forrester client security wave report
TRANSCRIPT
-
7/29/2019 Forrester Client Security Wave Report
1/17
Fs rsh, i., 60 a P Dv, cmbdg, Ma 02140 uSat: +1 617.613.6000 | Fx: +1 617.613.5000 | www.s.m
The Forrester Wave: EndpointSecurity, Q1 2013b chx Wg, Ph.D. d chs Shm, J 4, 2013
For: S &
rs Psss
key TakeaWays
et srt cmt i cr T yr iT srt ptr
odays enterprises are a dynamic and distributed environment, made up o diverse
endpoints, data centers, and cloud services. I security pros realize that endpointsare where the perimeter is, and traditional network-centric deenses may not
work within a transient endpoint environment. Tereore, an I security spotlight
should ocus on a better security posture or the endpoints.
et srt st dmt T etrr Mrt
Te endpoint security market is evolving rom AV-only to one that avors multiple
unctions in an integrated suite. I security pros see the benets o consolidated
management and reporting rom a single console. Other related unctions, such as
endpoint encryption, web security, and endpoint DLP, are also being pulled into
this suite or simplied management and integrated visibility.
at ctr, R-Tm Vbt, a pt Mmt ar
k drttr
As the AV-only approach becomes less eective, organizations begin to realize
the impact o managing their application portolio and minimizing the attack
surace. Application control and patch management are two unctions that serve
these purposes. Another crucial unction is real-time endpoint visibility, which is a
dierentiator o a security suite rather than a collection o disparate unctions.
-
7/29/2019 Forrester Client Security Wave Report
2/17
2013, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Inormation is based on best available
resources. Opinions refect judgment at the time and are subject to change. Forrester , Technographics, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks o Forrester Research, Inc. All other trademarks are the property o their respective companies. To
purchase reprints o this document, please email [email protected]. For additional inormation, go to www.orrester.com.
For Security & riSk ProFeSSionalS
Why Read This RepoRT
In Forresters 50 criteria evaluation o endpoint security vendors, we identied nine top providers in the
category F-Secure, IBM, Kaspersky, LANDesk, Lumension, McAee, Sophos, Symantec, and rend
Micro and researched, analyzed, and scored them. o help security and risk proessionals select the
right partner to tackle endpoint security challenges, this report details our ndings about how well each
vendor ullls our criteria and where they stand in relation to each other.
tb o cs
et srt: T a h o iTsrt
edp S empsss M thJs avs
et srt evt ovrvw
ev c Fs o epsrqms
evd Vds Hv a Sg t Dvigd S ad Mgm
T et srt Mrt h M
Mtr T
Vr prf
lds Pvd a Bdh o Mthgs
Sg Pms ex i eh S oMgm
smt Mtr
ns & rss
Fs dd pd vs M 2012 d vwd 18 vd
d s mps: iBM, ksps lb,
lanDs Sw, lms S,
Ma, Sphs, Sm, td M,
d m h d s gzs.
rd rsh Dms
app c: a ess edp
S cmp
Spmb 7, 2012
Pp F awh, am, a-Dv
eggm, Wh a Sss Mb
ah
J 29, 2012
edp S adp tds, Q2 2011
Q4 2012
Dmb 5, 2011
T Frrtr Wv: et srt, Q1 2013edp S Ss t c Sg i th eps
b chx Wg, Ph.D. d chs Shm
wh Sph Bs d e ch
2
3
5
13
January 4, 2013
http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=BIO1724http://www.forrester.com/go?objectid=BIO2680http://www.forrester.com/go?objectid=BIO1123http://www.forrester.com/go?objectid=BIO1123http://www.forrester.com/go?objectid=BIO2680http://www.forrester.com/go?objectid=BIO1724http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES58027http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES61569http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/ -
7/29/2019 Forrester Client Security Wave Report
3/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 2
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
endpoinT secuRiTy: The achilles heel oF iT secuRiTy
Computing endpoints, clients, and servers make up the bulk o enterprise computing resources.
Protecting these endpoints and the inormation resident on them is an important aspect o I
security. In the 2012 ForrSights security survey, security proessionals ranked managingvulnerabilities and threats as one o the top I priorities, ranked only behind data security.
