements.
Strengths
• Theflagshipenterpriseproduct,EsetSmartSecurity,includesintegratedanti-malware,anti-spamandpersonalfirewallinasingle-agentfootprint.ThelowperformanceimpactoftheEsetproducthasbeennotedbymanycustomers.Recently,Esetintroducedanewcoreenginewithimprovedperformanceandclientself-defense,aswellasnewHTTPSandPOP3Sscanning,firewallprofiles,andsupportforCiscoNAC.
• ThemanagementconsoleisanativeWindowsapplicationwithaspreadsheet-styleinterface.IthasthelookandfeelofaMicrosoftManagementConsole.Welikeitscapabilitytohighlightmachinesinthelogtableandthen,withaleft-click,toinstalltheEPPagentorperformotherremediationactivities.
• TheEsetanti-malwareengineisaconsistentlyrespectableperformerintestresults(thatis,VB100andAV-Comparativestests)andperformsverywellintestsofheuristicdetectiontechniques.TheEsetenginehasastrongrelianceonheuristicsandgenericsignatures,includingsandboxheuristics,whichrunallexecutablefilesinavirtualemulatorandprovideclient-basedmaliciousURLfiltering.
• EsetsupportsabroadrangeofWindowsclientsandservers,includingExchange,LotusNotes/Domino,LinuxSolaris,andNovellNetWareandDellstorageservers.Thecompanyrecentlyaddedendpointproductsformobiledevices(WindowsMobileandSymbian),aswellasananti-malwaresolutionforMacOSXandLinuxdesktopplatforms.
• Tofurtherreducetheperformanceimpactofscanning,Esetrecentlyintroducedmorecontroloverscanningofarchivesandafeaturethatautomaticallydetermineswhichfilesneeddeeperscanning.
Cautions
• Esetislackinginmanagementfeaturesforlarger,more-complexorganizations.Themanagementconsoleislongoverdueforanupdate;it’sverycomplexandlacksaclear,actionabledashboardviewtoenablemore-rapidorautomatedproblemidentificationandremediation.Italsolacksmanycommonenterprisecapabilities,suchasrole-basedadministration,informationandpolicyelementsthatcanbe
9delegated(orrestricted)toendusers,automaticlocation-basedpolicies—especiallyenforcingandmonitoringpoliciesforoff-LANclients—andautomaticroguemachinedetection.
• Ithasverypoorreporting.Alotofinformationiscaptured,butitishardtogetat,andthereisnoadhocreporting,justfilteredlogviews.Real-timeupdatesareimpossible.
• Themanagementserverneverpushesupdatestoclients—clientshavetopulljobsatconfigurableintervals.
• ThereisnosignificantsecuritystateassessmentbeyondEPPagents(thatis,applicationvulnerabilityandconfigurationassessments)andnosignificantintegrationwithoperationstools.
• Clientscanbedistributedbythemanagementconsole;however,deinstallationofcompetitivesolutionsisanadditionalservicecostthatisn’tincludedinthesolution.
• TheHIPScapabilitycanonlybeactivatedordeactivated;itcan’tbeselectivelydeactivatedtoallowspecificfalse-positivefilestoexecute.
• Esetdoesn’tyetoffermanyoftheadditionalEPPcomponents,suchasapplicationcontrol,advancedport/devicecontrol,encryption,andDLPorVPNintegration.
• Esetoffersonlyrudimentarydevicecontrol,whichenablesblockingand/orimmediatescanningofremovablemedia.
GFI SoftwareGFISoftwareisanewentrantinthisyear’sanalysis.U.S.-basedSunbeltSoftwarewasrecentlyacquiredbyGFISoftware,whichoffersawiderangeofsecuritysolutions(notably,securee-mailWebgateways,archivingandbackup)primarilyaimedatSMBorganizations.GFIisareasonableshortlistcandidateforsmalltomidsizeorganizationslookingforasimpleandlightweightanti-malwareengine.
Strengths
• GFI’sVipremanagementinterfaceisveryefficientandclean.Itprovidesalargerangeofpreinstalledmovabledashboardwidgetsandprovidesgoodabilitytoviewanddrillintologdataandassignpolicytogroupsandusers.
• MalwaredetectionisaugmentedwithMX-Virtualization,whichanalyzesmalwareinrealtimeinavirtualenvironmentonthePC,andoffersclient-basedmaliciousURLblocking,rootkitscanningandautomaticscanningofUSBdrives.
• Theclientisrelativelylightweightandefficient,providingfastscanning.
• GFIoffersWindowsandMacclientsupport,aswellasExchangeserverversions.
• Vipre’snetper-yearlistpricingisoneofthelowestinthisanalysis.
Cautions
• GFIisarelativenewcomertotheenterprisemarket.WedonothavealotofreferencecustomersintheGartnerinstalledbase,andGFIisnotevaluatedinmostofthemalwareeffectivenesstesting,soperformanceinthewildisnotwell-documented.Referenceclientswereunenthusiasticandcommentedthatsignaturedatawouldbenefitfromimprovedqualitycontrol.
• TheVipremanagementcapabilitywillbelimitingforlargerenterprises.ItreliesonWindowsnetworkbrowserorActiveDirectoryinformationtofindunmanagedmachines.Itdoesnothaveanyadhocreportingcapability,onlyfilteredviewsofhistoricaldata.Role-basedadministrationislimitedtoreadorwriteoptionsonly.HIPSpolicycontrolislimitedtocreatingexceptionsforspecificprogramsbyname.
• Thefirewalldoesnotofferextensivepolicyoptions,suchasWi-Fiorlocation-basedpolicy.
• Thesolutiondoesnotofferanyadvancedcapabilities,suchasport/devicecontrol,applicationcontrolcapability,encryptionorDLP.ThereisnosignificantsecuritystateassessmentbeyondEPPagentstatus(thatis,applicationvulnerabilityandconfigurationassessments)andnosignificantintegrationwithoperationstools.
• ThesolutiondoesnotofferLinux,UnixorLotusDominosupport.
BigFix-IBMWhenwelastevaluatedIBM’soffering,ithadtwoseparateofferings—ProventiaDesktopwithBitDefenderanti-malwareandProventiaEndpointSecureControloffering,whichwasacombinedofferingwithBigFix,ProventiaforHIPSandfirewall,andTrendMicroforanti-malware.In2010,IBMimplementedseveralchangestobetteralignitsoverallsecurityandendpointproductbusinesses.OwnershipofIBMInternetSecuritySystems(ISS)ProventiatechnologymovedfromtheIBMGlobalServicesdivisiontotheIBMTivolisoftwaredivision,andIBMwillnowgotomarketwithacross-IBMsecuritybrand—IBMSecuritySolutions.
TheTivolidivisionacquiredBigFixtobolsteritsPCLMcapabilityandserveasaplatformforitsEPPoffering.TherelationshipwithBitDefenderhasbeenphasedout.Anew,morerationalized,combinedofferingwillbebasedonBigFix,withTrendMicroforantivirussignatures,andProventiaforHIPSandfirewall.Whilepotentiallypositiveinthelongrun,theseextensivechangesreflectnegativelyonIBM’sAbilitytoExecutescoreinthisanalysis.LargeorganizationsthathaveacloserelationshipwithBigFix-IBMorTrendMicroshouldincludeIBMontheirshortlists,oncethisofferingbecomesavailableandtheorganizationsettles.
10Strengths
• IBM’sacquisitionofBigFixintoitsTivoliorganizationwillprovideastronganti-malware(fromTrendMicroandsupportedbytheIBMX-Forceresearchteam)andPCLMcombinedoffering,withaunifiedconsoleandasingleagentforsystemlifecyclemanagement,endpointprotection,andsecurityconfigurationandvulnerabilitymanagement.
• AfuturereleasewillofferthechoiceoftheTrendMicrobasicfirewallorthemoreadvancedISSProventiafirewall.
• ProventiaServerandServerSensorareexpectedtocontinueprovidingdeeppacketinspectionandHIPScapabilities,sharingthesameundertheProtocolAnalysisModuleofISSnetwork-basedappliances,andbackedbythereputationandcapabilitiesofX-Forcelabs.
• TheISSSiteProtectormanagementconsoleusedtomanageProventiaServercanbeusedtomanagemultipleISSproductsandconsolidatehigh-levelsecurityinformation.
• TheIBMGlobalServicesgroupoffersmanagedsecurityservicesandprovidesmaturemanagedsecurityservicescentralizedaroundtheISSProventiaplatform.
• ProventiaserverboastsverybroadserversupportwithWindows,Linux,HP-UX,SolarisandAIX,including64-bitsupportforWindowsandLinux,newAIX6.1support,andplannedHP-UXItaniumsupport.
