forrester client security wave report

7/29/2019 Forrester Client Security Wave Report

1/17

Fs rsh, i., 60 a P Dv, cmbdg, Ma 02140 uSat: +1 617.613.6000 | Fx: +1 617.613.5000 | www.s.m

The Forrester Wave: EndpointSecurity, Q1 2013b chx Wg, Ph.D. d chs Shm, J 4, 2013

For: S &

rs Psss

key TakeaWays

et srt cmt i cr T yr iT srt ptr

odays enterprises are a dynamic and distributed environment, made up o diverse

endpoints, data centers, and cloud services. I security pros realize that endpointsare where the perimeter is, and traditional network-centric deenses may not

work within a transient endpoint environment. Tereore, an I security spotlight

should ocus on a better security posture or the endpoints.

et srt st dmt T etrr Mrt

Te endpoint security market is evolving rom AV-only to one that avors multiple

unctions in an integrated suite. I security pros see the benets o consolidated

management and reporting rom a single console. Other related unctions, such as

endpoint encryption, web security, and endpoint DLP, are also being pulled into

this suite or simplied management and integrated visibility.

at ctr, R-Tm Vbt, a pt Mmt ar

k drttr

As the AV-only approach becomes less eective, organizations begin to realize

the impact o managing their application portolio and minimizing the attack

surace. Application control and patch management are two unctions that serve

these purposes. Another crucial unction is real-time endpoint visibility, which is a

dierentiator o a security suite rather than a collection o disparate unctions.


2/17

2013, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Inormation is based on best available

resources. Opinions refect judgment at the time and are subject to change. Forrester , Technographics, Forrester Wave, RoleView, TechRadar,

and Total Economic Impact are trademarks o Forrester Research, Inc. All other trademarks are the property o their respective companies. To

purchase reprints o this document, please email [email protected]. For additional inormation, go to www.orrester.com.

For Security & riSk ProFeSSionalS

Why Read This RepoRT

In Forresters 50 criteria evaluation o endpoint security vendors, we identied nine top providers in the

category F-Secure, IBM, Kaspersky, LANDesk, Lumension, McAee, Sophos, Symantec, and rend

Micro and researched, analyzed, and scored them. o help security and risk proessionals select the

right partner to tackle endpoint security challenges, this report details our ndings about how well each

vendor ullls our criteria and where they stand in relation to each other.

tb o cs

et srt: T a h o iTsrt

edp S empsss M thJs avs

et srt evt ovrvw

ev c Fs o epsrqms

evd Vds Hv a Sg t Dvigd S ad Mgm

T et srt Mrt h M

Mtr T

Vr prf

lds Pvd a Bdh o Mthgs

Sg Pms ex i eh S oMgm

smt Mtr

ns & rss

Fs dd pd vs M 2012 d vwd 18 vd

d s mps: iBM, ksps lb,

lanDs Sw, lms S,

Ma, Sphs, Sm, td M,

d m h d s gzs.

rd rsh Dms

app c: a ess edp

S cmp

Spmb 7, 2012

Pp F awh, am, a-Dv

eggm, Wh a Sss Mb

ah

J 29, 2012

edp S adp tds, Q2 2011

Q4 2012

Dmb 5, 2011

T Frrtr Wv: et srt, Q1 2013edp S Ss t c Sg i th eps

b chx Wg, Ph.D. d chs Shm

wh Sph Bs d e ch

2

3

5

13

January 4, 2013
http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=BIO1724http://www.forrester.com/go?objectid=BIO2680http://www.forrester.com/go?objectid=BIO1123http://www.forrester.com/go?objectid=BIO1123http://www.forrester.com/go?objectid=BIO2680http://www.forrester.com/go?objectid=BIO1724http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/


3/17


th Fs Wv: edp S, Q1 2013 2

2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013

endpoinT secuRiTy: The achilles heel oF iT secuRiTy

Computing endpoints, clients, and servers make up the bulk o enterprise computing resources.