Since user endpoints are oen the rst place where attacks and exploits happen, I invests in
endpoint security technologies to:
Deend against threats targeting user endpoints. User endpoints are eectively the enterpriseperimeter where attackers seek to break into the company inrastructure. Te RSA breach and
the Google Aurora attack each started rom a single compromised user endpoint. Endpoint-
based security technologies help protect the endpoint wherever it might be without relying on
inrastructure-based security capabilities such as rewalls and intrusion prevention systems (IPS).
Manage vulnerabilities and reduce the attack surace. With diversity increasing due to bothcorporate-owned and personally owned endpoints, and the number o unique variants o malware
reaching the millions, addressing endpoint security can be daunting. Endpoint measures such as
application control and patch management help eradicate vulnerabilities and reduce the endpoint
attack surace, an especially important means in the ever-increasing threat landscape.
Monitor and gain visibility o user endpoints or compliance. Organizations with complianceand continuous monitoring requirements demand the visibility that endpoint security
technologies provide. Some o the products we reviewed are capable o reporting real-time
compliance status o endpoints, which gives corporate I a powerul tool to remediate
noncompliance and ascertain security posture.
Endpoint Security Encompasses More Than Just Antivirus
raditional endpoint security is synonymous with antimalware. Its no secret that signature-based
antimalware technologies have not ared that well with todays modern malware. As a result,
enterprise I is moving away rom point antimalware technologies and moving to deploy layered
deense with a portolio o measures that include not just antimalware but also host-based rewall/
IPS, application control, device and media control, and endpoint encryption.1
In addition, management unctions such as patch management and system management were
separate rom security unctions in the past, with separate buyers and budgets, but in recent years,
weve seen a growing inclination rom enterprise I to integrate management with security. Patch
management, in particular, has the biggest security impact and is oen considered as part o an
endpoint security suite. In the customer interviews we conducted or this Forrester Wave, almost
everyone reported that its important to perorm endpoint security tasks rom the same console
where patch management tasks are perormed.
-
7/29/2019 Forrester Client Security Wave Report
4/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 3
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
o help I security achieve these goals, endpoint security suites now routinely include threat
protection, patch and vulnerability management, and even system management unctions. Tis
Wave takes these trends into consideration. In particular, we placed an emphasis on the broad
unctionality o endpoint security, which includes a plethora o endpoint security and managementmeasures beyond antimalware. We give credit to those vendors that oer a truly integrated endpoint
security suite rather than a laundry list o patched-together, disparate unctions. rue integration,
in our denition, means an integrated client architecture, integrated management, and reporting.
We also look or vendor solutions that have a strong underlying strategy or cloud service delivery.
Forrester believes strongly that cloud inrastructure will replace todays on-premises soware and
hardware or system and security management tasks. Tis is not just an SMB requirement its the
uture o how an enterprise will manage its endpoints.
In this Wave, we loosely dene an endpoint as an end user computing unit, which is synonymous
with client. Although we did include a ew criteria or server protection, security proessionals
should not view this report as a study or server security, as we have not specically ocused on that.
endpoinT secuRiTy eValuaTion oVeRVieW
o assess the state o the endpoint security market and see how the vendors stack up against each
other, Forrester evaluated the strengths and weaknesses o nine endpoint security vendors.
evt crtr F o etrr Rqrmt
Aer examining past research, user need assessments, and vendor and expert interviews, wedeveloped a comprehensive set o evaluation criteria. We evaluated vendors against 50 criteria,
which we grouped into three high-level buckets:
Current oering. We evaluated core capabilities or protecting user endpoints against threatssuch as malware and exploits, as well as unctions such as patch management, soware
distribution, and central management. We also spoke with customer reerences to validate
vendor strategies and capabilities. Troughout this study, we leveraged Forrester client inquiries
as a major source o inormation-gathering.
