Endpoint Security Solutions Comparative Analysis Report

(1)

Endpoint Security Solutions

Comparative Analysis Report

(Physical Environment

)

Tel + 91 265 3933000 Fax + 91 265 2355820 Email [email protected] To: Trend Micro Indusface Contact

Kandarp Shah | Vice President Indusface

A/2-3, 3rd Floor, Status Plaza,

Atladara Old Padra Road, Akshar Chowk, Vadodara – 390020.

Vendors Tested

(2)

Confidentiality

INDUSFACE HAS PREPARED THIS DOCUMENT FOR TREND MICRO. NEITHER THIS DOCUMENT NOR ITS CONTENT MAY BE COPIED OR DISTRIBUTED OUTSIDE TREND MICRO, WITHOUT PRIOR WRITTEN APPROVAL FROM INDUSFACE

THE CONTENTS OF THIS DOCUMENT ARE PROVIDED TO TREND MICRO, IN CONFIDENCE SOLELY FOR THE PURPOSE OF EVALUATING WHETHER THE CONTRACT SHOULD BE AWARDED TO INDUSFACE.

Revision History

Date Version Description Author

02/04/2013 1.2 Comparative Analysis on Endpoint Security

Solutions (Physical Environment)

Harsh Jadia

Document Control

Activities Responsibility Verified / Cleared

Technical Approval Harsh Jadia Verified

Final Approval Kandarp Shah Cleared

Notice of Ownership

THIS DOCUMENT IS THE EXCLUSIVE PROPERTY OF INDUSFACE ALL RIGHTS RESERVED

(3)

Test Case 2: Signature Update ... 13

Test Case 3: On Demand Full Scan (Heavy) ... 14

Test Case 4: Scheduled Full Scan ... 14

Test Case 5: On Access Scan ... 15

Test Results Based On Criteria ... 16

CPU Utilization Observations ... 16

Memory Utilization Observations ... 17

Network Utilization Observations ... 19

Disk Utilization Observations ... 20

Time Taken Observations... 21

Appendix 1 – Introduction & Key Features ... 23

Trend Micro OfficeScan (OSCE) 10.6 SP2 ... 23

Sophos Endpoint Protection 10 ... 23

McAfee VirusScan Enterprise 8.8 (Patch 2) ... 23

Symantec Endpoint Protection 12.1.2 ... 24

Microsoft System Center 2012 Endpoint Protection ... 24

Features Comparison ... 25

Disclaimer... 27

(4)

Introduction of Products & Versions

Objective performance testing was conducted on the following publicly available enterprise endpoint protection solutions using Windows 7 Professional Edition as the client system.

PRODUCTS VERSION

Trend Micro OfficeScan (OSCE) 10.6 SP2

McAfee VirusScan Enterprise 8.8 Patch 2

Symantec Endpoint Protection (SEP) 12.1.2

Sophos Endpoint Protection 10

Microsoft System Center Endpoint Protection 2012

Refer to Appendix 1 for a brief introduction on the tested endpoint protection products and the key features of each.

Project Scope

The tests compared the metrics of the system components’ performance for the following endpoint protection solutions:

 Trend Micro OfficeScan (OSCE) 10.6 SP2  Sophos Endpoint Protection 10

 McAfee VirusScan 8.8 (Patch 2)

 Symantec Endpoint Protection (SEP) 12.1.2  Microsoft System Center 2012 Endpoint Protection

(5)

Approach and Methodology

Approach

In order to achieve performance analyses on the endpoint protection solutions, Indusface followed a defined benchmark approach. The approach and methodology for the complete cycle, which consists of four phases, is described in the figure below.

Figure 1: Indusface Approach and Methodology

Test Cases & Execution

The comparative analysis was performed using the following test cases: 1) Baseline Endpoint Client Installation

2) Signature Update 3) Scheduled Full Scan

4) On Demand Full Scan (Heavy) 5) On Access Scans

The analyses for each test case were based on CPU and memory usage, and the disk and network resource utilization of the endpoint protection solution. All test cases were performed one time except for the On Access Scan. The On Access Scan test case was performed five times and the average results were evaluated. Xperf is the monitoring tool that was used to record the system resource utilization and the time.