Protecting these endpoints and the inormation resident on them is an important aspect o I

security. In the 2012 ForrSights security survey, security proessionals ranked managingvulnerabilities and threats as one o the top I priorities, ranked only behind data security.

Since user endpoints are oen the rst place where attacks and exploits happen, I invests in

endpoint security technologies to:

Deend against threats targeting user endpoints. User endpoints are eectively the enterpriseperimeter where attackers seek to break into the company inrastructure. Te RSA breach and

the Google Aurora attack each started rom a single compromised user endpoint. Endpoint-

based security technologies help protect the endpoint wherever it might be without relying on

inrastructure-based security capabilities such as rewalls and intrusion prevention systems (IPS).

Manage vulnerabilities and reduce the attack surace. With diversity increasing due to bothcorporate-owned and personally owned endpoints, and the number o unique variants o malware

reaching the millions, addressing endpoint security can be daunting. Endpoint measures such as

application control and patch management help eradicate vulnerabilities and reduce the endpoint

attack surace, an especially important means in the ever-increasing threat landscape.

Monitor and gain visibility o user endpoints or compliance. Organizations with complianceand continuous monitoring requirements demand the visibility that endpoint security

technologies provide. Some o the products we reviewed are capable o reporting real-time

compliance status o endpoints, which gives corporate I a powerul tool to remediate

noncompliance and ascertain security posture.

Endpoint Security Encompasses More Than Just Antivirus

raditional endpoint security is synonymous with antimalware. Its no secret that signature-based

antimalware technologies have not ared that well with todays modern malware. As a result,

enterprise I is moving away rom point antimalware technologies and moving to deploy layered

deense with a portolio o measures that include not just antimalware but also host-based rewall/

IPS, application control, device and media control, and endpoint encryption.1

In addition, management unctions such as patch management and system management were

separate rom security unctions in the past, with separate buyers and budgets, but in recent years,

weve seen a growing inclination rom enterprise I to integrate management with security. Patch

management, in particular, has the biggest security impact and is oen considered as part o an

endpoint security suite. In the customer interviews we conducted or this Forrester Wave, almost

everyone reported that its important to perorm endpoint security tasks rom the same console

where patch management tasks are perormed.


4/17




o help I security achieve these goals, endpoint security suites now routinely include threat

protection, patch and vulnerability management, and even system management unctions. Tis

Wave takes these trends into consideration. In particular, we placed an emphasis on the broad

unctionality o endpoint security, which includes a plethora o endpoint security and managementmeasures beyond antimalware. We give credit to those vendors that oer a truly integrated endpoint

security suite rather than a laundry list o patched-together, disparate unctions. rue integration,

in our denition, means an integrated client architecture, integrated management, and reporting.

We also look or vendor solutions that have a strong underlying strategy or cloud service delivery.

Forrester believes strongly that cloud inrastructure will replace todays on-premises soware and

hardware or system and security management tasks. Tis is not just an SMB requirement its the

uture o how an enterprise will manage its endpoints.

In this Wave, we loosely dene an endpoint as an end user computing unit, which is synonymous

with client. Although we did include a ew criteria or server protection, security proessionals

should not view this report as a study or server security, as we have not specically ocused on that.

endpoinT secuRiTy eValuaTion oVeRVieW

o assess the state o the endpoint security market and see how the vendors stack up against each

other, Forrester evaluated the strengths and weaknesses o nine endpoint security vendors.

evt crtr F o etrr Rqrmt

Aer examining past research, user need assessments, and vendor and expert interviews, wedeveloped a comprehensive set o evaluation criteria. We evaluated vendors against 50 criteria,

which we grouped into three high-level buckets:

Current oering. We evaluated core capabilities or protecting user endpoints against threatssuch as malware and exploits, as well as unctions such as patch management, soware

distribution, and central management. We also spoke with customer reerences to validate

vendor strategies and capabilities. Troughout this study, we leveraged Forrester client inquiries

as a major source o inormation-gathering.