• Formobilelaptopusers,theBigFixRelayprovidesreal-timevisibilityandcontrolforendpoints,regardlessofnetworklocation,andallowsforupdatingmalwaredefinitions,enginesandEPP.
Cautions
• IBM’scurrentplansarepromising,butthecompanyhasnotexecutedwellintheEPPmarketinthepast.Itremainstobeseenifthecurrentlevelofcommitmentissustainable,andifIBMisagileenoughtocompeteinthismarket.
• IBMhasindicateditsintenttodeliverasinglesolutionwithProventiaDesktopandTrendMicrobuiltonBigFixforclientsin2011.However,similarintegrationofthosetechnologiesontheserversidemaynotoccuruntilafter2011.
• ProventiaDesktopasastand-aloneofferingwilllikelybephasedout,althoughIBMhasindicatedthatexistingcustomerswillbeentitledtoanupdatedsolution.
• ProventiaServerisexpectedtocontinueasaseparateofferingcontrolledwiththeSiteProtectormanagementconsole.However,TrendMicroantivirussignaturestoserverplatformswillbedeliveredviatheBigFixplatform.
• Version8.0ofBigFixintroducedanoverhauleduserinterfacewithdomain-specificviewstoenablefunctionaladministratorstoeasilyfocusontheirspecifictasks,butBigFix’sconsoleismorecomplexthanothersinthismarketandmoreorientedtotheoperationsdomain.
• Securitystateassessmentsarestilldisjointed,lackprioritizationandaremissingfromthedashboard.
• NosupportbeyondWindowsandMacintoshclientsisoffered,andthereisevennoISSfirewallplannedforMacs.Also,nosupportisofferedforMicrosoftExchange,LotusNotes,SharePointandotherspecializedservers,orformobiledevices.
• IBMhasnoencryptionsolutionofitsown,anditspreviouspartner,PGP,wasacquiredbyitscompetitorSymantec.IBMhasnoDLPsolutionofitsownandreliesonarelationshipwithVerdasystoprovidethiscapabilityonendpoints(andFidelisSecuritySystemsfornetwork-basedDLP).
• AlthoughIBMhasitsX-Forcesecurityanalysisteam,ithasnosignature-basedanti-malwarecapabilitiesofitsownandisdependentonTrendMicro.Disruptionsinthesecriticalpartnerscouldhaveanimpactoncustomers.
• IBMprovideslimiteddevicecontrolcapabilities,andtheapplicationcontrolcapabilitiesofProventiaareexpectedtobephasedout.
Kaspersky LabKasperskycontinuestoincreaseitsbrandawarenessforitsanti-malwarelabsandenterpriseofferingsoutsideofitslargeEasternEuropeaninstalledbase.Sinceourlastanalysis,Kasperskyhaslaunchedanewanti-malwareenginewithincreasedscanningspeed,lowersystemresourcesimpactandaredesignedadministrativeconsole.Kasperskyremainsfocusedalmostexclusivelyonmalwareprotection,affectingitsCompletenessofVisionscore,whichreflectstheincreasingweightinouranalysisonadatasecuritystrategyand/oraPCLMintegrationstorythatGartnerclientsarerequesting.OrganizationsthatprefertofocusoncoremalwaredefensesonlyshouldevaluateKaspersky.Moreover,Kasperskyshouldbeconsideredastronganti-malwareenginewhenofferedinothervendors’e-mailandWebgateways.
Strengths
• Themalwareresearchteamhasawell-earnedreputationforrapidandcomprehensivemalwaredetection,aswellassmall,frequentsignatureupdates.
• TheredesignedKasperskyconsoleiscomprehensiveandoffersverygranularcontrolofitsagent,improvingmanageabilityforlargeenterprises.ItalsooffersimprovedsupportforActiveDirectory,asecuritystatusdashboard,improvedreportingcapabilitiesandnativeclientdistributioncapabilities.
11• Kasperskyhistoricallyhasasmalldiskandmemoryfootprintfor
acomprehensivesuiteplatformandhasfurtherimprovedthisinitslatestrelease.
• KasperskyoffersadvancedHIPSfeatures,includinganisolatedvirtualenvironmentforbehaviordetection,applicationandWindowsregistryintegritycontrol,andintegratedmaliciousURLfiltering.
• ThecompanyhasastrongOEMbusinesswithEPP,e-mailandsecureWebgatewayvendors.
• Foron-demandmalwarescanning,KasperskyofferstheAnti-VirusSecondOpinionSolution,whichcanbeusedalongwithcompetitiveEPPclients.
• Kasperskyoffersbroadendpointplatformsupport,includingWindowsServer2008,Citrix,Linux,NovellNetWare,MicrosoftExchange,LotusNotes/Domino,WindowsMobile,BlackBerryandSymbian,aswellasMicrosoftForefrontThreatManagementGatewayandEMCCelerra.
Cautions
• TheredesignedWin32console,whilecomprehensive,maybeviewedasoverlycomplexforSMBusage,ascomparedwithcompetitors’offerings.Inaddition,itsurfacesonlymalware-relatedeventsandnotothertypesofsecuritystateinformationbeyonditsownEPPagent,suchasapplicationvulnerabilityandconfigurationassessments.ItdoesnothaveanysignificantintegrationwithPCLMorotheroperationaltools.
• Thedashboardisnothighlycustomizablebytheuser,norisabrowser-basedconsoleavailable.
• Thepolicymanagementparadigmisflatandlackstheobject-orientedinheritanceofcompetitiveofferings,increasingtheamountofworknecessarytofullyprogrampolicies.
• Withitsanti-malwarefocus,Kasperskydoesn’tyetofferanyendpointencryptioncapabilityorDLP.
• ThefirewalloffersnoWi-Fi-specificprotectionorpolicysupport,andithaslimitedVPNpolicyoptions.Kaspersky’slocation-basedpolicyislimitedtothreemanuallyselectedzones.
• Basicdevicecontrolcapabilityiscoarseandislimitedtodevicegroups.Itcanonlyblockorallowcertainportswithoutprovidingforexceptions.
• Itoffersonlylimitedapplicationcontrolcapabilitiesthatarenotflexibleenoughforalargeenterprise.
• NativeNACcapabilityismissing.
• ThereisnoSharePointsupport,noranofferinguniquelytargetedtoaddresshostedvirtualdesktops.
LANDeskLANDesk,establishedleaderinthePCLMmarket,wasrecentlyacquiredbyventureinvestmentcompanyThomaBravo.ThedeparturefromAvocentwillreinvigoratethecompany’scommitmenttomanagingandprotectingdiverseendpoints,includingvirtualandnon-Windowsclientdevices.LANDeskcontinuestobenefitfromourincreasedweightonmore-holisticsecuritystateassessmentandwhitelisting,whichiscounteredbyacontinuedlackofasecuritymanagementorientationintheproductset.Thecompany’smovementinitsAbilitytoExecutewasweighteddownbyarestrictivepricingpolicythatappealsonlytoexistingPCLMcustomersandalackofmarketormindsharegrowth.LANDeskisanexcellentchoiceforexistingPCLMcustomersorthoseseekingintegratedsolutionsforsecurityandoperations.
Strengths
• LANDeskhasbeenapioneerintheintegrationofoperationsandsecurity,targetingorganizationsthatwanttoleverageendpointmanagementinfrastructuresandextendthistomanagingdesktopsecuritycapabilities.
• TheLANDeskconsoleiscomprehensiveandincludesallsecuritymanagementcapabilitieswithinthesameconsole,alertingandanewreportingframework.Likewise,theLANDeskagenthasasingle,modulararchitecturesothatsecurityfunctionality(likeanti-malware)maybeactivatedasneeded.Policyisveryobject-oriented,andreuseiscommon.Weparticularlyliketheconceptofpilotgroupsthatgetadvancedcopiesofchanges,withasetdelayforsubsequentrollingupdates,andtheeasewithwhichitcanfind,assessandupdateanyaspectofaPC,evenwhenit’soffLAN.
• LANDeskrecentlyintroducedmobiledevicemanagementandsecurityintoitsintegratedsuitetoenablemanagementofsecurityfunctionsofnewplatforms,suchasiPadsandmobiledeviceplatforms.
• ThebaseLANDeskSecuritySuiteincludesananti-spywaresignatureengine(Lavasoft),personalfirewall,HIPS,devicecontrolandfile/folderencryption,vulnerabilityandconfigurationmanagement,patchmanagement,andlimitedNACcapabilities.CustomersmayuseLANDesktomanageMcAfee,Symantec,Sophos,CAandTrendMicro,ortheymaychoosetopayextraforLANDeskAntivirus,whichisbuiltaroundtheKasperskymalwarescanengine.