ARCHITECTURE:

-Server and client setup -Required software setup

TEST CASES:

-Create test cases -Configure test cases

EXECUTION:

-Execute the test case scripts

-Monitor and record the resource utilization using tools -Check the security effectiveness

REPORTING:

-Gather and correlate the test results -Provide report analysis

(6)

The total resource utilization by endpoint client machines for each endpoint protection solution was recorded and the average value used for the final result. Test cases evaluated the usage of the following resources:

 CPU  Memory  Network

 Disk (total hard disk utilized)

This report uses the percentage of resources used to display the data derived from the analyses. The percentage values were calculated based on the maximum amount of available resources compared to the actual amount of resources utilized.

Automated Script

An automated script was created to simulate end user activity. The Windows script was created in Python and can execute the following applications and actions:

 Microsoft Word – Open, minimize, maximize, close, insert text, save modifications

 Microsoft Outlook – Open, minimize, maximize, close, write random words/numbers, save modifications

 Microsoft Excel – Open, minimize, maximize, close, write random numbers, insert/delete columns/rows, copy/paste formulas, save modifications

 Microsoft PowerPoint – Open, minimize, maximize, close, and conduct a slide show presentation  Google Chrome – Open, minimize, maximize, close, and browse web pages

 Windows Media Player – Open, close, and view a video

(7)

Architecture

Lab Details

In order to estimate the performance impact on a computing endpoint, a unified test environment was created to simulate the working environment of an average corporate network. A script driven end user automation was then developed to simulate the daily activities of a typical corporate user.

Our main aim was to create a baseline image with the fewest possible benchmarks and the least chance of variation caused by external operating system factors. The lab environment was comprised of an endpoint client and a server for each instance of the endpoint protection product. The evaluation process was based on a single end user environment at a given point of time.

Baseline Image Creation (Endpoint client):

Windows 7 Professional version was used as the client machine operating system for testing purposes. Norton Ghost was used to create a clean baseline image. The baseline image was restored before testing each endpoint protection solution.

The steps taken to create the baseline image were as follows: 1) Installed Windows 7 Professional on the client machine. 2) Disabled Automatic Updates for Windows.

3) Disabled Windows Defender to avoid unexpected background activity. 4) Disabled the Windows Firewall to avoid interference with security software. 5) Changed User Account Control settings to “Never Notify”.

6) Installed Windows Performance Toolkit x86 for testing. 7) Installed Python 2.7 for automated test scripts. 8) Installed Norton Ghost for imaging purposes. 9) Created a baseline image using Norton Ghost.

(8)

Figure 2: Test Lab Environment

Lab System - Endpoint Configuration

Operating System System Model

Windows 7 Professional (build 7600) Installation Language: English (United States) System Locale: English (United States)

Enclosure Type: Desktop

Processor Main Circuit Board

3.30 Gigahertz Intel Core i3-3220 32 Kilobyte primary memory cache 512 Kilobyte secondary memory cache 3072 Kilobyte tertiary memory cache 32-bit ready

Multi-core (2 total) Hyper-threaded (4 total)

Board: Intel Corporation DH61WW AAG23116-302 Serial Number: BTWW23400J7J

Bus Clock: 25 Megahertz

BIOS: Intel Corp. BEH6110H.86A.0044.2012.0531.1710 05/31/2012

Drives Memory Modules

500.00 Gigabyte of usable hard drive capacity

437.07 Gigabyte of hard drive free Space 3496 Megabyte Usable Installed Memory

(9)

Operating System System Model

Operating System Model

Windows Server 2008 Enterprise Service Pack 2 (build 6002)

Installation Language: English (United States) System Locale: English (United States)