In this Wave we conducted actual patch management tests. We built a Windows 7 laptop with

various out-o-date applications, including Chrome, Fireox, Internet Explorer, RealPlayer, MSOce, Java, Adobe Reader, Flash, as well as missing OS patches. We loaded each vendors patch

management client (i it was available) on the machine, placed the machine in Forresters DMZ,

and asked the vendor to report patch assessment results rom their management server. o

the extent possible, we asked the vendor to administer patch remediation. We rebuilt the test

machine to the exact specications aer each test, ensuring that every vendor could work with

the same environment.


5/17




Strategy. We looked at each vendors vision or its endpoint security suite and its short-termroad map or the next 12 months, and we evaluated this inormation against the broad I

climate as we know it. We also evaluated the cost o each product, the nancial health o the

company, and its partner and channel strategies.

Market presence. We evaluated each vendors enterprise install base or its endpoint securityproducts, as well as the number o companies that license the vendors technologies. We also

took into account any presence in the consumer market and whether that presence contributed

to the competency o the enterprise products.

evt Vr hv a strt T dvr itrt srt a Mmt

Forrester invited nine vendors in this evaluation: F-Secure, IBM, Kaspersky, LANDesk, Lumension,

McAee, Sophos, Symantec, and rend Micro. We evaluated their endpoint security productportolios (see Figure 1). Each o these vendors has:

A sizable enterprise customer base. We selected companies that have 1,500 or more enterprisecustomers or their endpoint security products. We dene an enterprise as a company with

1,000 or more endpoints.

A broad endpoint security portolio. Each vendor has multiple endpoint security unctions,including, but not limited to, antimalware, host-based rewall/IPS, application control, device

control, and patch management. We also look or solutions that have integrated management

spanning these unctions. Because o this, we did not include any pure-play AV or antimalware

providers.

A strategy to converge endpoint security and management. All o the evaluated rms havethe ability to do endpoint threat protection as well as management. Some o the vendors oer

substantial management capabilities, with security as new additions. Others have extensive

security unctions and are strengthening their management support. We did not include any

security or management pure-plays.

Tere are many endpoint security vendors that we did not include in this evaluation. Some other

interesting players in the space include:

Microsof. Microso has built increasingly more security unctions into its Windows operatingsystem. Because o Windows popularity, many I organizations are now evaluating Windows

native security as a viable option or endpoint security and management. We wanted to

include Microso in this study, but Microso declined to participate. Ultimately, because o its

inherent Windows ocus, this might not have been the right study or Microso to demonstrate

its endpoint security capabilities. Forrester plans to conduct a separate study o Microsos

endpoint security unctions and will publish that study ollowing this Wave report.


6/17




Consumer- or SMB-acing endpoint security providers. Tis category includes AVG, AvastSoware, Bitdeender, ESE, eScan (MicroWorld echnologies), Malwarebytes, and many

others. As we previously stated, we aimed this evaluation at the enterprise market, and thereore

we did not include any consumer- or SMB-acing players.

Other business-acing solutions. Other vendors that ocus on supporting endpoint securityand management or corporate I include Check Point Soware, Norman, Panda Security, and

Webroot. Tese providers did not qualiy based on our selection criteria.

The endpoinT secuRiTy MaRkeT has Many MaTuRe Technologies

Te evaluation uncovered an established market with many mature solutions (see Figure 2):

Symantec, Sophos, McAee, and Kaspersky lead the pack. Symantec, McAee, and Sophos are

established names in the enterprise security market, and they stood out or their extensive security

capabilities as well as their approaches or integrated management. Kaspersky is a somewhat new

entrant in the enterprise market, but its solid security technologies, combined with a vision or

integrating endpoint security and management, make Kaspersky a solid competitor.

IBM, TrendMicro, LANDesk, Lumension, and F-Secure oer competitive options.Te vendorsin the Strong Perormer category come rom two distinct lineages: enterprise management and

endpoint security. IBM, LANDesk, and Lumension are in the ormer category, while rendMicro

and F-Secure come rom the latter. echnologies in the two categories are converging, and as a

result, each vendor is integrating security technologies with endpoint management capabilities, a

trend that aims to simpliy and streamline enterprise endpoint operations.