In this Wave we conducted actual patch management tests. We built a Windows 7 laptop with
various out-o-date applications, including Chrome, Fireox, Internet Explorer, RealPlayer, MSOce, Java, Adobe Reader, Flash, as well as missing OS patches. We loaded each vendors patch
management client (i it was available) on the machine, placed the machine in Forresters DMZ,
and asked the vendor to report patch assessment results rom their management server. o
the extent possible, we asked the vendor to administer patch remediation. We rebuilt the test
machine to the exact specications aer each test, ensuring that every vendor could work with
the same environment.
-
7/29/2019 Forrester Client Security Wave Report
5/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 4
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Strategy. We looked at each vendors vision or its endpoint security suite and its short-termroad map or the next 12 months, and we evaluated this inormation against the broad I
climate as we know it. We also evaluated the cost o each product, the nancial health o the
company, and its partner and channel strategies.
Market presence. We evaluated each vendors enterprise install base or its endpoint securityproducts, as well as the number o companies that license the vendors technologies. We also
took into account any presence in the consumer market and whether that presence contributed
to the competency o the enterprise products.
evt Vr hv a strt T dvr itrt srt a Mmt
Forrester invited nine vendors in this evaluation: F-Secure, IBM, Kaspersky, LANDesk, Lumension,
McAee, Sophos, Symantec, and rend Micro. We evaluated their endpoint security productportolios (see Figure 1). Each o these vendors has:
A sizable enterprise customer base. We selected companies that have 1,500 or more enterprisecustomers or their endpoint security products. We dene an enterprise as a company with
1,000 or more endpoints.
A broad endpoint security portolio. Each vendor has multiple endpoint security unctions,including, but not limited to, antimalware, host-based rewall/IPS, application control, device
control, and patch management. We also look or solutions that have integrated management
spanning these unctions. Because o this, we did not include any pure-play AV or antimalware
providers.
A strategy to converge endpoint security and management. All o the evaluated rms havethe ability to do endpoint threat protection as well as management. Some o the vendors oer
substantial management capabilities, with security as new additions. Others have extensive
security unctions and are strengthening their management support. We did not include any
security or management pure-plays.
Tere are many endpoint security vendors that we did not include in this evaluation. Some other
interesting players in the space include:
Microsof. Microso has built increasingly more security unctions into its Windows operatingsystem. Because o Windows popularity, many I organizations are now evaluating Windows
native security as a viable option or endpoint security and management. We wanted to
include Microso in this study, but Microso declined to participate. Ultimately, because o its
inherent Windows ocus, this might not have been the right study or Microso to demonstrate
its endpoint security capabilities. Forrester plans to conduct a separate study o Microsos
endpoint security unctions and will publish that study ollowing this Wave report.
-
7/29/2019 Forrester Client Security Wave Report
6/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 5
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Consumer- or SMB-acing endpoint security providers. Tis category includes AVG, AvastSoware, Bitdeender, ESE, eScan (MicroWorld echnologies), Malwarebytes, and many
others. As we previously stated, we aimed this evaluation at the enterprise market, and thereore
we did not include any consumer- or SMB-acing players.
Other business-acing solutions. Other vendors that ocus on supporting endpoint securityand management or corporate I include Check Point Soware, Norman, Panda Security, and
Webroot. Tese providers did not qualiy based on our selection criteria.
The endpoinT secuRiTy MaRkeT has Many MaTuRe Technologies
Te evaluation uncovered an established market with many mature solutions (see Figure 2):
Symantec, Sophos, McAee, and Kaspersky lead the pack. Symantec, McAee, and Sophos are
established names in the enterprise security market, and they stood out or their extensive security
capabilities as well as their approaches or integrated management. Kaspersky is a somewhat new
entrant in the enterprise market, but its solid security technologies, combined with a vision or
integrating endpoint security and management, make Kaspersky a solid competitor.
IBM, TrendMicro, LANDesk, Lumension, and F-Secure oer competitive options.Te vendorsin the Strong Perormer category come rom two distinct lineages: enterprise management and
endpoint security. IBM, LANDesk, and Lumension are in the ormer category, while rendMicro
and F-Secure come rom the latter. echnologies in the two categories are converging, and as a
result, each vendor is integrating security technologies with endpoint management capabilities, a
trend that aims to simpliy and streamline enterprise endpoint operations.