• LANDeskHIPSandfirewalltechnologycapabilitiesincludelocation-awarepolicies,bufferoverflowprotection,applicationwhitelistingandblacklisting,andmore-granularcontrolofapplicationsoncethey’reexecuting.Whitelistadministrationiseasedbyalearningmodeforthedevelopmentofpolicies.
• LANDeskConfigurationManagerprovidesextensiveportanddevicecontrol,includingencryptioncapabilitiesforremovablemedia.
12• LANDeskprovidesNAC(LANDeskTrustedAccess),which
leveragesfourdifferenttechnologiesbasedon802.1X,DynamicHostConfigurationProtocol(DHCP)andIPsecurity,whichisincludedinthebaseSecuritySuite.LANDeskalsohasitsownDHCPservercapabilitytoenforcequarantinesonnoncompliantmachines.
• Formobileusers,theLANDeskManagementGatewayprovidesreal-timevisibilityandcontrolforendpoints,regardlessofnetworklocation,improvingvisibilityandcontrolovermobiledevices.
• LANDeskoffersendpointprotectionforWindowsendpoints,andanti-malwareforMicrosoftExchange.
Cautions
• LANDesk’slistpricingisexpensive,becauseitchargesforthebasicmanagementcapabilityasaprerequisitetotheSecuritySuite.Thismakesitalmostimpossibleforsecuritypractitionerstoacquirethistechnologywithoutoperationsgroups’approvalandbudgetforthebasePCLMpatchcomponents.
• LANDeskdoesn’tperformitsownmalwareresearch,althoughitdoeshave30engineersvalidatingcontentfromitspartners.Still,thesolutionreliesonLANDesk’sOEMpartnerstoreviewsuspiciouscodesamplesandpreparecustomsignaturesfortargetedmalwaresamples.Althoughsignaturesarebecomingareplaceablecommodity,businessdisruptionstoimportantpartnerscouldhaveanimpactoncustomers.However,thisisoffsetbyLANDesk’sabilitytoreadilymanageothersolutions.Encryptioncapabilitiesarealsoprovidedbypartners.
• NotallLANDeskSecuritySuitefeaturesareavailableonallmanagedplatforms.LANDeskHIPSandtheLANDeskAntivirusadd-onsupportonlytheWindowsplatformandaren’tsupportedforLinux.There’snomalwaresupportforMicrosoftSharePoint,LotusNotesorWindowsMobileclients.MacintoshplatformsbenefitfromPCLMtools,butantivirusissuppliedbyaKaspersky-brandedsolution.Somemobiledevices(iPhoneandiPad)canberemotelyrestoredtofactorydefaults,butLANDeskcan’tenforcenativesecurityfunctions.
• LANDeskshouldexpanditsapplicationcontrolcapabilitiestoclosethegapwithdedicatedapplicationcontrolsolutions.
• Inadditiontoitsownoffering,LANDeskshouldintegratewithMicrosoftNAP.
• LANDeskdoesn’tofferDLPorfull-driveencryption.
• CustomerfeedbackindicatesthattheLANDeskconsoleisdesignedfromanoperationalperspective,andthatdedicatedsecurityprofessionalsmayhavedifficultygettingthesecurity-specificviewsandreportstheywant.Forexample,securitystateassessmentisstilldisjointed,unprioritizedandmissingfromthe
primarydashboard.Itisalsonotverytask-oriented,andthelearningcurveforsecurityoperationsadministratorswhoareusedtoworkingwithcompetitivesolutionswillbesteep.
Lumension SecurityLumensionisanewentrantinthisyear’sanalysis,afteritaddedalicensedanti-malwareengine(Norman)toitsPCLMsuite.TheLumensionEndpointManagementandSecuritySuiteincludesanti-malware,applicationcontrol,patchandremediation,powermanagement(withwakeonLAN),scan,andsecurityconfigurationmanagementmodules.LumensionalsooffersanITgovernance,riskandcompliancemanagement(GRCM)capability.ExistingLumensioncustomersorthoseseekingintegratedsolutionsforsecurity,operationsandcomplianceshouldaddLumensiontotheirshortlist.
Strengths
• TheWeb-basedmanagementinterfaceincludesallPCLMproducts,withsimilartask-basedorientationandconsistentnavigation.Dashboardscanbechangedforanumberofwidgets,allowingadministratorstohavetheirownsomewhatcustomizabledashboards.Thestep-throughpolicyworkflowissimilarforPCLMandanti-malwarepolicy.Thesolutionoffersasingleunifiedclientagentforantivirus,applicationcontrol,patchandremediationforabroadrangeofclientplatforms.Lumensionrecentlyaddednewencryptioncapabilitiesandpowermanagement.Themanagementinterfaceprovidesrichrole-basedrestrictions,includingtheabilitytorestrictlogvisibilitytomanagedgroupsonly.
• LumensionApplicationControlmoduleprovidesgoodsoftwarerestrictioncapabilitiesforthisclassofsolutions,withflexibletrustedsourcesofchangeandapplicationinventorydiscovery.Italsooffersaquicklockdowncapability,whichinstantlyauthorizesallinstalledapplications,butblocksallnewapplicationsunlesstheyarefrompredefinedtrustedsources.
• LumensionDeviceControlprovidesasimple-to-useportanddevicecontrolcapability,whichcanlimitthetypesofremovabledevicesandmediathatmaybeused,thetypeoffilesthatusersareallowedtoread/write,andspecificdevicetypes.Itcancapturefilesthatarewrittentoorreadfromthosedevicesandmedia,canlimitthevolumeofdatauploadedanddownloaded,andcanforceencryptionusinganativeencryptionmodule.
• Malwarepreventionincludessandboxcapabilitythatinterceptsandpreventschangestohostfiles,registrysettingsandsoonthataretypicallymadebymalware.
• AseparateRiskManagerGRCtoolprovidessecuritystateinformationgatheredfromLumension,andthird-partytoolsillustratecompliancewithcorporateorregulatorystandardsovertime.
13Cautions
• Whilethereisstillmarketopportunity,Lumensionhaslimitedresourcestoassemblesuchanextensivesuite.ItneedstoaccelerateexecutionandraiseitsprofilequicklytogainmarketandmindsharebeforetheLeadersexecuteontheirPCLMintegrationstrategiesandeliminateLumension’sdifferentiation.
• LumensionstillfeelslikeacollectionoftechnologiesratherthanacohesiveEPPsuite.TheDeviceControlagentisnotintheLumensionEndpointManagementandSecuritySuiteagent.GRCMisinadifferentinterface.Lumensionisreliantonitsanti-malwarepartnerNormantoreviewsuspiciouscodesamplesandpreparecustomsignaturesfortargetedmalwarersamples.Thereisnopersonalfirewallcomponent;LumensionreliesontheWindowsfirewall.Full-diskencryptionisprovidedviapartners(PGPandSymantec).Businessdisruptionstothisimportantpartnercouldhaveanimpactoncustomers.
• ThecompanydoesnotofferDLP.
• Themanagementinterfacecouldbeimprovedwithcontinuousdiscoveryscanningtodiscovernewrogueclientsonthenetwork,user-defineddashboardwidgets,improvedadhocandhyperlinkeddrill-downreporting,andmoreactionableandprioritizedvulnerabilityandcomplianceinformation,aswellasimprovedworkflowbetweenproblemdiscoveryandresolution.
• TheApplicationControlfunctiondoesnotincludealibraryofknowngoodapplications.
• EndpointprotectiondoesnotextendbeyondWindowsendpointsandservers.ItdoesnotprovideprotectionforMacintoshesorspecializedservers,suchasMicrosoftExchange,andsignaturesareupdatedonlyamaximumoftwicedaily.
McAfeeMcAfeeoffersapowerful,mature,completeandattractivesuiteoffeaturesinitsTotalProtectionforEndpoint—EnterpriseEditionSuite.Itholdsthesecond-largestmarketshareintheendpointprotectionmarket.Thecompanyhasabroadportfolioofproducts,includingnetworksecuritycomponents,dataprotection,riskandcompliance,significantmarketingresources,asolidoperationscapability,andastrongmalwareresearchandmanagementteam.In2010,itswell-executedearlyinvestmentinSafeBootfirmlyestablishedMcAfeeasaleaderinmobiledataprotection(encryption).ItalsoacquiredTrustDigitaltoextenditsmobiledevicemanagementandencryptioncapabilitiesintothemainstreamofsmartphones.ThependingacquisitionofMcAfeebyIntelbringsfinancialresourcesaswellasfuturetightintegrationwithIntelplatforms,butitalsoincreasesexecutionrisk.McAfeecontinuestobeaLeader,basedprimarilyonlong-termleadershipincross-productmanagementfunctionality,anditshouldbeconsideredastrongvendorthat’ssuitableforanyenterprise.