Tis evaluation o the endpoint security market is intended to be a starting point only. We encourage

clients to view detailed product evaluations and adapt criteria weightings to t their individual

needs through the Forrester Wave Excel-based vendor comparison tool.


7/17




Figure 1Evaluated Vendors: Product Inormation

Source: Forrester Research, Inc.

Vendor

IBM

Symantec

McAfee

Kaspersky

Lumension

LANDesk

TrendMicro

F-Secure

Sophos

Product evaluated

IBM Tivoli Endpoint Manager

Symantec Endpoint Protection

Total Protection Suite

Endpoint Security

Endpoint Management and Security Suite

LANDesk Security Suite

OceScan

Business Suite Client Security

Endpoint Protection Advanced

Product version

evaluated

8.2

12

8.8

8.1

7.2

9.5

10.6

9

10

Vendor selection criteria

A sizable enterprise customer base. We selected companies that have 1,500 or more enterprise

customers for their endpoint security products. We dene an enterprise as a company with 1,000 or more

endpoints.

A broad endpoint security portfolio. Each vendor has multiple endpoint security functions, including,

but not limited to, antimalware, host-based rewall/IPS, application control, device control, and patch

management. We also look for solutions that have integrated management spanning these functions.Because of this, we did not include any pure-play AV or antimalware providers.

A strategy to converge endpoint security and management. All of the evaluated rms have the ability

to do endpoint threat protection as well as management. Some of the vendors oer substantial

management capabilities, with security as new additions. Others have extensive security functions and

are strengthening their management support. We did not include any security or management

pure-plays.


8/17




Figure 2 Forrester Wave: Endpoint Security, Q1 13


Go online to download

the Forrester Wave tool

for more detailed product

evaluations, feature

comparisons, and

customizable rankings.

Risky

Bets Contenders Leaders

Strong

Performers

StrategyWeak Strong

Current

oering

Weak

Strong

Market presence

Full vendor participation

Symantec

Kaspersky

McAfeeLANDesk

Sophos

Trend Micro

IBM

Lumension

F-Secure


9/17




Figure 2 Forrester Wave: Endpoint Security, Q1 13 (Cont.)

VendoR pRoFiles

lr prv a Brt o Mtr T

Symantec leads in breadth o product portolio and in strategy. Symantec excels in its broadunctional coverage as well as its consistent strength across many dierent areas. Symanteccontinues to be a Leader in the endpoint security space and remains a good choice or

enterprise customers.

Strengths: Symantec is arguably the most recognized name in the enterprise security market.

Symantec Endpoint Protection (SEP) v12 is one o the broadest product suites that we reviewed

in this study. Te suite includes antimalware, application control, device/media control, HIPS/

rewall management, exploit protection, and network access control (NAC). Symantecs core

AV product perorms well in third-party tests. Customers we interviewed report good scalability

and consistent perormance with the SEP product. We also like the single-client architecture

combined with the Symantec Protection Center management console a good step towardtrue enterprise integration. Symantec also made signicant investments in the mobile security

space by acquiring Odyssey Soware and Nukona to strengthen its mobile device management

and mobile application management capabilities.


