by Frank J. Ohlhorst
If you want to secure a small business network, what’s the best product to use? In this in-depth comparative review, we’ll closely examine two market leaders in the emerging arena of SMB (small and medium-sized business) software security suites: Kaspersky Business Space Security (BSS) 6 and Symantec Ednpoint Protection (SEP) 12.1 Small Business Edition. We’ll also declare a winner.
As we noted in an earlier article in this SMB security series, businesses of all sizes have sensitive data on their computers which must be protected. Yet big and small companies take different approaches to security. Typically, small businesses don’t have the money to spend on security niceties that enterprises almost take for granted, such as dedicated intrusion protection systems (IPS) and hardware firewalls.
Instead, small businesses have tended to turn to desktop security suite software centered on endpoint security. Yet although these suites may be adequate for home offices, small businesses need more defenses — such as the ability to manage user profiles, for example — to effectively guard against attacks, maintain privacy, and manage productivity.
In response, security software vendors are now stepping beyond conventional suites to offer full-featured protection suites specifically designed for small businesses. Here, we’ll take an in-depth look at the current offerings from the two market leaders in this space: Symantec and Kaspersky.
After downloading the latest trial versions of both products, we tested each on a small business network consisting of a single file server running Windows Small Business Server (SBS) 2011 Essentials, with four endpoints connected: a virtual PC running Windows XP, two physical PCs running Windows 7 Professional, and a MacBook Pro running Mac OS X Lion. We evaluated the two suites on the basis of feature set completeness, ease of deployment, ease of management, and security performance.
Symantec Endpoint Protection (SEP) 12.1 Small Business Edition
Symantec’s premiere product for protecting small business network endpoints, Symantec Endpoint Protection (SEP), now in version 12.1. can trace its roots back to version 11, which was released back in September of 2007 as a successor to Symantec AntiVirus Corporate Edition.
It’s safe to say that Symantec’s years of experience with anti-virus technology have helped to make the company a pioneer in the small business security segment. The company has consistently added capabilities to its security products, while introducing innovations that help businesses protect their IT assets.
SEP 12.1 brings several new capabilities which help to differentiate SEP from competitors and to redefine what endpoint protection should all be about. How exactly does SEP measure up?
A Closer Look at SEP
We’ll start with how easy (or difficult) it is to deploy SEP on a small business network. In Symantec’s case, installation is wizard-driven. The company offers ample documentation and guidance to automate installation as much as possible. However, installation does require some planning and a good understanding of the network and endpoints that are to be protected.
The first step in deploying SEP consists of installing the management server and management console. The management server must be installed on a Windows system. (We installed it on an SBS server, but you could use almost any windows system on your network, as long as it meets the requirements set forth in the documentation.)
To install the server and management console, you can either insert the product disk or execute the installer in the downloaded trial version. This will launch the installation wizard. After the management server is installed, another wizard automatically launches to step you through configuring the management server.
Once the management server is installed, you’ll need to go through some additional steps to register and license the product. An activation methodology is used to validate licenses and allow you to deploy the product to the various endpoints on the network. Licenses can be installed/activated using the licenses activation wizard.
SEP revolves around a policy based management system, and this works well for network installations. You assign users/machines to the groups and locations you’ve created. These groups and locations control the levels of security applied to the machines and define what rules are applied to the machines/users. That proves to be an effective management methodology, especially since firewall settings and access settings can be easily controlled using rules and policies. One nifty feature is the ability to import Active Directory groups. This can be a great time-saver on larger installations.
The list of policies and rules controls is extensive. Also, almost any capability can be granularly controlled based upon those rules. For example, you could create a policy that only allows MAC systems to access the network on site but then block access if they are used remotely.
Deploying SEP to the endpoints is also straightforward. However, it can be done several different ways. Most administrators will choose to use an automated deployment scenario, and that’s what we did. SEP accomplishes automated deployment through a Weblink and email methodology. The end user receives an email containing a Weblink to install the endpoint portion of SEP.
In most cases you will use an option called “computer mode,” which installs endpoint protection based upon the machine and not the specific user. However, for situations where one user may use several different PCs, each with its own security requirements, there is a “user mode” option for installations.
Once installed, SEP offers an impressive array of protection technologies, all of which can be administered and controlled from a central management console. Protection capabilities include the following:
Virus and Spyware Protection. SEP’s Virus and Spyware Protection guards computers from viruses and security risks, and in many cases it can repair their side effects. This protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.
Network Threat Protection. The product’s Network Threat Protection provides a firewall and intrusion prevention protection scenario to prevent intrusion attacks and malicious content from reaching the computer that runs the client software. The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies.
Intrusion Prevention. The integrated IPS analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer.