Strengths
• McAfee’sePolicyOrchestratorremainsoneofthebettermanagementcapabilitiesinthismarket.Architecturalbenefitsincludeamultitierarchitecture(agenthandlers),workflowimprovements(filteringbytags),supportforuser-basedpolicydevelopment(virtualgroups),improveduserinterfacedesign(draganddrop,searchfunctions,customizableshortcuts,andsoon),andIPv6support.Itincludestrouble-ticketingsystemintegration,suchasintegrationwithHPPCHelpdeskandBMCRemedy.MicrosoftintegrationimprovementshavebeenmadetoActiveDirectoryandSystemCenterConfigurationManager(SCCM),especiallyforassetreconciliation,softwaredeploymentandrootcauseeventvisibility.
• McAfee’sintegrationofmobiledataprotection(MDP)solutionswaswellexecutedintermsoftimetomaturity,bundlingoptionsandpricing.
• McAfee’sePolicyOrchestratorpoliciesarecustomizableforeachuser,andallreportingrequirementscanbeviewedandeditedinasingleinterface.UserscanselectfromqueriesandcustomelementslikeMcAfeefeeds.Datathatisshowninadashboardisspecifictotheadministratorrightsorsubgroupmanaged.
• TechnologyacquiredfromSolidcoreprovidesasolidapplicationcontrolmechanism,withsometrustedsourcesofchange.
• McAfeeGlobalThreatIntelligence(formerlyreferredtoasArtemis),acloud-basedsignaturelook-upsystem,providesareal-timelook-upforthelatestsignatureinformation,usinglightweightqueries(usingtheDNSprotocol)toaMcAfeedatacenter.
• McAfeeSiteAdvisor,alongwiththeMcAfeehostWebfilteringadd-onmodule,providesdecoratedsearchresultstoeducateendusersaboutriskysites.Italsoprovideshost-basedURLandcontentfilteringthatfeaturesintegratedgateway-awarecapabilitytoenforcetheappropriatepolicy,whethertheuserisonthecorporatenetwork,behindtheWebgatewayoroutsidethenetwork.EndpointprotectionisavailablewithaSaaS-basedmanagementconsole.
• Anewproduct,McAfeeManagementforOptimizedVirtualEnvironments(MOVE)isoneofthefewsolutionstocentrallymanageanti-malwaresecuritycontrolsforvirtualenvironments.
• ThecombinationofMcAfeeRiskAdvisor,VulnerabilityManager,remediationmodule,andintegrationwithMicrosoftSystemCenterandMcAfeeSecurityInnovationAlliancepartnersprovidesimprovedcapabilitiesforsecuritystatereporting.
• McAfeeoffersaverybroadrangeofsupportedplatforms,includingEMCandNetAppfileserversandMacintoshes.
• McAfeehasaverystrongendpointDLPsolutionthatcanintegratewithitsmorecomprehensiveenterpriseDLPsolution.
14Cautions
• WhileIntelcanhelpMcAfeeimproveinthecoreenterpriseandconsumerEPPmarketsinthenearterm(thatis,12to24months),longer-terminvestmentsinIntelprioritiesmaydistractMcAfeefromcustomerpriorities,especiallyinthenetworksecuritymarket.McAfeecustomersshouldevaluatetheprogressoftheacquisitionbymonitoringMcAfee’sachievementsinitscoremarketsveryclosely.
• McAfeeRiskAdvisorcouldbebetteratprioritizingalertsandresultingactivitiestoreducetheattacksurfaceofPCs.McAfeehasminimalcurrentintegrationwithPCLMtools,anditspartnershipapproachwillnotresultintightintegration.McAfeeePOisaleadingsolutionformanagement,butitsarchitectureisbeingtestedbythedemandsofbothnetworkandendpointsecurityrequirements.IntegrationofsolutionsintoePOisatvariouslevels.ePOisnotasrobustandreliableasmostPCLMtools,andcriticalreportsshouldbevalidatedperiodicallybyalternativetools.
• Clientshaveexpresseddissatisfactionwithserviceandsupportoverall.In2010,McAfeeexperiencedasignificantfalse-positivesignature,whichcausedsignificantglobalinterruptions.Whilethecompanyrespondedappropriately,andithassinceimproveditsqualitycontrolconsiderably,itwasdisappointingthatitwasinastatethatenabledsuchaneasilyavoidableevent.
• DevicecontrolandDLParenotintegratedintheMcAfeefirewall,norwithEPPpolicies,whichmayrequirecompaniestocreateduplicatepoliciesfordifferentsubsystems.
• Solidcoredoesnothaveflexibletrustedsourcesofchange;itdoesn’tallowenduserstoself-authorize,requestsoftwareoruseawhitelistcatalog.DespiteintegrationwithePO,itisaseparateproduct,withadistinctlookandfeelandseparatepolicydevelopment.
• Thefirewall’sdefenseagainstdualhoming(thatis,twoactivenetworkconnections)needstobeimproved.Today,theprotocolstacksarenotfullyprotected.
• TheMcAfeeclientagentisnotasefficientaspeers,accordingtoindustrytestresults(thatis,PassMarkSoftwareandAV-Comparatives),andclientscomplainaboutagentfootprintandscanperformance.
• McAfeecontinuestolagotherleadersandothervendorsonanti-malwaretestresults(thatis,AV-Comparatives,NSSLabsandAV-Test).
• McAfee’sHIPSsolutionisnotgainingwideacceptanceduetoadministrativeoverhead.Itisstilldifficulttogranularlydisablerules(thatis,perapplication)toaddressfalsepositivesandcanbenoisypartlyduetouncorrelatedalarms.
MicrosoftVerylittlehaschangedinForefrontClientSecurity(FCS)sinceitwasoriginallyintroducedin2007.In2H09,basedonfeedbackaboutperformanceandreliabilityduringthebetatestingofitsBeta1release,MicrosoftmadethedecisiontohaltthebetaandperformanarchitecturaloverhaultoshiftForefronttotheSCCMarchitecturefromtheembeddedversionoftheMicrosoftOperationsManagerconsole.ThisshiftdelayedthereleaseofForefrontEndpointProtection(FEP)toyear-end2010,soMicrosofthasonceagainmoveddowninexecution,becauseFEPhasremainedfrozenintime,whiletherestoftheEPPmarkethasmovedon.Onthepositiveside,Microsoftisaddingheuristics-basedmalwaredetectionandHIPScapabilitiesandtheabilitytomanagetheWindowsfirewallintheFEPrelease(dueatthetimeofthiswriting).
Forefronthasgainedonlysingle-digitmarketpenetration,anditisprimarilyadoptedamongbudget-constrainedorganizationsthatsubscribetoMicrosoft’sEnterpriseClientAccessLicense(ECAL)program.ForefrontProtection2010forExchangeServerandForefrontProtection2010forSharePoint(underthesamebrandnamebutnowinadifferentbusinessunit—MicrosoftBusinessSystemsDivision)remainexcellentchoicesduetoMicrosoft’ssignatureenginediversityandcompatibilitywiththeseplatforms.Despitedifficultieswiththemanagementandconsoleframeworkarounditsengine,theengineitselfperformswell,andMicrosoft’slabsaresteadilyimprovinginindependenttests,becauseofthewidevisibilityintomalwarefromFCS,MicrosoftSecurityEssentials,WindowsDefenderandtheMicrosoftMaliciousSoftwareRemovalTool,aswellasmalwaresubmittedbyitsopt-inSpyNetcommunity.
Strengths
• Inthecurrentversion,signaturesandengineupdatesaredistributedusingMicrosoftSoftwareUpdateServices,leveraginginfrastructureandknowledgethatmanyenterprisesarealreadyusing.Intheyear-end2010FEPrelease,thisshiftstoSCCM,whichmostorganizationsarealsousing.Fortheseorganizations,deploymentofthenewreleaseofFEPwillrequireonlythepurchaseanddeploymentoftheagent.NoadditionalmanagementserversorconsolesshouldberequiredforSCCMorganizations.
• OrganizationsthatarelicensedunderMicrosoft’sVolumeLicensingprogramsreceiveFCSatadiscount.OrganizationsthatarelicensedunderMicrosoft’sECALprogramreceiveFCSatnoperceivedadditionalcost,leadingmanyorganizationstoconsiderMicrosoft’sFCSasa“goodenough”waytoreducecosts.