F-Secure

IBM

Kaspersky

LANDesk

Lumensio

n

McAfee

Sophos

Symantec

CURRENT OFFERING

Core technologies

STRATEGY

Cost and licensing model

Product road map

Go-to-market strategies

MARKET PRESENCE

Enterprise presenceCustomer market presence

License partners

2.79

2.79

4.68

4.65

5.00

4.00

1.55

1.004.00

2.00

Forresters

Weighting

50%

100%

50%

20%

55%

25%

0%

65%10%

25%

2.97

2.97

3.38

3.67

3.00

4.00

1.10

1.002.00

1.00

3.44

3.44

3.76

4.32

3.00

5.00

2.55

2.005.00

3.00

3.51

3.51

3.00

3.00

3.00

3.00

0.85

1.002.00

0.00

3.22

3.22

3.03

4.65

2.00

4.00

1.35

1.002.00

2.00

3.38

3.38

3.70

4.02

3.00

5.00

5.00

5.005.00

5.00

3.35

3.35

3.88

4.67

4.00

3.00

4.80

5.003.00

5.00

3.50

3.50

4.32

4.35

4.00

5.00

5.00

5.005.00

5.00

TrendMicro

2.88

2.88

3.51

3.65

3.00

4.50

3.20

3.005.00

3.00

All scores are based on a scale of 0 (weak) to 5 (strong).


10/17




Weaknesses: SEP is not quite the one-stop shop you need. Although SEP provides many

endpoint security unctions, you would need Altiris, a separate product, or endpoint

management. Endpoint encryption and DLP, two o Symantecs market-leading products, are

sold separately. Although Symantec Protection Center (SPC) can manage these productstogether, customers that want true integration among endpoint encryption, DLP, and SEP still

nd the integration process not straightorward. Symantec also needs to move away rom its

threat-centric approach and demonstrate more thought leadership in managing attack surace

and vulnerabilities.

McAee shines in portolio breadth and integrated policy management. As an enterpriseproduct, McAees otal Protection Suite delivers many bells and whistles or demanding

enterprise customers. Its ePolicy Orchestrator provides extensive enterprise management

unctions, and McAee is one o the ew AV vendors that has made serious investments in

application control and HIPS technologies.

Strengths: McAees otal Protection Suite provides broad endpoint security unctions,

including antimalware, application control, device control, and HIPS/rewall control. McAee

stood out in its strong application control and device control unctions. In addition, McAee

oers solid HIPS and rewall management unctions. McAees e-Policy Orchestrator, its

enterprise management console, remains a strong dierentiator in the industry. With ePO,

McAee presents the most integrated management option in this evaluation. We were impressed

with how expressive and powerul ePO is as a policy engine. It provides many conguration

choices or even the most complex enterprise environments.

Weaknesses: Customers have complained about perormance and detection precision oMcAees antimalware product. Tey reported CPU-hogging and a large memory ootprint. In

addition, McAee alls short with its patch management unction, which is entirely Windows-

ocused and which missed many third-party patches in the test we conducted. Even though the

administration o the various security products are integrated, the architecture calls or separate

client installs or each unction, which adds operational complexity. Although McAee moved

early in the mobile security space, the company has not done a whole lot with the rust Digital

technology that it acquired.

Kaspersky is a rising star in the endpoint security space. Kaspersky is a recent entrant in theenterprise market. Overall, the product has made signicant improvements in its enterprise

support eatures. Because o its extensive security strength and an attractive price point, we expect

many organizations to short-list Kaspersky when considering an endpoint security product.

Strengths: Kaspersky enjoys an impressive growth throughout the US and EMEA in both

the consumer and SMB markets. Te company is beginning to make a name or itsel in

the enterprise space as well. Kasperskys antivirus technologies have received high marks


11/17




in many independent tests. Te company continues to expand via an aggressive OEM and

channel strategy, which has served it well. We like Kasperskys orward-looking strategy, where

signicant architectural advances will make its endpoint security suite more integrated and

more management riendly, as well as its ocused R&D investments in endpoint encryption andmobile device management technologies. Aided by strong threat research and a broad portolio

o ancillary endpoint security technologies, Kasperskys endpoint security products provide a

good option or organizations with extensive security requirements.

Weaknesses: Version 8 o Kasperskys endpoint security product does not support patch

management. Some o its security products are not yet integrated with the endpoint security

administration server. Kaspersky tells us that v10 will remediate this. Kaspersky also needs to

augment its threat-centric strategies with more ocus on endpoint data protection. Although

Kaspersky provides mobile antimalware products, the company does not have much else in

the way o mobile device management today. Kasperskys virtualization and cloud computing

support also have room or improvement. But above all, we think Kasperskys strategy in cloud

delivery is weak. Both system management and security unctions or the endpoint are being

moved into the cloud today; Kaspersky isnt quite there in terms o service delivery competency.