Tis evaluation o the endpoint security market is intended to be a starting point only. We encourage
clients to view detailed product evaluations and adapt criteria weightings to t their individual
needs through the Forrester Wave Excel-based vendor comparison tool.
-
7/29/2019 Forrester Client Security Wave Report
7/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 6
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Figure 1Evaluated Vendors: Product Inormation
Source: Forrester Research, Inc.
Vendor
IBM
Symantec
McAfee
Kaspersky
Lumension
LANDesk
TrendMicro
F-Secure
Sophos
Product evaluated
IBM Tivoli Endpoint Manager
Symantec Endpoint Protection
Total Protection Suite
Endpoint Security
Endpoint Management and Security Suite
LANDesk Security Suite
OceScan
Business Suite Client Security
Endpoint Protection Advanced
Product version
evaluated
8.2
12
8.8
8.1
7.2
9.5
10.6
9
10
Vendor selection criteria
A sizable enterprise customer base. We selected companies that have 1,500 or more enterprise
customers for their endpoint security products. We dene an enterprise as a company with 1,000 or more
endpoints.
A broad endpoint security portfolio. Each vendor has multiple endpoint security functions, including,
but not limited to, antimalware, host-based rewall/IPS, application control, device control, and patch
management. We also look for solutions that have integrated management spanning these functions.Because of this, we did not include any pure-play AV or antimalware providers.
A strategy to converge endpoint security and management. All of the evaluated rms have the ability
to do endpoint threat protection as well as management. Some of the vendors oer substantial
management capabilities, with security as new additions. Others have extensive security functions and
are strengthening their management support. We did not include any security or management
pure-plays.
-
7/29/2019 Forrester Client Security Wave Report
8/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 7
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Figure 2 Forrester Wave: Endpoint Security, Q1 13
Source: Forrester Research, Inc.
Go online to download
the Forrester Wave tool
for more detailed product
evaluations, feature
comparisons, and
customizable rankings.
Risky
Bets Contenders Leaders
Strong
Performers
StrategyWeak Strong
Current
oering
Weak
Strong
Market presence
Full vendor participation
Symantec
Kaspersky
McAfeeLANDesk
Sophos
Trend Micro
IBM
Lumension
F-Secure
-
7/29/2019 Forrester Client Security Wave Report
9/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 8
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Figure 2 Forrester Wave: Endpoint Security, Q1 13 (Cont.)
VendoR pRoFiles
lr prv a Brt o Mtr T
Symantec leads in breadth o product portolio and in strategy. Symantec excels in its broadunctional coverage as well as its consistent strength across many dierent areas. Symanteccontinues to be a Leader in the endpoint security space and remains a good choice or
enterprise customers.
Strengths: Symantec is arguably the most recognized name in the enterprise security market.
Symantec Endpoint Protection (SEP) v12 is one o the broadest product suites that we reviewed
in this study. Te suite includes antimalware, application control, device/media control, HIPS/
rewall management, exploit protection, and network access control (NAC). Symantecs core
AV product perorms well in third-party tests. Customers we interviewed report good scalability
and consistent perormance with the SEP product. We also like the single-client architecture
combined with the Symantec Protection Center management console a good step towardtrue enterprise integration. Symantec also made signicant investments in the mobile security
space by acquiring Odyssey Soware and Nukona to strengthen its mobile device management
and mobile application management capabilities.
Source: Forrester Research, Inc.
F-Secure
IBM
Kaspersky
LANDesk
Lumensio
n
McAfee
Sophos
Symantec
CURRENT OFFERING
Core technologies
STRATEGY
Cost and licensing model
Product road map
Go-to-market strategies
MARKET PRESENCE
Enterprise presenceCustomer market presence
License partners
2.79
2.79
4.68
4.65
5.00
4.00
1.55
1.004.00
2.00
Forresters
Weighting
50%
100%
50%
20%
55%
25%
0%
65%10%
25%
2.97
2.97
3.38
3.67
3.00
4.00
1.10
1.002.00
1.00
3.44
3.44
3.76
4.32
3.00
5.00
2.55
2.005.00
3.00
3.51
3.51
3.00
3.00
3.00
3.00
0.85
1.002.00
0.00
3.22
3.22
3.03
4.65
2.00
4.00
1.35
1.002.00
2.00
3.38
3.38
3.70
4.02
3.00
5.00
5.00
5.005.00
5.00
3.35
3.35
3.88
4.67
4.00
3.00
4.80
5.003.00
5.00
3.50
3.50
4.32
4.35
4.00
5.00
5.00
5.005.00
5.00
TrendMicro
2.88
2.88
3.51
3.65
3.00
4.50
3.20
3.005.00
3.00
All scores are based on a scale of 0 (weak) to 5 (strong).