• FCSispartofabroaderForefront-brandedfamilythatincludesproductsaddressingendpointsecurity,serverplatforms(suchasExchangeandSharePoint)andthenetworkedge(forexample,UnifiedAccessGatewayandThreatManagementGateway).Planstointegratethesemanagementconsoleswerescrapped,andtheForefrontProtection2010forExchangeandForefrontProtection2010forSharePointofferingsweremovedbackintotheplatformteamstheyprotect.
15• Microsoft’santi-malwareenginecreatesgenericsignaturesthat
canbeappliedtomalwarefamilies.ItalsocreatesP-code-basedsignaturesthatenabletheenginetotargetspecificbehaviors,orspecificeventsequencesforknownmalware,regardlessoffilevariations.DynamictranslationcapabilitiesenabletheFEPanti-malwareenginetogenericallydecryptmalwarethathastriedtoscrambletheengine’scontents.TestresultssuchasAV-Comparativesshowlowfalsepositives.Theyear-end2010releasewillprovideadditionalheuristicsandprotocolmalformationprotectioncapabilities.
• RatherthanduplicatefunctionalityprovidedintheWindowsOSandotherplatforms,FCSfocusesontheanti-malwareengineand,intheyear-end2010release,willmanagetheMicrosoftfirewall.
• ForefrontProtection2010forExchangeServerandForefrontProtection2010forSharePointbenefitfromtightintegrationwiththeseplatformsandwithmultiplescanengines.
• FCSdoesn’tincludeaNAC/NAPproduct(thisishandledbytheWindowsOS).However,FCSdoesincludeasecuritystateassessmentenginethatcanreportontheclient’scurrentsecuritystatus,vulnerabilitiesandrelativerisklevels,includingFEPandnon-FCSsettings(liketheWindowsfirewall).
Cautions
• Microsoft’sFEPisinthemiddleofanarchitecturaloverhaul.DeploymentofthecurrentversionisnotrecommendeduntilthenewversionbasedonSCCMisavailableandfield-tested(bythesecondquarterof2011).
• IfanorganizationisnotusingSCCM,theyear-end2010releasewillrequireorganizationstoinstallSCCMtosupportthecentralizeddeploymentandmanagementofthenext-generationFEPagent.ItisnotagoodfitfororganizationsusingAltiris,LANDeskorotherPCLMframeworks.
• Microsoft’sFCSaddressesendpointsecurityneedsonlyforWindowsclientandserverOSplatforms.Non-Windowsplatformsaren’taddressed,norisWindowsMobile.MicrosofthasannounceditsintenttoprovideMacintoshorLinuxsupport,butnopartnershavebeenannounced.
• MicrosoftfirstreleasedFCSin2007,andtherehavebeenonlyminorupdatessincethen.Thenextmajorreleaseistargetedatyear-end2010.FCS’sglaciallyslowreleasesaren’tcompetitivewiththoseprovidedbydedicatedsecurityvendors.
• FCSdoesn’tmanageotherbuilt-inMicrosoftclientsecuritycapabilities,suchastheOSfirewall,UserAccountControloptions,BitLockerencryptionorAppLockerpolicies.Theyear-end2010releasewillmanageonlytheWindowsfirewall.
• ThecurrentversionofFCSlacksHIPScapabilities;theseareplannedfordeliveryintheyear-end2010release.
• Thecurrentagentisrelativelyheavyonmemoryusage,comparedwithpeers.
• FCSincludesasystemhealthagent(SHA)thatintegrateswithMicrosoft’sNAPframework.However,theFCSagentdoesn’tprovideself-enforcement,andaccesscontrolenforcementrequiresothercomponentsoftheNAPframework.
• TheWindowsfirewallprovidesonlybasicfirewallservices(forexample,inboundonlyonWindowsXP),andthelocation-sensingpolicywasaddedinWindows7.ThefirewallisownedandmanagedbytheWindowsOSteam.
• Removable-devicecontrolcomesfromMicrosoft’sWindowsOSgroupandisavailableonlywithWindowsVistaandWindows7(whichprovidesadministratorswiththeabilitytocentrallyrestrictdevicesfrombeinginstalled).Administratorscancreatepolicysettingstocontrolaccesstodevices,suchasUSBdrives,CD-RWdrives,DVD-RWdrivesandotherremovablemedia.Thesecapabilitiesaren’tmanagedbytheFCS,noraretheyplannedfortheyear-end2010release.
• Scalabilitybeyond10,000nodeswiththecurrentarchitecturerequirestheuseofFCSEnterpriseManager—atoolthatenablescustomerswithmorethan10,000seatstoprovidecentralizedmanagementandreportingacrossmultipleloggingandreportingserversand,potentially,multipledistributedFCSdeploymentsinalargeenterprise.
• LargeenterprisesarewaryofMicrosoftasanOSplatformvendorsellingEPPthreatprotection,becauseofthepotentialforaconflictofinterest.
• MicrosoftiscontinuouslychallengedtochoosebetweenembeddingsecurityintoWindows,whichbenefitsallcustomers,orprovidingcompetitivesecurityproducts.OwnershipofsecuritytechnologiesissplitbetweenthevariousMicrosoftbusinessunits—forexample,theWindowsdivisionownsthefirewallandthemajorityofHIPStechniques;theSCCMteamownsForefrontClientSecurity;andtheBusinessSystemsDivisionownstheExchangeandSharePointofferings.Thesegroupsaremanagedseparatelyandhaveindependentgoalsandrevenuetargets.
Panda SecurityPandaSecurityisslowlyexpandingfromitsEMEApresence,radiatingoutwardfromitsSpanishheadquarters.However,Panda’sdesiretoexpanditsinstalledbaseinNorthAmericahasnotmaterialized,andithaslostmindshare.WehavereflectedthisinitsAbilitytoExecutescore,loweringitintotheNichePlayersquadrant.Panda’soverallCompletenessofVisionscoreremainsimpactedbytheincreasingweightinouranalysisonadatasecuritystrategyand/orPCLMintegrationstory,butithasshowninnovationinitsCloudOfficeProtectionsolution.SMBsseekingacomprehensive,more-customer-intimatealternativeshouldconsiderPandaasagoodshortlistentryinthegeographiesitsupports.
16Strengths
• TheWindows-basedmanagementinterfaceprovidesverygranularrole-basedmanagementandgroup-levelconfigurations.ThedashboardprovidesaquickviewtoseePCsthatdon’thaveagentsinstalledandtopushnewagentsvia.msifiles.Thesolutionprovidesaneasy-to-usereportschedulerthatdeliversreportsinaPDFformat.
• Pandamalwaredetectionincludesintegratedanti-malwareandanti-spyware,aswellasseveralproactiveHIPSdetectiontechniques.
• PandaoffersverygoodrootkitinspectionthatbypassesapotentiallyrootkittedOStoreadrawdatadirectlyfromtheharddrivetolookforhiddenprocesses.
• Theproductalsoenablestheblockingofknown-maliciousURLs.
• Panda’sHIPScapabilityincludespolicy-basedrules,vulnerabilityshieldingandbehavior-baseddetections,andadministratorshaveverygranularcontroltomodifypoliciesoraddexclusions.
• Theapplicationcontrolmodule,TruPreventTechnologies,usesapplicationprofilestoenforceruntimebehaviorandpermissionsforwell-knownapplications.AdministratorscanoptinoroptoutofTruPrevent,andtheycanmodifyrulesorcreatetheirownrulestooverridePanda’srules.
• PandaSecurityforDesktopsandPandaSecurityforFileServersuseaclouddatabaselook-uptodetectnewthreats.
• MalwareRadarisPanda’snetwork-crawlingmalwareandvulnerabilityaudittool.Itcanbeagoodutilityfordouble-checkingincumbentanti-malwareaccuracy.MalwareRadarusesadifferentscanningengine,withmore-advanceddetectiontechniquesactivated(whichtakeslongertoscanandpotentiallyproducesmorefalsepositives)thanthebasePandaproduct.
• Pandapricingisverycompetitive,andtherearenoupfrontlicensecosts,onlyanannualsubscription.
• PandaoffersaSaaS-basedmanagementsolutionforendpointprotection,whichisfullyhostedbyPanda,calledPandaCloudOfficeProtection.Referencesciteitasbeingextremelyvaluableformanagingremoteinstallations.
Cautions
• DespitePanda’sglobalizationplans,theinstalledbaseisstillmostlyEMEASMBs.PandalacksbrandrecognitioninNorthAmericaorAsia/Pacific,anditseffortstogrowitsNorthAmericaninstalledbasehavestalled.
• Theserver-basedmanagementconsole(notPandaCloudOfficeProtection)isstillaWindowsfatclient,ratherthanamore-flexible,browser-basedmanagementconsole.Italsolacksadvancedfeatures,suchasadaptabledashboards,consolidatedcompliancestatusindicators,hyperlinkdrill-downstologdataandcustomreporting.
