Advantages and Disadvantages of Three Top Endpoint Security Vendors

By Tim Cullen, CISSP, F5-CTS and Jacob Hunt
Security Architects at ADAPTURE

Endpoint Protection (EPP) Security is a suite of software that is installed on laptops, desktops, and servers. The purpose is to prevent multiple types of malicious threats from infecting the local machine. These threats include malware, device exploits, live attacks, bots, and script-based attacks. The purpose of these threats is to steal data or remote device control for financial profit, or to otherwise harm systems, individuals, or organizations.

There are limitations with any endpoint protection solution, however, that can limit protection to only the client layer. There is also a need for security above the client layer, as endpoint protection products cannot intercept traffic. Vendors will often sell a multi-tiered solution that enables a network appliance to assist the endpoint protection client by intercepting traffic between the attacker and the infected client. Vendors will also sell solutions that monitor and intercept traffic on internal or external network segments to protect the enterprise from these threats.

A prime example of the limitations of endpoint protection software is infection via a phishing attack. A phishing attack could involve an individual unwittingly disclosing data to cybercriminals by doing something as simple as clicking a link or downloading a file. Another limitation is known as Lateral Movement. This happens when malicious software recruits other network resources within the organization and creates a network of interconnected infected devices, thereby giving the attacker multiple resources for a variety of nefarious activities. A complete solution from a security vendor would not only include provisions for identifying and blocking local phishing attacks and data exfiltration, but also prevent malware from executing lateral movement throughout the organization.

This is the approach we took when reviewing three Endpoint Protection software vendors: Cylance, Check Point, and FireEye.

Check Point

Advantages

  • Intuitive endpoint management
  • Excellent encryption capabilities
  • Ideal solution if you are an existing Check Point gateway and management customer
Disadvantages

  • Requires a separate management server for policy management
  • Requires cloud or internet access for each client.
  • No Application based security
  • Malware detection is an add-on*
  • Forensics is a separate add-on*

*The Total Secure license needs to be purchased for the combined anti-malware and encryption capabilities.

Cylance

Advantages

  • Easy to deploy by pushing out agents to clients
  • Intuitive endpoint management
  • Client software requires low resources
  • Excellent application security
  • Can Whitelist/Blacklist applications
Disadvantages

  • 100 seat minimum purchase
  • Forensics is a separate add-on
  • Encryption is an add-on
  • No Host Intrusion Prevention
  • No DLP

FireEye

Advantages

  • Excellent Forensics
  • Visibility into endpoint activity
  • Machine learning capabilities
  • Best protection for Ransomware
Disadvantages

  • No Antivirus
  • No file or drive encryption capabilities
  • No Application Whitelist/Blacklist

Honorable Mentions

F5 Websafe is a solution that protects the organization against web-based attacks. Websafe is agnostic to the client type, as it analyzes the client-to-server communication. This product is a gateway appliance that protects corporate resources from unauthorized access, web scraping, privileged escalations, and phishing redirects. This product is not an EPP solution but does provide EDR and DLP functionality.