Information Security Mag has an article by Ed Skoudis and Matt Carpenter in which they do a bake off between several endpoint protection products.
(not sure if non-subscribers can view that or not. Its free to sign up or try bugmenot).
This will make all the Symantec bashers angry, but it actually comes out rather well. Looks like it will be worth it to learn the new platform that is SEP and upgrade.
Points of interest to me
- ISS not doing so well. They dont have their own AV so the AV piece and the rest seem cobbled together
- Third Brigade not yet well integrated with Trend
- McAfee surprisingly not doing well. I would have expected McAfee HIPS (Entercept) to have crushed the malware tests. It seemed that only the buffer overflow protection was tested. Was HIPS not on by default? I’m pretty sure it is part of Total Protection Enterprise
- Symantec doing rather well.
- Sophos scanning on read only by default
The article writers feel that Endpoint Protection suites are still new and have some maturing to do.