Better Business Endpoint Security Solutions
I thought I would respond as a business owner to the BizFeed column published a few weeks ago about not running any endpoint protection. Certainly, you need something, and while there are numerous security suites from Symantec, McAfee, and the like that provide firewall and anti-virus, they aren't integrated programs: more a collection of software much the way Microsoft Office is a collection of word processing, spreadsheets, and presentation software.
Here are three different approaches: two software products from Symantec and eEye, and a combination of hardware and software from a relatively new company called Napera. All three of them combine firewalls, intrusion prevention with centralized management consoles and reports. They are also designed for small businesses with limited budgets. They all install quickly and have a small number of options so you don't have to become a security guru to configure and operate them. The central consoles give you a birds-eye single-screen view of what is happening on your network so you can be assured that all your PCs are protected.
First up is Symantec's Endpoint Protection for Small Business Edition. While a mouthful, it is a pretty neat product and a better choice for small businesses than the Norton security suites. You need to purchase a management server for $500 and the individual client licenses go for about $35 per year if you have any Symantec products already, which is a real bargain. You need to install a single software agent to protect each client PC. The client software runs on XP SP1 or later versions, and the management server doesn't run on Vista machines. There is a free 30-day trial available on Symantec's Web site.
eEye Digital Security's tool is called Blink and is also just for Windows although it runs on everything since Windows 2000, including the 64-bit versions too. The Professional version includes 10 one-year licenses for $290, which is pretty reasonable given what you get. Unlike some personal firewalls that you have to "train" to recognize the behavior of your particular programs, Blink is fairly smart about what is benign and what is a threat. It includes both analyzers and signature patterns as well as anti-virus and anti-spyware modules. Setup is quick and easy. The pro version is best for businesses; you can run a management console to handle all your users.
The main drawback with Blink and Symantec's Endpoint tools is that you can't enforce protection if one of your users removes it from their PC. This is where Napera N24 comes into play. It is the hardware solution, and it looks like an ordinary Ethernet switch with 24 ports. It is the most expensive of the three at $3500 but you get a lot in the package. When you hook up your PCs to the N24, it will ask you what you want to check and whether you want to continue to operate the PC or start enforcing particular health profiles, such as bringing the PC up to the current service pack levels and checking to make sure that anti-virus software is installed.
If your PC is deemed unhealthy, it will try to remediate it and bring it up to par, either by directing you to the right resource or doing it automatically if the PC is capable of the update. This is the essence of what vastly more expensive network access control products from Cisco and Juniper provide, but at far less cost.
The good news is that the N24 works on mixed Mac and Windows networks, unlike the other two products. The downside to the N24 is that for Windows you need XP SP3 to run its health agents, and your browsers need to be at Safari 3 on the Mac, IE v7 or Firefox v2 on Windows.
Any of these security products will do a great job of protecting your network, and if you want something a bit more sophisticated and secure than the all-inclusive security suites, check one of them out. You can find video screencasts on all three products on my YouTube channel if you want to see them in action.
David Strom is a former editor-in-chief of Network Computing, Tom's Hardware.com, and DigitalLanding.com and an independent network consultant, blogger, podcaster and professional speaker based in St. Louis. He can be reached at firstname.lastname@example.org.