Proactive Threat Protection. SEP’s Proactive Threat Protection uses Symantec’s SONAR, a cloud based service which guards against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are new vulnerabilities that are not yet publicly known. Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions.
SEP: The Bottom Line
However, while comprehensive protection is a key element of any security suite, what really matters is how well the product works. In Symantec’s case, SEP proved to be easy to install, configure and deploy. We discovered that the product’s robust option set offers multiple configuration scenarios which can be used in most any environment.
More importantly, the administrative console helps IT managers stay on top of the security status of the network. This makes troubleshooting and remediation easy. SEP’s effectiveness and performance has been evaluated by the leading AV testing companies, and the product has consistently scored very highly. SEP has also been tested by PassMark Software, and it scored as a top performer when compared to other suites.
Kaspersky Business Space Security (BSS) 6
Kaspersky Labs has become a powerhouse in the world of anti-virus software — so much so that the company’s core anti-virus engine is licensed by a multitude of security vendors, including CheckPoint, FrontBridge and many others. While well known for consumer-level anti-virus products, the company has established itself in the business sector too, with a set of security products under the marketing moniker of Kaspersky Open Space Security.
Kaspersky Business Space Security is part of the Kaspersky Open Space Security product family. It is optimized for deployment on small networks. The product features centralized management, with centralized deployment and control, allowing administrators to take control of the security footing of a small business network.
A Closer Look at BSS
Again, the first thing we looked at during our evaluation is ease of installation and deployment. Like SEP and many other competing products, Kaspersky offers a wizard-driven deployment that helps to simplify the installation and deployment chores. The company provides ample documentation with this product — but regrettably, the documentation is divided up into multiple PDF files that are located on the website. For example, there are five different PDF files that must be downloaded to get endpoint information. A quick start guide is nonexistent.
Luckily, the wizard-driven installation proved to be very simple, negating the need for secondary documentation. However, I for one did not like the idea of flying blind. I would have appreciated a quick start guide, at least, to set my expectations as to what is required to successfully deploy the product.
Nevertheless, once installed, the product proved intuitive to use. The browser-based management turned out to be concise. Navigation was simple. As with other products in this space, BSS uses a policy-based definition model, where rules can be defined for varying levels of protection.
BSS offers a comprehensive feature set, which includes these highlights:
Malware protection. The company’s latest anti-virus engine delivers powerful protection, blocking and eliminating all types of modern malware.
Protection against hacker attacks. Through a feature called Anti-Hacker, BSS detects and blocks keyloggers and rootkits, neutralizing threats and preventing unauthorized access to your computers.
Secure firewall. A software firewall, which integrates with IPS, protects users working on any type of network. Administrators may define granular firewall policies or leverage predefined firewall templates to facilitate corporate policy configuration.
Secure electronic messaging. Kaspersky Business Space Security scans all messages you send and receive. It also scans any links or files sent via instant messaging systems such as ICQ and MSN.
Application Startup Control. The product provides white-listing rules for application startup control which can be administratively assigned and/or cloud-assisted (through Kaspersky Security Network). You can leverage ‘Default Allow’ and ‘Default Deny’ policies to customize application launch as defined by corporate policies.
BSS: The Bottom Line
Simply put, BSS offers a lot of protective power. The product has received high marks and awards from the various independent anti-virus testing labs, such as Virus Bulletin and AV Comparatives. It has also scored better than average on independent performance tests conducted by Passmark.
From a usage and functionality standpoint, BSS offers all of the major security features you would need for protecting endpoints in a small business environment. However, the product is a little more complicated to use than others on the market, and there is more of a learning curve.
In comparing BSS against SEP, it’s the little things that matter the most. Both products offer exceptional protection and both can deal with a multitude of threats. However, there are some differences that may make one a better choice than another for a small business network.
The first difference is licensing. Here, Kaspersky starts off with a minimum of 10 seats, making BSS a more expensive option for networks with less than 10 users. On the other hand, there is no upper limit on the license count, meaning that you could buy licenses for thousands of machines. Symantec, on the other hand, positions SEP as a product that supports as few as two users or as many as a thousand. That difference alone should tip smaller network managers towards Symantec.
Another element is ease-of-use. As we’ve seen, Symantec outclasses Kaspersky here, once again making SEP a better choice for smaller networks.
Meanwhile, from a protection standpoint, both products proved to be virtually equal. However, Symantec’s SONAR (cloud based detection) turned out to be more active than Kaspersky’s Security Network (Cloud Assisted Protection). That gives Symantec another advantage, although slight — for the time being, at least.
On the whole, Symantec’s SEP emerges as the better choice for smaller networks, especially those with less than 10 users. Nevertheless, it is pretty hard to discount what Kaspersky offers with BSS. When the next versions of both products arrive on the market though, the dynamics could change.