• Pandadistributesonlyonesignatureupdateperdayforclientsnotusingthecloudlook-upmechanism.
• Panda’sHIPScapabilitiesarepowerful.However,inmanycases,theyareaheadofthemarketdemandforthesecapabilitiesand,inothercases,lackfeaturestomakeHIPSmoremanageable—forexample,Panda’sHIPSpolicydoesn’tprovideamonitor-onlymodetoenabletestingandtuningbeforedeployment.Moreover,TruPreventidentifiesfilesonlybynameandcanbethwartedbychangingfilenames.
• Pandastilllacksadvancedfirewallfeatures,suchaslocation-basedpolicies,wireless-specificfirewalloptionsandVPNintegrationoptions.
• There’sonlyoneoptiontominimizetheimpactofscheduledscanning(CPUloadlimitation),althoughenduserscandelayscanningifthey’reauthorized.
• Theend-userGUIisminimal,andend-usercontrolsarelimitedtoperformingon-demandscanning,aswellastochangingthesignatureupdatemechanismandproxysettings.
• CloudOfficeProtectionisnotfeature-richforlargeenterprises.
• TheagentmanagedbyCloudOfficeProtectionisasubsetofthefullPandaclient—forexample,itlacksHIPScapabilitiesandprovidesnoapplicationcontrolcapabilities.
• MalwareRadarusesaseparateconsoleforreportingitsinformation(forexample,criticalvulnerabilityinformationsurfacedbyMalwareRadarisn’tvisibleinthemainconsole).
• PandaisfocusedontraditionalWindowsandLinuxsupportanddoesn’tsupportanymobileclients.Pandaisofferingastand-aloneAntivirusforMacproduct,andacorporateversionisexpectedtobelaunchedbytheendof2010.Pandadoesn’tsupportMicrosoftSharePoint,nordoesitofferasolutionthataddressestheneedsofterminalservicesorhostedvirtualdesktopenvironments.
• Pandadoesn’tyetoffermanyadditionalEPPcomponents,suchasportanddevicecontrol,encryption,orDLP.
• PandaprovidesnosignificantstateassessmentsbeyondtheEPPagent(thatis,applicationvulnerabilityandconfigurationassessments)andoutsideofitsseparateMalwareRadartool.PandaalsoprovidesnosignificantintegrationwithPCLMandoperationaltools.
17SkyRecon SystemsInNovember2009,ArkoonNetworkSecurity,aEuropeanunifiedthreatmanagementvendor,announcedtheacquisitionofSkyRecon.AlthoughthisacquisitionwillprovideSkyReconwithgreatertechnicalresourcesandinvestmentcapabilities,linkingnetworksecurityandendpointsecurityhasnotbeenasuccessfulstrategyinthepast.SkyRecon’sAbilitytoExecutescoreishamperedbyitsrelativelysmallmarketshareandlimitedgeographicpresence,lackofanativemalwaredetectionengine,anditsstill-maturingmanagementcapabilities.SkyReconisareasonableshortlistvendorfororganizationsthatareinsupportedgeographiesseekingdataprotectionsolutionsandwillingtoinvestextraefforttobolstertheadministration.
Strengths
• Thecompany’sflagshipproduct,StormShieldSecuritySuite,isdesignedtoaddresssystemanddataprotectionviaanextensibleEPPcapabilitythatintegratesmultiplelayersofsecurity.TheseincludeHIPS;apersonalfirewall;DeviceControlSystem(DCS);encryption;andanoptional,signature-based,anti-malwareenginelicensedfromPandaSecurity,AviraorMicrosoft.
• Weparticularlylikethecompany’sprimaryfocusontechniquestoblockunknownthreats,usingacombinationofconfigurationpolicies,suchasapplicationcontrol,veryfine-graineddevicecontrolandaflexiblefirewallpolicy,aswellasproactiveHIPScapabilities,suchasfeaturesforblockingkeyloggersandtargetedattacks.SkyReconeffectivelyusespolicy-basedrestrictionstominimizetheattacksurfacewithobject-orientedpoliciesandconfigurationsthatareeasytosetup.Policy-basedapplicationcontrolisimprovedbya“challengeresponse”mechanism,whichallowsuserstoaddsoftwareiftheytypeinthejustificationfortheinstallationinapop-upwindow.
• Otherdefensesincluderootkitdetection,honeypots,privilegeescalationandrebootprotection.
• ThefirewallprovidesgoodWi-Fipolicyoptions,aswellasoptionstoforceVPNconnections.
• ThecompanyrecentlyaddedFlexibleDataEncryption(FDE)forfilesandfoldersonfixedharddrivesandremovabledevices.FDEisintegratedwiththeDCSservicetoprovidedeviceencryptionandtoauditdevicefileactivities.
• SkyReconhasasinglemanagementinterfaceandasinglelightweightagent(10MB)tosupportitsmultiplefunctions.
• Full-diskencryptionhasbeenaddedinthelatestversion.
• Theproductfeaturesgranulardevicecontrolpolicies,includingcontrollingaccesstoopticaldrivesandblockingprint-screenprintingforaspecificapplication.
• Increasedcomplianceauditingandreportingcapabilitieshavebeenadded.
Cautions
• Althoughitcontinuestogrowrapidly,SkyReconisstilloneofthesmallervendorsinthisanalysis.IthasalimitedenterpriseclientbaseandlackssignificantbrandrecognitionoutsideofFrance.ArkoonalsodoesnothaveasignificantbusinesspresenceoutsideofFrenchmarkets.
• Itsupportsonly32-bitWindowsclients(64-bitisdueinthefirstquarterof2011)andprovidesnoMac,Linux,Unix,mobileore-mailserversupport.
• ThecompanyhasaverysmallmalwareresearchteamandisdependentonPandaSecurity,AviraorMicrosoftforsignature-basedprotections.
• Themanagementinterfacewasverycomplete,butitlookslikeitrequiresasteeplearningcurve,anditlackscontext-sensitivehelp.HelpfiledocumentationisavailableonlyinaPDFformat.
• Adhocreportingisnotsupported.Reportscanbefilteredbutnotchanged,anditisnotpossibletodrilldownintodetails.Nodashboardfunctionispresent.
• ThereisnosignificantnativesecuritystateassessmentbeyondtheEPPagent,andnosignificantintegrationwithoperationstools.
• ItdoesnotyetofferanyDLPsolution.
SophosSophosisaveterananti-malwarecompanythatisdedicatedtotheenterprisemarket.More-ambitiousmanagementhasresultedinexcellentgrowthandgeographicexpansionfromitsEuropeanbasetotheNorthAmericanandglobalenterprisemarkets.Sophos’CompletenessofVisionscorecontinuestobenefitfromitsdataandportprotection.TheSophosEPPsuiteoffersagoodbalanceofintegratedmalware,personalfirewall,HIPSdefensesanddataprotectioncapabilitiesthataredeterministicandeasytodeployandmanage.OrganizationsthatpreferabroadEPPsuitewithsimplifiedmanagementcapabilitiesshouldconsiderSophos.
Strengths
• Sophoscontinuestohaveastrongreputationforsupportandservicefromcustomersanditschannel.
• Themanagementinterfacewasupgradedwithimprovedeaseofuseandbetterrole-basedadministrationandreportingsinceourlastanalysis.Thedashboardiscompletewithactionableinformationandoffersright-clickremediationoptionsviaintegrationwiththird-partypatchmanagementtools.Windows,Mac,LinuxandUnixclientsareallsupportedinthemanagementconsole.
18• Microsoftvulnerabilityandpatchassessmentinformationis
availablewithSophosNACAdvanced(availableatextracost),whichprovidesexcellentclientsecuritystatusinformation.
• Malwaredetectionimprovedin2010withtheintroductionofSophosLiveProtection,acloud-basedreal-timeprotectionupdatemechanismandimprovedclienttamperprotection.
• Sophosalsoprovidesintegratedclient-basedmaliciouswebsiteblockingandURLreputation,aswellasaJavaScriptemulationtoidentifyandblockpotentiallymaliciousWebcode.
• Sophosoffersfulldiskandfileencryption,encryptionkeymanagement,endpointDLP,andverygranulardevicecontrolinitssuite.
• Sophosprovidesbasicapplicationcontrolcapabilitiesthatenableadministratorstodefineandupdateawhitelistofauthorizedapplications,andenabletheblockingofpotentiallyunwantedapplications,suchasinstantmessagingproductsormediaplayers,bynameorcategory.
• SophosoffersalimitedNACenforcementcapabilityembeddedintheEPPagentandanadvancedNACsolutionatextracost.