Enclosure Type: VMwareESXi

Processor Main Circuit Board

2.40 Gigahertz Intel Xeon

512 Kilobyte primary memory cache 64-bit ready

Not Hyper-threaded

Board: Intel Corporation 440BX Desktop Reference Platform

BIOS: Phoenix Technologies LTD6.00 09/21/2011

Drives Memory Modules

42.95 Gigabyte of usable hard drive capacity

15.26 Gigabyte of hard drive free space 3496 Megabyte Usable Installed Memory

(10)

Executive Summary

The project focuses solely on the comparison of endpoint protection client system components against performance metrics for the following products:

 Trend Micro OfficeScan (OSCE) 10.6 SP2  Sophos Endpoint Protection 10

 McAfee VirusScan 8.8 (Patch 2)

 Symantec Endpoint Protection (SEP) 12.1.2  Microsoft System Center 2012 Endpoint Protection

The testing demonstrated how each endpoint protection solution utilizes hardware resources in respect to the CPU, Disk, Memory and Network components and also the time taken for the client system to execute the tests under a comparative framework of evaluation.

The methodologies used, as described later in this report, were not biased for any solution.

From the analysis of the test results, it can be observed that Trend Micro OfficeScan 10.6 SP2 is optimized compared to the other publicly available endpoint protection products. McAfee VirusScan Enterprise 8.8 (Patch 2) scored second in optimization results in comparison to Trend Micro OfficeScan (OSCE) 10.6 SP2.

Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the least amount of system resources while Microsoft System Center 2012 Endpoint Protection utilized the greatest amount of system resources.

McAfee VirusScan 8.8 (Patch 2) utilized the greatest amount of CPU resources in ideal conditions and also consumed comparatively more resources during a “signature update”. It utilized more CPU and Network resources during the “On Access Scan”.

Trend Micro OfficeScan (OSCE) 10.6SP2 utilized the least amount of resources in ideal conditions. It consumed a very low amount of resources in the least amount of time during a “signature update”. Its Smart Protection Server (which performs caching) made client system resources available during updates and scans.

Symantec Endpoint Protection 12.1.2 used a considerable amount of resources in all the test cases. It utilized more CPU and Network resources during the “On Access Scan” in comparison to the other endpoint solutions.

Sophos Endpoint Protection 10 consumed comparatively more memory during all test cases.

Microsoft System Center 2012 Endpoint Protection consumed a greater amount of time performing all the test cases. It also utilized more CPU resources during both “Scheduled Full Scan” and the “On Demand Full Scan (Heavy)”.

(11)

Test Results

The following table indicates the scores received by each product during the evaluation of the various test cases.

*Mem=Memory Utilization, N/W = Network Utilization, Time = Time taken for execution of each test case, CPU= CPU Utilization.

The ranking was determined based on the test results. A score of 1 to 5 was given for each value measured, where 1 indicates the best performance and 5 represents the poorest performance.

The following formulas were used to determine the scores given to each of the endpoint solutions for each test case:

Baseline - Endpoint Client installation:

Average CPU (%) + Average Memory (%) + Average Network (%) + Time taken

Signature Update:

Scheduled Full Scan:

On Demand Full Scan (Heavy):

On Access Scan:

(12)

Note: Product scores of 1 to 5 for particular test cases can be interpreted as follows:

 Score of 1: Indicates the product that utilized the least amount of resources on the client machine.

 Score of 5: Indicates the product that utilized more time/resources on the client machine compared to the other products.

Products that scored the same overall percentage received the same ranking. For example, if the test results for Microsoft and McAfee both recorded a full scan time of 15 minutes, their rankings are the same and the next slowest product’s ranking is one higher.

Overall Ranking

The following table demonstrates the overall product rankings after analyzing the successful execution of the various test cases.