-
7/29/2019 Forrester Client Security Wave Report
10/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 9
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Weaknesses: SEP is not quite the one-stop shop you need. Although SEP provides many
endpoint security unctions, you would need Altiris, a separate product, or endpoint
management. Endpoint encryption and DLP, two o Symantecs market-leading products, are
sold separately. Although Symantec Protection Center (SPC) can manage these productstogether, customers that want true integration among endpoint encryption, DLP, and SEP still
nd the integration process not straightorward. Symantec also needs to move away rom its
threat-centric approach and demonstrate more thought leadership in managing attack surace
and vulnerabilities.
McAee shines in portolio breadth and integrated policy management. As an enterpriseproduct, McAees otal Protection Suite delivers many bells and whistles or demanding
enterprise customers. Its ePolicy Orchestrator provides extensive enterprise management
unctions, and McAee is one o the ew AV vendors that has made serious investments in
application control and HIPS technologies.
Strengths: McAees otal Protection Suite provides broad endpoint security unctions,
including antimalware, application control, device control, and HIPS/rewall control. McAee
stood out in its strong application control and device control unctions. In addition, McAee
oers solid HIPS and rewall management unctions. McAees e-Policy Orchestrator, its
enterprise management console, remains a strong dierentiator in the industry. With ePO,
McAee presents the most integrated management option in this evaluation. We were impressed
with how expressive and powerul ePO is as a policy engine. It provides many conguration
choices or even the most complex enterprise environments.
Weaknesses: Customers have complained about perormance and detection precision oMcAees antimalware product. Tey reported CPU-hogging and a large memory ootprint. In
addition, McAee alls short with its patch management unction, which is entirely Windows-
ocused and which missed many third-party patches in the test we conducted. Even though the
administration o the various security products are integrated, the architecture calls or separate
client installs or each unction, which adds operational complexity. Although McAee moved
early in the mobile security space, the company has not done a whole lot with the rust Digital
technology that it acquired.
Kaspersky is a rising star in the endpoint security space. Kaspersky is a recent entrant in theenterprise market. Overall, the product has made signicant improvements in its enterprise
support eatures. Because o its extensive security strength and an attractive price point, we expect
many organizations to short-list Kaspersky when considering an endpoint security product.
Strengths: Kaspersky enjoys an impressive growth throughout the US and EMEA in both
the consumer and SMB markets. Te company is beginning to make a name or itsel in
the enterprise space as well. Kasperskys antivirus technologies have received high marks
-
7/29/2019 Forrester Client Security Wave Report
11/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 10
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
in many independent tests. Te company continues to expand via an aggressive OEM and
channel strategy, which has served it well. We like Kasperskys orward-looking strategy, where
signicant architectural advances will make its endpoint security suite more integrated and
more management riendly, as well as its ocused R&D investments in endpoint encryption andmobile device management technologies. Aided by strong threat research and a broad portolio
o ancillary endpoint security technologies, Kasperskys endpoint security products provide a
good option or organizations with extensive security requirements.
Weaknesses: Version 8 o Kasperskys endpoint security product does not support patch
management. Some o its security products are not yet integrated with the endpoint security
administration server. Kaspersky tells us that v10 will remediate this. Kaspersky also needs to
augment its threat-centric strategies with more ocus on endpoint data protection. Although
Kaspersky provides mobile antimalware products, the company does not have much else in
the way o mobile device management today. Kasperskys virtualization and cloud computing
support also have room or improvement. But above all, we think Kasperskys strategy in cloud
delivery is weak. Both system management and security unctions or the endpoint are being
moved into the cloud today; Kaspersky isnt quite there in terms o service delivery competency.