Cautions
• Sophosiscontinuouslychallengedindifferentiatingitselffromthe“bigthree”playersintheLeadersquadrant.Lackofconsumerproductshasresultedinlowbrandrecognition.ThecompanymustcontinuetofocusonexpandingitsinternationalchanneltoovercomeitslimitedpresenceinAsia/Pacific,theMiddleEastandSouthAmerica.
• Althoughitdoeshaveagrowingnumberofverylargeenterprisecustomers,andthemanagementconsoleisdesignedforeaseofuse,itlacksthedepthfoundinthelarge-enterprisefeaturesofotherLeaders.Policydevelopmentiseasedwithpop-upwindows,checkboxesorprepopulatedmenulists,whichcanbelimitingformore-experiencedadministrators.
• TheapplicationcontrollistofcategorizedapplicationsislimitedtowhatSophosseesaspotentiallymalicious.Inaddition,thereisnowaytolockdowntoaspecificsetofapplications,noristhereanabilitytoallowtrustedsourcesofchange.
• ItoffersonlybinaryconfigurationoftwoHIPSrules—suspiciousbehaviorandbufferoverflows—althoughitcanexemptspecificapplicationsfromHIPSpolicies.
• SecuritystatedetectionisdoneviaSophosNACAdvancedandSophosComplianceManager,whichhaveadifferentlookandfeel,andstateinformationislimitedtoMicrosoftapplications.
• SophosEnterpriseConsoledoesnotyetmanageencryptiondeployment,policymanagementorreporting(whichisdueinthesecondhalfof2011),anditdoesnotoffercentralizedmanagementforitsgatewayandEPPsolutions.
• EndpointDLP(otherthanencryption)isweakerthanvendorsthatspecializeinthismarket.SophosisnotamajorvendorinthemorecomprehensiveenterpriseDLPmarket.
• Sophos’supportformobileclientsislimitedtoMicrosoft,anditdoesnotyetaddressthespecificneedsofvirtualizedclientsorservers.
SymantecSymanteccontinuestohavethelargestEPPmarketshare,butitsleadisgraduallyeroding.WiththeacquisitionsofGuardianEdgeandPGP,Symantecwillbeabletoofferamorecompletesuite,includingdataprotection.Symantecprovidesaverycomprehensiveandeffectivemalwareprotectionsolutionandisanexcellentandsafeshortlistcandidateforanylargeglobalenterprise,particularlythosethatappreciatePCLMandEPPintegration.
Strengths
• Symanteccontinuestoperformwellinnumeroustestsofmalwareeffectiveness(forexample,AV-Comparatives,AV-Test,NSSLabsandPassMark)comparedwithpeers.Theenterpriseversionwillbenefitfromfilereputationandprevalencetechnology,nowcalledUbiquity,initsenterprisesolutionin2010,whichshouldimprovedetectionrates.
• SymantecrecentlylaunchedtheSymantecProtectionCenter(SPC),whichprovidesacentralmanagementpointanddashboardviewerforanumberofSymantecprotectionproducts(WebGateway,CriticalSystemProtectionandEndpointProtection).SPCalsoprovidesconsolidateddashboardandreportingandauniqueprocessmanagertoautomaterepetitiveITprocesses.ReportsarecomposedviaMicrosoftReportBuilder,whichmakesiteasytotransparentlyaddreportsasnewdashboardelementswithMicrosoftmanagementtools.Thismakesiteasytocreateperformanceindicators,whichdisplayasgaugesandgraphs.Aworkflowprocessdesignerincludespredefinedtemplatesandtheabilitytocreatecustomtemplates.
• Manyhelpfulcommontasksareautomated,includingfindingunmanagedPCs,installingSymantecEndpointProtection(SEP),implementingendpointrecoveryandensuringconfigurationcompliance.
• Symantecprovidesgoodportanddevicecontrols,mobiledevicesynchronization,andthebestfirewallofanyrankedvendor.ASnortformatmaybeusedtocreateHIPSrulesforfirewallscapableofdeeppacketinspection.
19• Theclienthasalargediskfootprintbutisveryfastandlight
onmemoryusageinseveraltests(thatis,PassMarkandAV-Comparatives).Administratorscandelegatemostcontrolstotheend-userGUIverysimply.Theclientalsoboaststhemostpolicycontrolstolimittheperformanceimpactofthescheduledscan.
• Symantecalsooffersdatabackupandremote-accesstechnologyandimagingtechnologyintheSymantecProtectionSuiteEnterpriseEdition,butthesetechnologieshaven’tyetmadetheirwayintotheEPPmanagementconsole.
• Symantec’sacquisitionofAltiris,aleaderinthePCLMmarket,willbeasignificantassetasthePCLMintegrationtrendcontinues.SymantecwillbeabletoleveragePCLMfunctionalities,suchasassetdiscoveryandinventory,configurationmanagement,vulnerabilityassessment,andsoftwaremanagementanddistributioncapabilities.
• SymantechasalsomadesignificantinvestmentsinDLP,anditoffersaclientDLPagentasacomponentoftheVontuDLPsuite.
• Symanteccoversabroadrangeofendpoints,includingWindowsMobile,Symbian,Palm,LinuxandMac.
• Symanteccanmonitorotheranti-malwareengines(butitcan’tmanagethem).
Cautions
• SymantechasmadeanumberofvisionaryinvestmentsforitsEPPsolution;however,itiscontinuouslychallengedwithensuringfastintegrationofitsvariousacquisitions.SPCisagoodstartbutstilloperatesmorelikeaportalandlogconsolidationandreportingenginethanatrueintegrationofdisparateproducts.DespitesignificantimprovementsandproductmanagementfocussinceSymantecAntiVirus10,thecompanystillgetslowmarksonoverallcustomersatisfactionfromreferencecustomers.
• AltirisisasignificantassetforSymantecasthesetwodisciplinesintegrate,butitisnotablyabsentfromSPC,andSEPcannotexploitanyAltirisfunctions.However,presently,theSymantecProtectionSuiteEnterpriseEditionforEndpointsincludesAltirisInventory,andAltirisITAnalyticscanmergeSEPandAltirisdataintheSPCconsole.Moreworkisneededtodeliverdetailedstateassessments,beyondthebasicinformationreportedbytheSEPagentsothatreportsareprioritized,correlatedandactionable.Forexample,thereiscurrentlynorelationshipbetweenseverityindicatorsandthelistofactivepreventionmeasures.
• SymantechaslimitedcapabilityonsmartphonesandessentiallyisstartingoverwithaninvestmentinMocana,asitsdistributionarrangementwithTrustDigitalisterminated.
• Symantecdoesnotofferoptimizationordeploymentarchitecturesforvirtualmachines.However,existingSEPfeatures,suchasrandomizationandlightweightclients,makeitreasonablyefficientinthesedeployments.
• Listpricingisexpensive,onaverage,comparedwithotherEPPvendors,butnegotiatedpricingistypicallyonparwithitsclosestcompetitors.
• Symantec’sUbiquitysolutionwillneedtobemoreflexibleandimplementtheconceptoftrustedsourcestoworkeffectivelyintheenterprisemarket.Ideally,itshouldexploittheAltirisapplicationcatalogtoprovideanapplicationcontrolcapabilityratherthanasimplefilereputationscore.
• HIPSrulesintheanti-malwareenginedonotallowforrule-basedexceptions.
• PortControlcapabilityisspreadovermultipleproducts(SEP,EncryptionandDLP),whichmaycreateenforcementgapsandcomplicatemanagement.
• Symantec’sHIPSsolutionforservers,SymantecCriticalSystemProtection,isaseparateproductfromSEP11,withadifferentagentandmanagementconsole(althoughitcanbemanagedfromSPC).
Trend MicroTrendMicroisthethird-largestanti-malwarevendor,withasignificantmarketpresenceinAsia/PacificandEMEA,andoneofthelargerworldwidenetworksoflabsandmonitoringcapabilities.TrendMicroslippedslightlyagainthisyearinitsAbilitytoExecuteandCompletenessofVisionduetoitscontinuednarrowfocusonsignature-basedmalwarepreventionversusotherLeaders.TrendMicroshouldbeconsideredbyorganizationsseekingasolid,signature-basedanti-malwaresolution.
Strengths
• OfficeScanprovidesanti-malware,anti-spyware,andbasicfirewallandWebthreatprotectioninasingleproduct.Italsooffersanoptionaladvanceddeep-packet-inspection-basedHIPSfirewall(IntrusionDefenseFirewall)inasingleagentandmanagementinterface.ItalsoprovidesDLPforendpointcapabilitiesinaseparatemanagementconsoleandagent.
