Comparing the Effectiveness and Performance of Endpoint Protection for Virtual Environments
This week, Symantec started shipping Symantec Endpoint Protection 12.1 - an endpoint security solution optimized for use in virtual environments. Trend Micro and McAfee are also shipping security products for virtual environments. 3 different companies, 4 different solutions (Trend is shipping both Deep Security Agentless Protection and OfficeScan with a plug-in) – what’s the difference?
We were curious about the performance and effectiveness of competitive solutions – so we tested them. The results were surprising.
Dennis Labs - Virtual desktop malware defence, April 2011
First, the obvious question – do you need antivirus for VDI or virtual servers? The answer, of course, is yes. Virtualization solves lots of problems – but virtual machines have all the same security issues as do physical ones - and the added complication of using shared physical resources. Not only do you need antivirus on your VM, you need a complete security solution – you shouldn’t compromise security just because your computers are virtual. Over ½ of the malware we detected last year was detected not through traditional virus scanning but through more advanced security technologies such as host and network IPS. Turning off or neglecting to install the full security stack offered by leading endpoint protection systems is a bad idea.
Symantec recently sponsored detection tests and performance tests – both to be performed exclusively in VDI systems. The detection tests were performed by Dennis Labs. In keeping with best practices, Dennis Labs didn’t just scan a folder full of known malware (static file testing). Instead Dennis Labs performed what are known as real-world tests – where actual attacks were instigated on working systems to see how effective various defenses really are.
The results were interesting. The long and short is that Trend's OfficeScan with IPS and the VDI plugin detected 88% of attacks, McAfee MOVE with HIPs and SiteAdvisor detected only 40% of attacks and Symantec Endpoint Protection 12.1 was perfect – blocking everything thrown at it.
But what about performance? Both Trend Micro and McAfee offer solutions customized for virtual environments. We wanted to understand the impact these solutions had in higher density environments. After all, organizations shouldn’t be required to sacrifice performance to be secure.
In virtual environments there are 2 performance issues to focus on – resource contention and disk I/O. All products tested had technology to prevent simultaneous scans and updates, so resource contention wasn’t an issue. But the primary bottleneck to increased VDI densities isn’t traditional performance metrics such as memory use of even CPU utilization, it’s disk I/O.
The tests by Tolly revealed that Symantec Endpoint Protection 12.1 was able to perform an on-demand scan on each VM in about half the time while consuming 49% less disk bandwidth than Trend’s OfficeScan.. Symantec also used noticeably less bandwidth during on-access scans.
Independent tests demonstrate that Symantec Endpoint Protection 12.1 outperforms the competition in virtual environments, providing unrivaled protection and blazingly fast performance. Read more about the new release: http://www.symantec.com/about/news/release/article...