Sophos oers strong threat protection capabilities. Organizations that have a strong endpointmanagement inrastructure but that need to strengthen their endpoint protection, as well as
those that have a sizable consumer endpoint population (e.g., mobile devices, Macs), would do
well to consider Sophos products.
Strengths: Customers o Sophos agree that its endpoint security products deliver strong security
capabilities. Sophos antimalware product has one o the best malware detection rates on themarket today and is well reviewed in third-party studies. Sophos is one o the small number o
vendors that actually put R&D eort into its host intrusion prevention system (HIPS) product,
as opposed to many others that simply pay lip service to HIPS. Sophos HIPS unction catches
malware that its AV engine may have missed. In addition, SophosLabs is well known in the
security industry and has built up a community around its threat and malware research. We
also like Sophos endpoint encryption capability, a recommended unction to include in your
endpoint security purchases. Its worth noting that Sophos has good support or mobility and
Mac, which is becoming an increasingly important capability or enterprise environments.
Weaknesses: As an endpoint security suite, Sophos is heavy on threat protection but needs
to strengthen its application control, device control, and patch management capabilities. Te
products endpoint management unctions also have room or improvement customers o
Sophos reported that large-scale deployments o Sophos endpoint security are best done via a
third-party management system.
-
7/29/2019 Forrester Client Security Wave Report
12/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 11
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
str prrmr ex i etr srt or Mmt
F-Secure boasts strong antimalware unctions. oday, F-Secures antimalware product is asolid competitor among the best in the industry. I the company executes its vision as it was laid
out, F-Secure is on the path to becoming an innovation leader in this market.
Strengths: F-Secures AV product perorms well in third-party comparison tests and received
excellent marks rom customers we interviewed. A distinct eature o F-Secures antimalware
product is its ecient use o resources. F-Secures behavioral and heuristics analysis engines are
among some o the best on the market. Its also one o the ew vendors that oer browser plugins
or automatic sandboxing. We were especially impressed with the road map and vision the
company has laid out or the next two years. F-Secure is actively developing a service-enabling
platorm rather than continuing to sell soware and appliances. Tis vision closely aligns
with the biggest climate change happening in enterprise I today, in which organizations are
moving to procuring services rather than products. For a security-ocused company, F-Securealso acknowledges and advocates that better patch management and better application control
comprise a more eective way o protecting endpoints, and the company is actively working to
strengthen those parts o its portolio.
Weaknesses: As a product suite, F-Secure oers rudimentary application control and device
control unctions. It also does not yet have any patch management capabilities. Auxiliary
endpoint security unctions such as encryption and host-based web security are also lacking.
IBM endpoint manager provides powerul endpoint visibility and management. Forenvironments that are large and have complex management requirements or or environments
with continuous monitoring needs, ivoli Endpoint Manager is your choice.
Strengths: IBMs endpoint management products (AKA EM) largely came rom its acquisition
o BigFix. Along with its antimalware technology, which IBM OEMs rom rend Micro, EM
oers unique endpoint management and security capabilities. Most notable is the products
xlet architecture, which provides not only real-time visibility o the endpoint but also a
powerul means o automating endpoint management workfows. Fixlets make it easy to
ascertain in real time endpoint compliance and to eect changes to maintain compliance at
scale. EM is a truly integrated endpoint security and management platorm, with a single
client architecture. We also note that IBM recently made signicant R&D improvements to its
mobile device management product, also part o EM.
Weaknesses: EM does not have application control unctions. Endpoint encryption is also
missing rom the portolio. Te administration console is not particularly navigational riendly,
which can be challenging to novice users.
-
7/29/2019 Forrester Client Security Wave Report
13/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 12
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
LANDesk is an endpoint management platorm that ventured into security.Overall, we likeLANDesks strength in helping enterprises manage their attack surace and vulnerabilities, but
we want to see more ocus on endpoint security.
