Endpoint Security Project: Vendor Recommendation Report

Transcription

1 Endpoint Security Project: Vendor Recommendation Report Introduction The Endpoint Security Evaluation Project was charged with reviewing the desktop anti-virus and other security available for Windows and MacOS desktop devices. UW has had a long and positive relationship with Symantec. The current license with Symantec expires in August As the new product from Symantec is a replacement of the existing licensed offering, an assessment of competing products was appropriate. Summary of Project Recommendations: 1) Project Team recommends the RFP Proposal from Softchoice for licensing of the Symantec Endpoint Security Product 2) The Endpoint Security Project Team will continue working on Item 7 of the Project Work Plan, making adjustments to the membership of the Team as required for deployment across campus. Project Review and Process Objectives The project team was charged to investigate the capabilities of endpoint security solutions and develop a set of requirements that will lead to the selection of a preferred solution. Work Plan 1. Assess our current end point security solution - how it is being used across campus, its strengths and limitations. 2. Investigate the capabilities of the market leaders in endpoint security with particular focus on antivirus, anti-spyware protection. 3. Identify capabilities that are critical to the environment at UW (e.g., management, deployment, reporting) 4. Develop a set of requirements for end point security solutions. 5. Solicit possible competitive solutions, possibly through an rfp. 6. Evaluate possible solutions and select a preferred vendor. 7. Develop deployment plans with selected vendor. Scope 1. The main focus of the project was on anti-virus, anti-spam solutions for the primary supported platforms (Windows XP/Vista, Mac OS). 2. Consideration was also given to solution suites that might provide protection to , file services (netapps) and Web servers as long as this did not risk the primary objectives of the project.

2 Evaluation Process Current Environment Assessment: In general there was satisfaction with the current desktop decurity implementation. There were a number of issues identified as areas that could be improved: Among the Current Challenges: QC on virus definitions slipping over the past year (false positives) tracking users impossible (Computer name and IP address combination used as key to identify unique clients results in many duplicate entries) no expiry on definition updates client software upgrade/patch not automatic - no notification or auto-update function Non-Windows clients are not supported through parent servers. Review of Market Leaders The Project Team reviewed current information on Endpoint products currently available. There are a large number of articles and reviews available, and strong competition in the Security Industry. The number of products and companies made the review process complex, while the similarity of the functionality the many products made comparisons meaningful. In general the following tools are provided by most vendors: Software Management/Helpdesk Remote Control Patch Management (OS) Asset Management (Inventory) HIDS/HIPS Firewall VPN Anti-Virus Anti-Malware Anti-Spam Application Execution Control Browser Security Plug-ins Encryption (Disk/ ) 802.1x Supplicants NAC Agents DLP Single Sign-On Forensic Agents Device Control (USB, CD, etc ) The Market Leaders as identified by online reviews and computing Magazines include Symantec, Trend Micro, Sophos, Kaspersky, MacAfee, and a number of other familiar names. The review appended below provides as example of the type of information found.

3

4 Capabilities and Requirements After the review of the market leaders and other available Security technologies the following Capabilities and requirements list was created for the RFP process: ENTERPRISE MANAGEMENT REQUIRED DESIRED OPTIONAL NOTE: Solution must also allow for self-managed workstations, with user control of settings. Central Management Console Customizable Reports Real-time Alerts Administrators Notified of problems Client default settings Pre-set settings for client software Ability to configure the Client Remote Client Software Management Software via Central Management Console on Managed Workstations. Support for AD Security Groups Feature Integration Client Installation Upgrade Path Policy Management FEATURES REQUIRED DESIRED OPTIONAL Anti-virus Anti-malware Personal Firewall HIPS (Host-based Intrusion Proection) White Listing/Application Execution Control USB Control Vulnerability Scanner Stand-alone clients Anti-Virus Details DESIRED FEATURES Single Point Management for all features in performing/configuring Enterprise EndPoint Security Manged Distribution of endpoint Client Software. Availability of MSI for easy packaging Easy upgrade of endpoint client software. Define and Distribute Secuirty Policies for managed workstations. Ability to detect "new" threats based on system behaviour - not just pattarn matching. Lock down systems so that only allowed applications and acceptable services are running. Installation and configuration on workstations that are not centrally managed. Detection Type Pattern Matching Heuristic Analysis Scanning Type Continuous On-demand Scheduled Ondemand Hourly Daily Signature Updates Scan Location Memory Registry All Drives Removable Media Anti-Malware Details DESIRED FEATURES Type Detected All types Scanning Type Continuous On-demand Scheduled Signature Updates Hourly Daily On-