Products Ranking Score

Trend Micro OfficeScan (OSCE) 10.6 SP2 1st 38

McAfee VirusScan Enterprise 8.8 (Patch 2) 2nd 54

Symantec Endpoint Protection 12.1.2 3rd 60

Microsoft System Center 2012 Endpoint Protection 3rd 60

(13)

Test Results

Test Case 1: Baseline – Endpoint Client Installation

Approach

After the installation of the endpoint client on the baseline system, resource utilization was measured for five minutes without any user activity. The system’s CPU, Memory, Network, and Disk utilization was recorded.

Test Results

CPU (%) Memory (%) Network (%) Disk (%) Trend Micro OfficeScan (OSCE) 10.6 SP2 0.47 22.5 0.001 0.0002

McAfee VirusScan 8.8 (Patch 2) 2.73 24.6 0.001 0.0004

Symantec Endpoint Protection 12.1.2 0.76 30.42 0.004 0.0003

Sophos Endpoint Protection 10 1.29 30.3 0.003 0.0001

Microsoft System Center 2012 Endpoint

Protection 1.44 26 0.003 0.0001

Table 3: Baseline - Endpoint Client Installation

Observations

Based on the test results, Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the least amount of resources following the client installation compared to other endpoints’ clients. The lower amount of resource utilization (by Trend Micro OfficeScan (OSCE) 10.6 SP2) enables the user to have more resources available for productivity compared to the other endpoint solutions.

Test Case 2: Signature Update

Approach

After the installation of the endpoint protection solution’s server, scheduled update was turned off for three days. After three days, updates were collected by the server and were pushed from the server to the client. During the signature push from the server to the client, the system resource utilization was recorded.

Test Results

CPU (%) Memory (%) Network (%) Disk (%) Time Taken (mm:ss) Trend Micro OfficeScan (OSCE) 10.6 SP2 8.8 33.19 0.025 0.0019 0:20

McAfee VirusScan 8.8 (Patch 2) 10.84 44.5 0.35 0.0031 3:50

Symantec Endpoint Protection 12.1.2 17.64 37.1 0.069 0.0024 1:30

Sophos Endpoint Protection 10 18.44 42.5 0.42 0.0022 3:25

Microsoft System Center 2012 Endpoint

Protection 9.21 32.52 0.087 0.0034 6:15

(14)

Observation

Based on the test results, Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the least amount of resources (8.8% of CPU and 0.025% of Network resources) during the execution of a signature update during the time allotted (20 seconds) for the test execution. All the other endpoint protection suites required more time and/or resources, which would have a negative impact on the client-side user performance.

Test Case 3: On Demand Full Scan (Heavy)

Approach

An On Demand full scan was initiated on the endpoint client using an end user automation script that simulated a heavy workload of an end user’s daily activities. The automation script was executed until the On Demand scan was completed. Resource utilization for the On Demand full scan was recorded in terms of CPU, Memory, and Network utilization of the endpoint client.

Test Results

CPU (%) Memory (%) Network (%) Disk (%) Time Taken (mm:ss) Trend Micro OfficeScan (OSCE)

10.6 23.08 35.4 0.03 0.0087 5:35

McAfee VirusScan 8.8 (Patch 2) 22.53 32 0.03 0.009 7:10

Symantec Endpoint Protection

12.1.2 9.92 37.35 0.05 0.008 10:25

Microsoft System Center 2012

Endpoint Protection 31.51 34.77 0.02 0.012 15:15

Table 5: On Demand Full Scan (Heavy)

Observation

Based on the test results, Symantec Endpoint Protection 12.1.2 utilized the least amount of resources (9.92% of CPU resources) during the execution of the On Demand Full Scan (Heavy) test, but took almost twice the amount of time (11 minutes) compared to Trend Micro OfficeScan (OSCE) 10.6 SP2 (5 minutes and 35 seconds). The increased amount of CPU usage by Microsoft System Center 2012 Endpoint Protection may degrade the overall performance of the system during the On Demand Full Scan. However, Trend Micro OfficeScan (OSCE) 10.6 SP2 completed the scan in the least amount of time by using more resources, which indicates that it provides more efficiency for the client systems.