Strengths: LANDesk Security Suite delivers strong application control, patch management, and
HIPS/rewall unctions. Te suite also OEMs Kasperskys endpoint AV. LANDesks endpoint
management unctions are comprehensive and deep. Customers can use this suite to conduct
complex asset management tasks. We were impressed with LANDesks patch management
capabilities, which received the highest score in this evaluation. Patch management with
LANDesk can provide deep endpoint visibility, executing extremely complex workfows, but
at the same time is easy to use. We also like LANDesks vulnerability research capabilities,
which eed its patch management product. Te company also has a mobile device management
product that is integrated with the same admin console as its PC platorm.
Weaknesses: Ultimately, LANDesk Security Suite is more management platorm than security.
LANDesk OEMs Kasperskys endpoint AV, and in the past there would be a signicant lag
beore LANDesk adopted the latest release rom Kaspersky. Te version o LANDesks suite
we reviewed included Kaspersky endpoint AV v6.0, even though v8.0 had been available or a
while. LANDesk has recently moved away rom using Kasperskys SDK, which should allow or
a timelier update. Te company has since released Kaspersky v8.0, although we did not evaluate
it as part o this study. Going orward, it remains to be seen how quickly LANDesk delivers on
its promises to protect its customers rom the latest cyberthreats. At times, some o the security
capabilities eel bolted on rather than a natural extension o its core unctionality. LANDesk also
lacks native threat research, which can put it at a disadvantage in a dynamic threat environment.
Lumension expands rom management to security.Lumensions endpoint security suite isa good option or companies with a mature endpoint management strategy and a desire to
consolidate endpoint security and management. In addition, even though we did not review
them in this study, Lumensions compliance/risk intelligence module and the newly acquired
Corerace product complement its endpoint security and management products nicely.
Strengths: Lumensions roots are in patch management, and patch management is still one o
its strongest oerings today. From a strategy standpoint, the Lumension Endpoint Management
and Security Suite (LEMSS) oers a good balance between management and security unctions.
Te product sports an impressive single-client architecture that ties many dierent unctions
into a unied inrastructure. Tis architecture simplies deployment, management, and
reporting, which sets it apart in a eld rie with suites that are patched together rom disparate
products. Te Lumension customers that we interviewed gave excellent marks or its patch and
endpoint management unctions, which are eective and easy-to-use. Many customers have
since adopted application control and device/media control, two Lumension products that also
stood out in our evaluation. Tose who value single console management have urther adopted
Lumensions antimalware product, which it OEMs rom Norman.
-
7/29/2019 Forrester Client Security Wave Report
14/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 13
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
Weaknesses: Lumension does not oer mobile device management or mobile security products,
and its virtualization support is still maturing. Customers may also nd it conusing to navigate
through the myriad product categories that Lumension has; the company very much needs to
streamline and weave a more consistent theme among its various products.
Trend Micro provides good support or cloud and virtualization security. Overall, rendMicros leadership in data center and virtualization security, road map to strengthen mobile
support, and attractive price point make it a solid choice or many organizations.
Strengths: rend Micro continues to have a large presence in both enterprise and consumer
markets. Its core business suite, OceScan endpoint protection, combines solid antimalware
and HIPS/rewall unctions and delivers them through a simple and streamlined interace.
rend Micros Deep Security product is notable in the server security space. We especially
like Deep Securitys virtual patching capabilities, which can serve as an important deense
layer or data center security. rends strategy supporting the burgeoning trends in mobile and
virtualization also sets it apart: Organizations with basic mobile needs will nd rends mobile
device management technologies more than adequate. Additionally, Deep Security oers some
o the best virtualization support on the market today.
Weaknesses: rend Micros OceScan is not a comprehensive endpoint security suite. It
alls short on application control and patch management capabilities. Additionally, rends
endpoint encryption product is not integrated with OceScan, which means I has to manage
a completely separate endpoint security product i the company wants encryption along with
endpoint threat protection.
suppleMenTal MaTeRial
o Rr
Te online version o Figure 2 is an Excel-based vendor comparison tool that provides detailed
product evaluations and customizable rankings.
dt sr u i T Frrtr Wv
Forrester used a combination o ve data sources to assess the strengths and weaknesses o each
solution:
Hands-on lab evaluations. Each vendors spent hal a day with a team o analysts whoperormed a hands-on evaluation o the product using a scenario-based testing methodology.