Sophos oers strong threat protection capabilities. Organizations that have a strong endpointmanagement inrastructure but that need to strengthen their endpoint protection, as well as

those that have a sizable consumer endpoint population (e.g., mobile devices, Macs), would do

well to consider Sophos products.

Strengths: Customers o Sophos agree that its endpoint security products deliver strong security

capabilities. Sophos antimalware product has one o the best malware detection rates on themarket today and is well reviewed in third-party studies. Sophos is one o the small number o

vendors that actually put R&D eort into its host intrusion prevention system (HIPS) product,

as opposed to many others that simply pay lip service to HIPS. Sophos HIPS unction catches

malware that its AV engine may have missed. In addition, SophosLabs is well known in the

security industry and has built up a community around its threat and malware research. We

also like Sophos endpoint encryption capability, a recommended unction to include in your

endpoint security purchases. Its worth noting that Sophos has good support or mobility and

Mac, which is becoming an increasingly important capability or enterprise environments.

Weaknesses: As an endpoint security suite, Sophos is heavy on threat protection but needs

to strengthen its application control, device control, and patch management capabilities. Te

products endpoint management unctions also have room or improvement customers o

Sophos reported that large-scale deployments o Sophos endpoint security are best done via a

third-party management system.


12/17




str prrmr ex i etr srt or Mmt

F-Secure boasts strong antimalware unctions. oday, F-Secures antimalware product is asolid competitor among the best in the industry. I the company executes its vision as it was laid

out, F-Secure is on the path to becoming an innovation leader in this market.

Strengths: F-Secures AV product perorms well in third-party comparison tests and received

excellent marks rom customers we interviewed. A distinct eature o F-Secures antimalware

product is its ecient use o resources. F-Secures behavioral and heuristics analysis engines are

among some o the best on the market. Its also one o the ew vendors that oer browser plugins

or automatic sandboxing. We were especially impressed with the road map and vision the

company has laid out or the next two years. F-Secure is actively developing a service-enabling

platorm rather than continuing to sell soware and appliances. Tis vision closely aligns

with the biggest climate change happening in enterprise I today, in which organizations are

moving to procuring services rather than products. For a security-ocused company, F-Securealso acknowledges and advocates that better patch management and better application control

comprise a more eective way o protecting endpoints, and the company is actively working to

strengthen those parts o its portolio.

Weaknesses: As a product suite, F-Secure oers rudimentary application control and device

control unctions. It also does not yet have any patch management capabilities. Auxiliary

endpoint security unctions such as encryption and host-based web security are also lacking.

IBM endpoint manager provides powerul endpoint visibility and management. Forenvironments that are large and have complex management requirements or or environments

with continuous monitoring needs, ivoli Endpoint Manager is your choice.

Strengths: IBMs endpoint management products (AKA EM) largely came rom its acquisition

o BigFix. Along with its antimalware technology, which IBM OEMs rom rend Micro, EM

oers unique endpoint management and security capabilities. Most notable is the products

xlet architecture, which provides not only real-time visibility o the endpoint but also a

powerul means o automating endpoint management workfows. Fixlets make it easy to

ascertain in real time endpoint compliance and to eect changes to maintain compliance at

scale. EM is a truly integrated endpoint security and management platorm, with a single

client architecture. We also note that IBM recently made signicant R&D improvements to its

mobile device management product, also part o EM.

Weaknesses: EM does not have application control unctions. Endpoint encryption is also

missing rom the portolio. Te administration console is not particularly navigational riendly,

which can be challenging to novice users.


13/17




LANDesk is an endpoint management platorm that ventured into security.Overall, we likeLANDesks strength in helping enterprises manage their attack surace and vulnerabilities, but

we want to see more ocus on endpoint security.