Test Case 4: Scheduled Full Scan

Approach

For this test case, a full scan was scheduled at a particular time (e.g. 11 PM on Monday). During the test, an ideal client system was implemented (i.e. no user activity was performed). The server initiated a scheduled scan on the endpoint client and the resource utilization of CPU, Memory, Network and Disk was recorded.

(15)

Test Results

CPU (%) Memory (%) Network (%) Disk (%) Time Taken (mm:ss) Trend Micro OfficeScan (OSCE)

10.6 SP2 15.84 29.4 0.005 0.0071 5:50 McAfee VirusScan 8.8 (Patch 2) 15.56 26.31 0.006 0.002 3:25

Symantec Endpoint Protection

12.1.2 11.61 33.9 0.003 0.0016 13:00 Sophos Endpoint Protection 10 17.31 54.13 0.005 0.016 8:15

Table 6: Scheduled Full Scan

Observation

Based on the test results, Microsoft System Center 2012 Endpoint Protection utilized the greatest amount of resources during the execution of the Scheduled Full Scan test case, and required the greatest amount of time. McAfee VirusScan 8.8 (Patch 2) completed the full scan in the least amount of time but utilized 15% of CPU resources, which is a better resource utilization result than Symantec Endpoint Protection 12.1.2 (11.6%).

Test Case 5: On Access Scan

Approach

A group of different file types was copied to the endpoint client from a network file server. This group of files (3.47 GB) contained several types of file formats that a Windows user would encounter during daily use. These formats included documents (e.g. Microsoft Office documents, Adobe PDF, ZIP/RAR files), media formats (e.g. Images), system files (e.g. Executable, CAB, MSI, libraries) and miscellaneous files (e.g. ISO, APK, logs, SIG, PEM). The test was executed multiple times and the average of the results was calculated.

Test Results

CPU (%) Memory (%) Network (%) Disk (%) Time Taken (mm:ss) Trend Micro OfficeScan (OSCE)

10.6 SP2 5.2 36.5 9.66 0.0022 6:00

McAfee VirusScan 8.8 (Patch 2) 7.92 27.22 10.52 0.001 6:04

Symantec Endpoint Protection

12.1.2 11.45 35.41 10.5 0.0018 6:40

Table 7: On Access Scan

Observation

Based on the test results, the overall file transfer process took almost the same amount of time for Trend Micro OfficeScan (OSCE) 10.6 SP2 and McAfee VirusScan 8.8 (Patch 2). Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the least amount of resources (5.2% of CPU for six minutes) and Symantec Endpoint Protection 12.1.2 utilized the greatest amount of resources (45% of memory for seven minutes).

(16)

Test Results Based On Criteria

The following table displays the test results based on the different criteria for each respective endpoint client. These test results highlight the products’ performance according to the testing criteria.

CPU Utilization Observations

Baseline - Endpoint Client

Installation

Signature

Update Scheduled Full Scan

On Demand Full

Scan (Heavy) On Access Scan Trend Micro OfficeScan

(OSCE) 10.6 SP2 0.47 8.8 15.84 23.08 5.2 McAfee VirusScan 8.8 (Patch 2) 2.73 10.84 15.56 22.53 7.92 Symantec Endpoint Protection 12.1.2 0.76 17.64 11.61 9.92 11.45 Sophos Endpoint Protection 10 1.29 18.44 17.31 17.95 5.07 Microsoft System Center

2012 Endpoint Protection

1.44 9.21 30.11 31.51 5.78

Table 8: CPU Utilization Comparison

CPU utilization was measured on:  3.30 Gigahertz Intel Core i3-3220  32 Kilobyte primary memory cache  512 Kilobyte secondary memory cache  3072 Kilobyte tertiary memory cache  32-bit ready

 Multi-core (2 total)  Hyper-threaded (4 total)

(17)

The CPU Utilization graph demonstrates:

 Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the lowest amount of CPU resources after the “Baseline – Endpoint Client Installed” test and during the “Signature Update”.