• TrendMicrorecentlyacquiredMobileArmortoprovidefulldisk,fileandfolderencryptionandwillbeginintegratingthissolutionintothenativemanagementconsole.
• TrendMicrowasthefirstvendortointroduceacloud-basedsignaturecapabilitycalledtheSmartProtectionNetwork.Thisnetworkofcloud-baseddatacentersallowsclientstoperformareal-timequeryofglobalsignatureandWebreputationdatabasestogettheverylatestreputationinformation.Thislightenstheclientfootprintandeliminatesthesignaturedistributiontimelag.LargerclientscanbenefitfromalocalSmartProtectionNetworkserver.
20• WiththereleaseofOfficeScan10.5,TrendMicrodelivered
avirtualdesktopinfrastructure(VDI)-awaresolution(CitrixandVMware).Thisimprovesperformanceandsecuritybypreventingresourcecontention,andbyleveragingbaseimageprescanningtoavoidduplicatescanningamongmultiplevirtualdesktopimages,whichhasasignificantimpactonVDIdensity.Italsooffersadeepsecurityplatformandagentlessvirtualmachinesolutionthatprovidesagentlesssecurityformultiplevirtualmachineenvironments.
• OfficeScanprotectionisbolsteredbythecapabilitytoblockmaliciousURLsattheclientlevel,criticalsystemresourcesandprocessprotection,whichblocksmaliciouschangesandbehavioralmonitoring.
• Clientperformanceinversion10.5isimproved.
• TrendMicrooffersaSaaS-basedmanagementconsole.
• TrendMicrooffersauniquethreatmanagementservice,whichcombinesout-of-bandVMwareserversthatmonitornetworksformalicioustrafficwithaservice-assistedremediationandincidentmanagementservice,toitspremiumsupportcustomers.Italsooffersitasastand-alonesolutiontomonitorincumbentEPPsolutioneffectiveness.
• TrendMicrooffersbroadplatformcoverageforendpointsandservers,includingnativeMacsupport,mobiledeviceprotection,MicrosoftSharePoint,MicrosoftExchangeandnetwork-attachedstorage,inasinglemanagementconsole.
• ThecompanyhasmadeinvestmentsinendpointDLP.
Cautions
• TrendMicro’stendencytorelyonin-housedevelopment,combinedwithveryconservativedevelopmentinvestmentsandanover-relianceonpartnershipsversusacquisitions,hasresultedinslightdeclinesinbothCompletenessofVisionandAbilitytoExecutescoresinthisanalysis.Recentacquisitions(Provilla,ThirdBrigadeandMobileArmor)arewelcomechanges,butmostcamewellafterthecompetitionhadmadesimilarmoves.
• TheBigFixpartnershipimprovesmanageabilityinenvironmentswithdistributedmanagementserversconnectedoverlow-bandwidthconnections.However,itfailedtogainsignificantinstalled-basetraction,andtherecentacquisitionofBigFixbyIBMhascloudedthefutureofthispartnership.
• TrendMicroproductmanagementhasnotembracedPCLMintegration,norappreciatedthevalueofmore-holisticsecuritystateassessmentsorapplicationcontrol.
• ControlManagerdoesn’tyethavetherichnessofreportingordashboardsthatothersolutionsdo.Rogueclientdetectionisamanualprocess.
• OfficeScanprovidesfewapplicationcontrolcapabilities.However,theIntrusionDefenseFirewallplug-in(availableatanadditionalcharge)cancontrolapplicationsatthenetworklevel,butcan’tblockspecificcontrolsfromrunninginabrowser.However,executionandfirewallbehaviorrulesareindifferentpolicysettings,complicatingmanagement.
• TrendMicroportanddevicecontrolcapabilitiesareverylimited,grantingjustread-onlyorexecutingcontrolonstoragedevices.
• ItsendpointDLPisweakerthanvendorsthatspecializeinthismarket.TrendMicroisnotamajorvendorinthemorecomprehensiveenterpriseDLPmarket.
• TrendMicro’sglobalmarketsharedistributionissomewhatskewedtotheAsia/Pacificregion,andtheNorthAmericanenterprisebusinessisskewedtothegatewaymarket.
Vendors Added or DroppedWereviewandadjustourinclusioncriteriaforMagicQuadrantsandMarketScopesasmarketschange.Asaresultoftheseadjustments,themixofvendorsinanyMagicQuadrantorMarketScopemaychangeovertime.AvendorappearinginaMagicQuadrantorMarketScopeoneyearandnotthenextdoesnotnecessarilyindicatethatwehavechangedouropinionofthatvendor.Thismaybeareflectionofachangeinthemarketand,therefore,changedevaluationcriteria,orachangeoffocusbyavendor.
21
Evaluation Criteria DefinitionsAbility to ExecuteProduct/Service: Coregoodsandservicesofferedbythevendorthatcompetein/servethedefinedmarket.Thisincludescurrentproduct/servicecapabilities,quality,featuresetsandskills,whetherofferednativelyorthroughOEMagreements/partnershipsasdefinedinthemarketdefinitionanddetailedinthesubcriteria.
Overall Viability (Business Unit, Financial, Strategy, Organization): Viabilityincludesanassessmentoftheoverallorganization’sfinancialhealth,thefinancialandpracticalsuccessofthebusinessunit,andthelikelihoodthattheindividualbusinessunitwillcontinueinvestingintheproduct,willcontinueofferingtheproductandwilladvancethestateoftheartwithintheorganization’sportfolioofproducts.
Sales Execution/Pricing: Thevendor’scapabilitiesinallpre-salesactivitiesandthestructurethatsupportsthem.Thisincludesdealmanagement,pricingandnegotiation,pre-salessupportandtheoveralleffectivenessofthesaleschannel.
Market Responsiveness and Track Record: Abilitytorespond,changedirection,beflexibleandachievecompetitivesuccessasopportunitiesdevelop,competitorsact,customerneedsevolveandmarketdynamicschange.Thiscriterionalsoconsidersthevendor’shistoryofresponsiveness.
Marketing Execution: Theclarity,quality,creativityandefficacyofprogramsdesignedtodelivertheorganization’smessagetoinfluencethemarket,promotethebrandandbusiness,increaseawarenessoftheproducts,andestablishapositiveidentificationwiththeproduct/brandandorganizationinthemindsofbuyers.This“mindshare”canbedrivenbyacombinationofpublicity,promotionalinitiatives,thoughtleadership,word-of-mouthandsalesactivities.
Customer Experience: Relationships,productsandservices/programsthatenableclientstobesuccessfulwiththeproductsevaluated.Specifically,thisincludesthewayscustomersreceivetechnicalsupportoraccountsupport.Thiscanalsoincludeancillarytools,customersupportprograms(andthequalitythereof),availabilityofusergroups,service-levelagreementsandsoon.
Operations: Theabilityoftheorganizationtomeetitsgoalsandcommitments.Factorsincludethequalityoftheorganizationalstructure,includingskills,experiences,programs,systemsandothervehiclesthatenabletheorganizationtooperateeffectivelyandefficientlyonanongoingbasis.
Completeness of Vision
Market Understanding: Abilityofthevendortounderstandbuyers’wantsandneedsandtotranslatethoseintoproductsandservices.Vendorsthatshowthehighestdegreeofvisionlistentoandunderstandbuyers’wantsandneeds,andcanshapeorenhancethosewiththeiraddedvision.
Marketing Strategy: Aclear,differentiatedsetofmessagesconsistentlycommunicatedthroughouttheorganizationandexternalizedthroughthewebsite,advertising,customerprogramsandpositioningstatements.
Sales Strategy: Thestrategyforsellingproductsthatusestheappropriatenetworkofdirectandindirectsales,marketing,serviceandcommunicationaffiliatesthatextendthescopeanddepthofmarketreach,skills,expertise,technologies,servicesandthecustomerbase.
Offering (Product) Strategy: Thevendor’sapproachtoproductdevelopmentanddeliverythatemphasizesdifferentiation,functionality,methodologyandfeaturesetsastheymaptocurrentandfuturerequirements.
Business Model: Thesoundnessandlogicofthevendor’sunderlyingbusinessproposition.
Vertical/Industry Strategy:Thevendor’sstrategytodirectresources,skillsandofferingstomeetthespecificneedsofindividualmarketsegments,includingverticalmarkets.
Innovation: Direct,related,complementaryandsynergisticlayoutsofresources,expertiseorcapitalforinvestment,consolidation,defensiveorpre-emptivepurposes.
Geographic Strategy:Thevendor’sstrategytodirectresources,skillsandofferingstomeetthespecificneedsofgeographiesoutsidethe“home”ornativegeography,eitherdirectlyorthroughpartners,channelsandsubsidiariesasappropriateforthatgeographyandmarket.