Strengths: LANDesk Security Suite delivers strong application control, patch management, and

HIPS/rewall unctions. Te suite also OEMs Kasperskys endpoint AV. LANDesks endpoint

management unctions are comprehensive and deep. Customers can use this suite to conduct

complex asset management tasks. We were impressed with LANDesks patch management

capabilities, which received the highest score in this evaluation. Patch management with

LANDesk can provide deep endpoint visibility, executing extremely complex workfows, but

at the same time is easy to use. We also like LANDesks vulnerability research capabilities,

which eed its patch management product. Te company also has a mobile device management

product that is integrated with the same admin console as its PC platorm.

Weaknesses: Ultimately, LANDesk Security Suite is more management platorm than security.

LANDesk OEMs Kasperskys endpoint AV, and in the past there would be a signicant lag

beore LANDesk adopted the latest release rom Kaspersky. Te version o LANDesks suite

we reviewed included Kaspersky endpoint AV v6.0, even though v8.0 had been available or a

while. LANDesk has recently moved away rom using Kasperskys SDK, which should allow or

a timelier update. Te company has since released Kaspersky v8.0, although we did not evaluate

it as part o this study. Going orward, it remains to be seen how quickly LANDesk delivers on

its promises to protect its customers rom the latest cyberthreats. At times, some o the security

capabilities eel bolted on rather than a natural extension o its core unctionality. LANDesk also

lacks native threat research, which can put it at a disadvantage in a dynamic threat environment.

Lumension expands rom management to security.Lumensions endpoint security suite isa good option or companies with a mature endpoint management strategy and a desire to

consolidate endpoint security and management. In addition, even though we did not review

them in this study, Lumensions compliance/risk intelligence module and the newly acquired

Corerace product complement its endpoint security and management products nicely.

Strengths: Lumensions roots are in patch management, and patch management is still one o

its strongest oerings today. From a strategy standpoint, the Lumension Endpoint Management

and Security Suite (LEMSS) oers a good balance between management and security unctions.

Te product sports an impressive single-client architecture that ties many dierent unctions

into a unied inrastructure. Tis architecture simplies deployment, management, and

reporting, which sets it apart in a eld rie with suites that are patched together rom disparate

products. Te Lumension customers that we interviewed gave excellent marks or its patch and

endpoint management unctions, which are eective and easy-to-use. Many customers have

since adopted application control and device/media control, two Lumension products that also

stood out in our evaluation. Tose who value single console management have urther adopted

Lumensions antimalware product, which it OEMs rom Norman.


14/17




Weaknesses: Lumension does not oer mobile device management or mobile security products,

and its virtualization support is still maturing. Customers may also nd it conusing to navigate

through the myriad product categories that Lumension has; the company very much needs to

streamline and weave a more consistent theme among its various products.

Trend Micro provides good support or cloud and virtualization security. Overall, rendMicros leadership in data center and virtualization security, road map to strengthen mobile

support, and attractive price point make it a solid choice or many organizations.

Strengths: rend Micro continues to have a large presence in both enterprise and consumer

markets. Its core business suite, OceScan endpoint protection, combines solid antimalware

and HIPS/rewall unctions and delivers them through a simple and streamlined interace.

rend Micros Deep Security product is notable in the server security space. We especially

like Deep Securitys virtual patching capabilities, which can serve as an important deense

layer or data center security. rends strategy supporting the burgeoning trends in mobile and

virtualization also sets it apart: Organizations with basic mobile needs will nd rends mobile

device management technologies more than adequate. Additionally, Deep Security oers some

o the best virtualization support on the market today.

Weaknesses: rend Micros OceScan is not a comprehensive endpoint security suite. It

alls short on application control and patch management capabilities. Additionally, rends

endpoint encryption product is not integrated with OceScan, which means I has to manage

a completely separate endpoint security product i the company wants encryption along with

endpoint threat protection.

suppleMenTal MaTeRial

o Rr

Te online version o Figure 2 is an Excel-based vendor comparison tool that provides detailed

product evaluations and customizable rankings.

dt sr u i T Frrtr Wv

Forrester used a combination o ve data sources to assess the strengths and weaknesses o each

solution:

Hands-on lab evaluations. Each vendors spent hal a day with a team o analysts whoperormed a hands-on evaluation o the product using a scenario-based testing methodology.