 Symantec Endpoint Protection 12.1.2 utilized the lowest amount of CPU resources during the “Scheduled Full Scan” and “On Demand Full Scan (heavy)” tests.

 Symantec Endpoint Protection 12.1.2, Trend Micro OfficeScan (OSCE) 10.6 SP2, and Microsoft System Center 2012 Endpoint Protection utilized almost the same amount of CPU resources during the “On Access Scan” test.

Memory Utilization Observations Baseline -

Endpoint Client Installation

Signature

On Demand Full

Scan (Heavy) On Access Scan Trend Micro OfficeScan (OSCE) 10.6 SP2 22.5 33.19 29.4 35.4 36.5 McAfee VirusScan 8.8 (Patch 2) 24.6 44.5 26.31 32 27.22 Symantec Endpoint Protection 12.1.2 30.42 37.1 33.9 37.35 35.41 Sophos Endpoint Protection 10 30.3 42.5 54.13 56.3 45.95 Microsoft System Center 2012 Endpoint Protection 26 32.52 26.1 34.77 28.49

Table 9: Memory Utilization Comparison 0 5 10 15 20 25 30 35 Baseline -Endpoint Client Installation

Signature Update Scheduled Full

Scan On Demand FullScan (Heavy) On Access Scan

CPU Utilization (%)

Trend Micro OfficeScan (OSCE) 10.6 SP2 McAfee VirusScan 8.8 (Patch 2) Symantec Endpoint Protection 12.1.2 Sophos Endpoint Protection 10 Microsoft System Center 2012 Endpoint Protection

(18)

Memory utilization was measured on:

 3496 Megabytes of usable installed memory

o Slot 'DIMM1' had 2048 MB

o Slot 'DIMM3' had 2048 MB

The Memory Utilization graph demonstrates:

 Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the lowest amount of memory after the “Baseline – Endpoint Client Installation” test.

 McAfee VirusScan Enterprise 8.8 (Patch 2) utilized the greatest amount of memory during the “Signature Update”.

 McAfee VirusScan 8.8 (Patch 2) and Microsoft System Center 2012 Endpoint Protection utilized least amount of memory during the “Scheduled Full Scan”.

 McAfee VirusScan 8.8 (Patch 2) utilized the least amount of memory during the “On Demand Full Scan (Heavy)” and “On Access Scan”.

0 10 20 30 40 50 60 Baseline -Endpoint Client Installation

Memory Utilization (%)

(19)

Baseline - Endpoint Client Installation

Signature

On Demand Full

(OSCE) 10.6 SP2 0.001 0.025 0.005 0.03 9.66 McAfee VirusScan 8.8 (Patch 2) 0.001 0.35 0.006 0.03 10.52 Symantec Endpoint Protection 12.1.2 0.004 0.069 0.003 0.05 10.5 Sophos Endpoint Protection 10 0.003 0.42 0.005 0.01 9.68 Microsoft System Center

2012 Endpoint Protection

0.003 0.087 0.006 0.02 9.93

Table 10: Network Utilization Comparison Network utilization was measured on:

 Broadcom NetLink (TM) Gigabit Ethernet (100 MBps)

Note: The Network bandwidth of 100 MBps was tested.

0 2 4 6 8 10 12 Baseline - Endpoint

Client Installation Signature Update Scheduled Full Scan On Demand Full Scan(Heavy) On Access Scan

Network Utilization (%)

(20)

The Network Utilization graph demonstrates:

 All the endpoint protection solutions utilized almost the same amount of Network resources for the “Baseline - Endpoint Client Installation” test case.

 Trend Micro OfficeScan (OSCE) 10.6 SP2 utilized the least amount of Network resources during the “Signature Update” test and also took less time to update due to its Smart Protection Server (caching) option.

 All the Endpoint Solutions utilized almost the same amount of Network resources during the “Scheduled Full Scan” and “On Demand Full Scan (Heavy)” tests.

