This week Symantec began shipping the next release of Symantec Endpoint Protection 12.1 which is an endpoint security solution optimized for use in virtual environments. There are now 4 companies shipping a total of 5 endpoint security solutions for virtual environments. Trend Micro has OfficeScan with a plug-in along with Deep Security Agentless Protection, McAfee Management for Optimized Virtual Environments (MOVE), and now Kaspersky has a product called Kaspersky Security for Virtualization.
We wanted to see how Symantec compared to these other solutions so we tested them for both performance and effectiveness and the results are very interesting.
Dennis Labs –Virtual Desktop Anti-malware Protection, May 2012
Tolly Enterprises – Antivirus Performance in VMware ESXi Virtual Environments, May 2012
Tolly Enterprises – Anti-virus Effectiveness in VMware vSphere 5 Virtual Environments, October 2012
Virtual machines have all the same security issues as physical machines. Both require antivirus protection but they also require advanced technologies such as host and network IPS as more than half of all malware is detected by these advanced technologies. Disabling or neglecting to install the full security stack on both physical and virtual machines leaves an organization at serious risk.
Symantec recently sponsored VDI specific tests for both effectiveness and performance. The effectiveness tests were performed by Dennis Labs and Tolly Enterprises. In keeping with best practices, they performed what are known as real-world tests where actual attacks were instigated on working virtual machines to see how effective various solutions really are.
From the Tolly Effectiveness report, the percentage of threats blocked or neutralized by Kaspersky Security for Virtualization was 95%, McAfee MOVE was 80%, and Trend Micro OfficeScan with VDI Plug-in was only 60%. Symantec scored 99% on this test. The Dennis Labs report shows Symantec blocked 100% of threats from getting on the machines while Trend Micro Deep Security blocked only 16% of the threats from getting on the machine. This test was re-run and the results were confirmed.
Effectiveness is one thing but performance is another. In virtual environments there are 2 issues that affect performance (or VDI density). Those 2 issues are resource contention and disk I/O. All products tested have technology to prevent simultaneous scans and updates so resource contention wasn’t an issue. However, the primary bottleneck to increased VDI density isn’t traditional performance metrics such as memory use or CPU utilization, its disk I/O.
The performance tests by Tolly show Symantec was able to perform an on-demand scan while using 51% less disk bandwidth than Kaspersky Security for Virtualization and 79% less bandwidth than McAfee MOVE. When compared against Trend Micro Deep Security, Symantec used 86% less bandwidth.
No organization should sacrifice performance for effectiveness for their virtual environment and independent tests show Symantec Endpoint Protection 12.1 outperforms the competition and delivers both. Read more about the new release: http://bit.ly/Sx7pT9