More specically, Forrester used a machine to test the products patch management unctions.

Te test machine was built with an outdated Windows operating system as well as outdated


15/17




third-party applications. We loaded each vendors patch management client on the machine and

collected patch assessment results. Whenever possible, we asked the vendor to carry out patch

remediation on the machine. We rebuilt the same test machine or each vendor, ensuring a level

playing eld by evaluating every product with the same environment.

Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluationcriteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where

necessary to gather details o vendor qualications.

Product demos. We asked vendors to conduct demonstrations o their products unctionality.Te demos were conducted alongside the lab evaluations. We used ndings rom these product

demos to validate details o each vendors product capabilities.

Customer reerence calls. o validate product and vendor qualications, we asked each vendorto submit at least two enterprise customer reerences and we conducted reerence calls with the

customers.

Forrester client inquiries. Each vendor included in this study appears requently in Forresterend user inquiries. We leveraged heavily on the content o these inquiries to validate ndings

gathered rom other sources.

T Frrtr Wv Mt

We conduct primary research to develop a list o vendors that meet our criteria to be evaluated

in this market. From that initial pool o vendors, we then narrow our nal list. We choose thesevendors based on: 1) product t; 2) customer success; and 3) Forrester client demand. We eliminate

vendors that have limited customer reerences and products that dont t the scope o our evaluation.

Aer examining past research, user need assessments, and vendor and expert interviews, we develop

the initial evaluation criteria. o evaluate the vendors and their products against our set o criteria,

we gather details o product qualications through a combination o lab evaluations, questionnaires,

demos, and/or discussions with client reerences. We send evaluations to the vendors or their review,

and we adjust the evaluations to provide the most accurate view o vendor oerings and strategies.

We set deault weightings to refect our analysis o the needs o large user companies and/or

other scenarios as outlined in the Forrester Wave document and then score the vendors basedon a clearly dened scale. Tese deault weightings are intended only as a starting point, and we

encourage readers to adapt the weightings to t their individual needs through the Excel-based

tool. Te nal scores generate the graphical depiction o the market based on current oering,

strategy, and market presence. Forrester intends to update vendor evaluations regularly as product

capabilities and vendor strategies evolve.


16/17




endnoTes

1 For more inormation on application control, see the September 7, 2012, Application Control: An Essential

Endpoint Security Component report.
http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502


17/17

Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to

global leaders in business and technology. Forrester works with professionals in 17 key roles at major companies providing proprietary

research customer insight consulting events and peer-to-peer executive programs For more than 29 years Forrester has been making

Forrester Focuses On

Security & Risk Professionals

t hp m pz w bsss pps s,

ms s pp gv vsgh mg s wh

pmzg s psss d hgs xb.

Fss sbj-m xps d dp dsdg w hp wd-hg sgs; wgh pp

gs s; js dss; d pmz dvd, m, d

p pm.

Sean RhodeS, client persona representing Security & Risk Professionals

About Forrester

a gb sh d dvs fm, Fs sps ds,

ms b dss, d hps h wds p mps

h mpx hg bsss dvg. o sh-

bsd sgh d bjv dv b it psss

d m sss wh it d xd h mp bd

h d it gz. td dvd ,

ss w s mp bsss sss

mg, spd, gwh fs, hg sd.

foR moRe infoRmation

o nd out how Forrester Research can help you be successul every day, please

contact the oce nearest you, or visit us at www.orrester.com. For a complete list

o worldwide locations, visit www.orrester.com/about.

Client SuppoRt

For inormation on hard-copy or electronic reprints, please contact Client Support

at +1 866.367.7378, +1 617.613.5730, or [email protected] . We oer

quantity discounts and special pricing or academic and nonprot institutions.
mailto:[email protected]:[email protected]://www.forrester.com/

forrester client security wave report

Documents