 Trend Micro OfficeScan (OSCE) 10.6 SP2 and Sophos Endpoint Protection 10 utilized the least amount of Network resources during the “On Access Scan”.

Disk Utilization Observations Baseline -

Endpoint Client Installation

Signature

On Demand Full Scan

(Heavy) On Access Scan Trend Micro OfficeScan (OSCE) 10.6 SP2 0.0002 0.0019 0.0022 0.0087 0.0022 McAfee VirusScan 8.8 (Patch 2) 0.0004 0.0031 0.001 0.009 0.001 Symantec Endpoint Protection 12.1.2 0.0003 0.0024 0.0018 0.008 0.0018 Sophos Endpoint Protection 10 0.0001 0.0022 0.0016 0.004 0.0016 Microsoft System Center 2012 Endpoint Protection 0.0001 0.0034 0.006 0.012 0.006

Table 11: Disk Utilization Comparison Disk utilization was measured on:

 244 Gigabytes of usable hard drive capacity  217 Gigabytes of hard drive free space

(21)

The Disk utilization graph demonstrates:

 All the Endpoint Protection solutions consumed almost the same amount of disk resources on the “Baseline – Endpoint Client Installation”, during the “Signature Update” and “On Access Scan” tests.  Microsoft System Center 2012 Endpoint Protection utilized the greatest amount of disk space during

all the test cases.

Time Taken Observations

Baseline - Endpoint Client Installation

Signature

On Demand Full

(OSCE) 10.6 SP2 5:00 0:20 5:50 5:35 6:00 McAfee VirusScan 8.8 (Patch 2) 5:00 3:50 3:25 7:10 6:04 Symantec Endpoint Protection 12.1.2 5:00 1:30 13:00 10:25 6:40 Sophos Endpoint Protection 10 5:00 3:25 8:15 11:00 7:00 Microsoft System Center 2012 Endpoint Protection 5:00 6:15 14:18 15:15 6:30

Table 12: Time Utilization Comparison 0 0.002 0.004 0.006 0.008 0.01 0.012 0.014 Baseline -Endpoint Client Installation

Disk Utilization (%)

Trend Micro OfficeScan (OSCE) 10.6 SP2 McAfee VirusScan 8.8 (Patch 2) Symantec Endpoint Protection 12.1.2 Sophos Endpoint Protection 10

Microsoft System Center 2012 Endpoint Protection

(22)

The Time utilization graph demonstrates:

 Trend Micro OfficeScan (OSCE) 10.6 SP2 took the least amount of time for the “Signature Update” and “On Demand Full Scan (Heavy)” tests.

 McAfee VirusScan 8.8 (Patch 2) took the least amount of time for the “On Demand Scheduled Full Scan” test.

 Sophos Endpoint Protection 10 took the greatest amount of time for the “On Access Scan” test case (7 minutes). 00:00 02:24 04:48 07:12 09:36 12:00 14:24 16:48 Baseline -Endpoint Client Installation Signature

Update Scheduled FullScan On Demand FullScan (Heavy) On Access Scan

Time Taken (mm:ss)

(23)

Appendix 1 – Introduction & Key Features

Trend Micro OfficeScan (OSCE) 10.6 SP2

Trend Micro OfficeScan (OSCE) 10.6 SP2 joins endpoint and mobile security with a unified management infrastructure that offers global threat intelligence to stop malware in the cloud, and provides virtual patching against zero day threats, and optimized security for virtual desktops. Optional modules allow instant deployment of data loss prevention, mobile device management and Mac protection.

Key Features as listed by Trend Micro are:  Unique plug-in architecture

 Optimized for desktop Virtualization Security  Superior malware protection

 Easy to manage

Sophos Endpoint Protection 10

Sophos Endpoint Protection 10 protects tablet, phone, and laptop or desktop, everywhere. Mainly Endpoint security, mobile device management, web protection, data protection, network protection, email protection and central management are integrated with it. It makes security easier whether it’s enabling BYOD, day-to-day administration with streamlined management, or getting support when you need it.