More specically, Forrester used a machine to test the products patch management unctions.
Te test machine was built with an outdated Windows operating system as well as outdated
-
7/29/2019 Forrester Client Security Wave Report
15/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 14
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
third-party applications. We loaded each vendors patch management client on the machine and
collected patch assessment results. Whenever possible, we asked the vendor to carry out patch
remediation on the machine. We rebuilt the same test machine or each vendor, ensuring a level
playing eld by evaluating every product with the same environment.
Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluationcriteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where
necessary to gather details o vendor qualications.
Product demos. We asked vendors to conduct demonstrations o their products unctionality.Te demos were conducted alongside the lab evaluations. We used ndings rom these product
demos to validate details o each vendors product capabilities.
Customer reerence calls. o validate product and vendor qualications, we asked each vendorto submit at least two enterprise customer reerences and we conducted reerence calls with the
customers.
Forrester client inquiries. Each vendor included in this study appears requently in Forresterend user inquiries. We leveraged heavily on the content o these inquiries to validate ndings
gathered rom other sources.
T Frrtr Wv Mt
We conduct primary research to develop a list o vendors that meet our criteria to be evaluated
in this market. From that initial pool o vendors, we then narrow our nal list. We choose thesevendors based on: 1) product t; 2) customer success; and 3) Forrester client demand. We eliminate
vendors that have limited customer reerences and products that dont t the scope o our evaluation.
Aer examining past research, user need assessments, and vendor and expert interviews, we develop
the initial evaluation criteria. o evaluate the vendors and their products against our set o criteria,
we gather details o product qualications through a combination o lab evaluations, questionnaires,
demos, and/or discussions with client reerences. We send evaluations to the vendors or their review,
and we adjust the evaluations to provide the most accurate view o vendor oerings and strategies.
We set deault weightings to refect our analysis o the needs o large user companies and/or
other scenarios as outlined in the Forrester Wave document and then score the vendors basedon a clearly dened scale. Tese deault weightings are intended only as a starting point, and we
encourage readers to adapt the weightings to t their individual needs through the Excel-based
tool. Te nal scores generate the graphical depiction o the market based on current oering,
strategy, and market presence. Forrester intends to update vendor evaluations regularly as product
capabilities and vendor strategies evolve.
-
7/29/2019 Forrester Client Security Wave Report
16/17
For Security & riSk ProFeSSionalS
th Fs Wv: edp S, Q1 2013 15
2013, Forrester Research, Inc. Reproduction Prohibited January 4, 2013
endnoTes
1 For more inormation on application control, see the September 7, 2012, Application Control: An Essential
Endpoint Security Component report.
http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502http://www.forrester.com/go?objectid=RES78502 -
7/29/2019 Forrester Client Security Wave Report
17/17
Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to
global leaders in business and technology. Forrester works with professionals in 17 key roles at major companies providing proprietary
research customer insight consulting events and peer-to-peer executive programs For more than 29 years Forrester has been making
Forrester Focuses On
Security & Risk Professionals
t hp m pz w bsss pps s,
ms s pp gv vsgh mg s wh
pmzg s psss d hgs xb.
Fss sbj-m xps d dp dsdg w hp wd-hg sgs; wgh pp
gs s; js dss; d pmz dvd, m, d
p pm.
Sean RhodeS, client persona representing Security & Risk Professionals
About Forrester
a gb sh d dvs fm, Fs sps ds,
ms b dss, d hps h wds p mps
h mpx hg bsss dvg. o sh-
bsd sgh d bjv dv b it psss
d m sss wh it d xd h mp bd
h d it gz. td dvd ,
ss w s mp bsss sss
mg, spd, gwh fs, hg sd.
foR moRe infoRmation
o nd out how Forrester Research can help you be successul every day, please
contact the oce nearest you, or visit us at www.orrester.com. For a complete list
o worldwide locations, visit www.orrester.com/about.
Client SuppoRt
For inormation on hard-copy or electronic reprints, please contact Client Support
at +1 866.367.7378, +1 617.613.5730, or [email protected] . We oer
quantity discounts and special pricing or academic and nonprot institutions.
mailto:[email protected]:[email protected]://www.forrester.com/