Before you set up your policy, you first have to check it out of the SES repository to make any changes or additions, then check it back in. This avoids multiple administrators working concurrently, but it also somewhat cumbersome initially to get used to this workflow.
One other drawback: SES doesn’t support adding security RSS feeds like some of its competitors, although they are planning on including this at some future point.
As we mentioned earlier, SES offers the ability to encrypt removable devices, this feature is accessed from the endpoint agent menu with a simple right-click. There is also the ability to provide temporary Web access, so a user can authenticate to a public Wi-Fi hotspot, such as a hotel, before bringing up their VPN connection.
Pricing starts at $15 per user per year for the basic modules and Professional Edition of agents. This is one of the lowest priced products in this review but the true cost of the product will be in learning how to deploy it and configure its numerous features.
How we tested endpoint security products
We brought up the products on a network running both physical and virtual Windows machines (of various vintages stretching from XP to Windows 10), Macs and various smartphones and tablets.
We looked at how they track down malware and other exploits that we downloaded from VirusTotal.com. We also examined how the products responded and how they recorded what happened across our network infrastructure as an infection spreads. If possible, we also looked at how a product would playback the infection to examine it further.
We also determined if the product could isolate an infected PC or PCs, or stop a particular process or executable program, or otherwise quickly remediate the machines and return them to a clean state. We also determined if a product could incorporate external security feeds, and work both online and offline. Finally, with each product, we connected our endpoints to their management servers and examined reports and manipulated the configurations and settings to see how easy it was to use from a network administrator’s point of view.
Secdo offers another approach
Secdo is an Israeli startup that tries to reduce incident response time and neutralize threats in near-real time. It has a very interesting process view where you can segregate what it sees into hardware, network, file and user activities so you can further analyze the potential threats and reduce the number of false positives.
Like many of the other products reviewed here, you have a very graphical display of the attack chain of events, and which endpoint PCs it has infected. We liked the clean screens that were very graphical and easy to review. By clicking on the data, you can get further explanations of what is happening and links to the particular attack methods. Secdo is just getting started with a few customers and is worthy of a closer look.
Sign up for CIO Asia eNewsletters.