Key Features as listed by Sophos are:

 Gives you endpoint security and mobile device management, all in one  Secures Windows, Mac, Linux, iOS, Android, and more

 Provides integrated encryption (Allows users to store and share data securely)  Makes web browsing safe with built-in URL filtering

 Simplifies management with workflows engineered for business  Reduces complexity with a single license from a single vendor  Threat-aware patch assessment

 Integrated Encryption: Integrated full disk encryption in Endpoint encryption 10

McAfee VirusScan Enterprise 8.8 (Patch 2)

McAfee VirusScan Enterprise 8.8 (Patch 2) combines anti-virus, anti-spyware, firewall, and intrusion prevention technologies to stop and remove malicious software. It also extends coverage to new security risks and reduces the cost of responding to outbreaks with the industry’s lowest impact on system performance.

Key Features as listed by McAfee are:  Block multiple threats  Stop malware in real time  Safeguard email programs  Low impact on performance  Get high-performance security  Lessen damage from outbreaks

(24)

Symantec Endpoint Protection 12.1.2

Symantec Endpoint Protection 12.1.2 is built on multiple layers of protection, including Symantec Insight and SONAR both of which provide protection against new and unknown threats. Built for virtual environments, it can integrate with VMware vShield Endpoint for dramatically improved performance. Symantec Endpoint Protection 12.1.2 includes the latest features for improved security, performance and management.

Key Features as listed by Symantec are:  Integration with VMware’s vShield

 Tuned for Windows 8 and Windows Server 2012performance  Support for Mac OSX 10.8 (Mountain Lion)

 Support for HTTPS in trusted web domain exceptions  Enhanced security features

 Improved management

Microsoft System Center 2012 Endpoint Protection

Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection 2012) protects client and server operating systems against the latest malware and exploits. Built on System Center 2012 Configuration Manager, it reduces IT management and operating costs by providing a single, integrated platform for managing and securing your desktops.

Key Features as listed by MSSC are:

 Single console for endpoint management and security  Central policy creation

 Enterprise scalability

 Highly accurate and efficient threat detection  Behavioral threat detection

 Automated agent replacement  Windows Firewall management

(25)

Features Comparison

This is a list of notable Endpoint Protection product features in the form of a comparison table.

Product Features Comparison

Features Microsoft System Center 2012 Endpoint Protection McAfee VirusScan Enterprise 8.8(Patch 2) Symantec Endpoint Protection (SEP) 12.1.2 Sophos Endpoint Protection 10 Trend Micro OfficeScan (OSCE) 10.6 SP2 Endpoint Security Antivirus

√

Endpoint Web Filtering

X

√

Application Control

√

Device Control

√

DLP

√

Patch

√

Web & Email Gateway

X

√

Encryption

√

Mobile

√

Backup & Recovery

X

√

X

√

Behavioral threat detection

√

X

√

Central Management Console

√

Supported Platform Windows

√

Mac

X

√

Linux

√

Built for Virtual

Environment

√

Advanced Protection

Firewall

√

In the Cloud Protection

√

X

√

IDS/IPS

X

√

Zero Day Attack Protection

√

Scanning

Full Scan

√

Smart/Active Scan

√

X

√

X

√

Scheduled Scan

√

(26)

On Access Scan

√

Protection Point

Desktops, Laptops, Servers

√

Microsoft™ Exchange Email

Server

√

(27)

Disclaimer

The product versions covered in the report are the latest available at the time of testing. The versions are specified under the “Product Scope” section of the report. The list of products tested is not exhaustive of all products available in the comparative business security market.

Products used for the comparative testing were the evaluation versions available (free/trial/demo).

Disclaimer of Liability

Every effort has been made to ensure that the information presented in this report is accurate however, Indusface shall not be liable in any manner whatsoever for damages caused by the use of this information.

Endpoint Security Solutions Comparative Analysis Report