5 demand Scan Location Memory Registry All Drives Removable Media Licensing Details Groups Corporate License for UW and affiliated sites. Including all UW Employees (Faculty, and staff, for full-time and part-time) for office and home machine. And other UW affiliated individuals with on-going access to computing infrastructure at UW (including Research Assistants, Post-Doctoral Fellowships, etc.) ~7500 Students All current Undergraduate students. All current Graduate students. All UW student computing labs. ~ Management/Enterprise Servers Allow for multiple instances of mangement servers for distributed management. Includes Upgrades during duration of agreement.

6 RFP and Selection Criteria The Project Team issued an RFP and 10 responses where received. As part of the RFP a weighting for the decisions process was provided (as well as the Requirements list noted above) Each RFP was evaluated and scored using the following breakdown 40% Technical Requirements (using factors from above) 40% Licensing Costs 20% Reputation and Other factors The initial review of the RFP submissions led to the selection of a short-list of vendors. The short-listed vendors were asked to provide presentations to the Endpoint Project Team. As well each vendor provided access to demo versions of the proposed solutions. The short listed Endpoint products were Trend Micro, Sophos, and Symantec. Testing and Review of Short Listed Products: (See Appendix B for scoring summary) Each product was installed in a test environment and the Project Team looked at the Management Console for ease of use, functionality, deployment tools, delegation of authority, granularity of roles and security. The Client software packages were also reviewed for impacts on workstations and granularity of controls and restrictions on changing settings for the client packages. In addition to our own testing of the consoles and clients, we searched for and reviewed the available third-party performance data for these products (e.g. magazine reviews, security reports, product comparisons, current customers). In general the third-party information matched our own testing and experience with these products. After reviewing the Technical Requirements (40%) of the products, the scoring used showed the three short-listed products to be very similar in design, functionality, and capabilities. In the Technical Requirements section there was very little to set the products apart. Each had different strengths and weaknesses, yet none was vastly superior (or weaker) in any given area. In the Reputation and Other Factors (20%) ranking again all three products were very close together. This left the category of Licensing Costs as the deciding factor, and here there was a large difference in the licensing costs and the complexity of the licensing models. The RFP proposal provided by Softchoice for Symantec was significantly less than any of the other proposals, Recommended Vendor: Based on the scoring of all the criteria the Endpoint Project Team recommends that the proposal from Softchoice for the licensing of the Symantec Endpoint as the UW Endpoint Security solution of choice. The Project Team will now move into the Deployment phase of the Project.

7 Appendix A Endpoint Project Team Members: (Initial Project Members) Paul Snyder Reg Quinton Bill Futher Martin Timmerman Brian Cameron Tim Farrell Trevor Bain Stephen Markan Sandra Laughlin (Members added as the Project progressed) Jason Testart Carl Nagel Hon Tam Lowell Williamson Robert Hicks Initial Endpoint Deployment Team Members (Item 7 of Project) Martin Timmerman (Project Sponsor) Robert Hicks (Project Sponsor) Stephen Markan (CS) Tim Farrell (CSS) Jason Testart (Security) Carl Nagel (Library) Hon Tam (NEXUS) Lowell Williamson (NEXUS) Resource People Brian Cameron Trevor Bain Sandra Laughlin

8 Appendix B Endpoint Security Criteria Ranking Sophos Symantec Trend Micro REQUIREMENTS (40%) FEE STRUCTURE (40%) REPUTATION/REFERENCES (20%) WEIGHTED TOTAL Rank each category out of 3 (3 is better). Scores are cumulative averages from multiple rankings.