|
Overview: Upgrading to Microsoft Windows 7 requires some tough decisions about device control, a potential weak link in the effort to protect against cyber attacks. With several choices available, which product should a company choose? The answer depends upon on two issues; scalability and level of device protection required. Our study looked at three device control products: DeviceLock, Symantec Endpoint Protection Device Control and Microsoft Device Manager, which is the inherent device control product included with the Microsoft Windows 7 operating system. Each product was evaluated using the same criteria. Products: The first product evaluated was DeviceLock. The company specializes in device control, is an industry leader, and has been selling its products since 1996. They offer low-cost licensing fees, which vary depending upon the size of the client's business. Its key features include:
• High level of functionality with white/black listing o Allows users to white/black list based on Vid_Pid • Updates via group policy (GPO) o Provides easy update capabilities, which will be needed with the always changing list of items to be white or black listed. Providing the feature to list based on Vid_Pid allows organizations to block/allow the devices they wish to by entering the Vid_Pid of a device, instead of entering a unique string which is given to all devices. In terms of scalability, this feature makes the DeviceLock product a great option for all size organizations. The main setback with this company is the lack of customer support. The third level of support for this product is the president of the company. The second product evaluated was Symantec Endpoint Protection Device Control. Many organizations currently run Symantec Endpoint Protection (SEP) for anti-virus and firewall protection. SEP also provides the functionality to handle device control with no additional licensing costs or fees. This means that companies may be able to handle their device control issues with SEP, instead of incurring extra expenses for an additional product. The key features of the product include: • Ability for configuration at the client level • Functionality to log changes with built in reporting • Symantec is the industry leader in security and has been in the market one to two years longer than DeviceLock • Symantec also offers great customer support o Assigning a technical account manager to each client The setbacks with the product are as follows. First, SEP will not update via GPO. Second, it is possible to control individual devices, but only with complex policy work. Third, SEP Device Control does not give users the ability to white/black list by Vid_Pid's. Finally, the product can use active directory (AD), but it will not be effective if there is no unification between business units within an organization. Meaning that if laptops, desktops and servers are not classified in the same organizational unit, across all business units within an organization, then SEP Device Control will not be able to be managed using AD. Overall, the SEP Device Control product has the potential to effectively protect an organization if the organization has unification among all business units, which often times is not the case with large companies. This factor shows that SEP Device Control may not be the best alternative for large organizations, but can work for small and medium sized firms. The third product evaluated was Microsoft Device Manager, which comes with the Microsoft Windows 7 operating system (OS). This is Microsoft's first attempt at device control, which may account for its limited functionality. The key factor behind using Microsoft Device Manager is that it is a part of the OS; therefore all companies running Windows 7 can use the product with no additional fees. This can also pose a problem in companies that have yet to switch all of their computers to the Windows 7 OS, because the desktop management interface is not backwards compatible. This means that firms cannot manage devices on Windows XP machines if they are using the Windows 7 Device Manager. The second positive aspect is the extensive support provided by Microsoft for its products. The final key aspect of the product is that it does update via GPO. The negatives of the Microsoft Device Manager product are extensive and include the following: • White/Black listing limited o Cannot use Vid_Pid o Must enter each devices unique string into the system o Time consuming • Cannot lock per user or group o Can only allow/block access for all users • Since the product is new there is limited documentation on how to configure the product Taking this information into consideration, it is clear to see that the Microsoft Device Manager is far too basic for most business environments. At this point in time the product seems more appropriate to individual users rather than corporations. Conclusion: Our conclusion is that the DeviceLock product is the best solution for both large and small companies. This product has the functionality to effectively handle all levels of protection involving device control. The SEP Device Control product may be able to work for certain small to medium sized companies, but going with the DeviceLock product will allow the company to grow and not have to worry about migrating to a new form of device control. At this point in time, the Microsoft Device Manager product is new to the market and does not yet have the functionality to serve as a device control product for any size firm.
Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall product leveled at centrally managed corporate environments security for servers and workstations. |
||||||||||||||||
Similar Products To Symantec Endpoint Protection
Symantec Endpoint Protection 11.0
Symantec Endpoint Protection Small Business Edition (1 User)
Symantec Endpoint Protection Small Business Edition (5 User)
Symantec Endpoint Protection (5 user)
Symantec Endpoint Protection Small Business Edition (10 Users)
Symantec Endpoint Protection (10 user)
Symantec Corporation 21182356 Endpoint Protection 12.1 En Crom Media
Symantec Endpoint Protection Small Business Edition (25 Users)
Filed under Utilities Software by on Nov 2nd, 2011. 
Recent comments