Forefront Endpoint Protection 2010 - the new SEP?
Today Microsoft introduced Forefront Endpoint Protection 2010. 4 years after Symantec they finally introduced Integration with Configuration Manager, Vulnerability Shielding and Firewall Management – the equivalents of which have all been in Symantec Endpoint Protection for the past 4 years.
The new version of Forefront still lacks functions we consider essential to endpoint security, including:
- Device control
- Application inventory or application control (outside of AppLocker)
- Access control self enforcement
- Mac & Linux support – only a promise that sometime next year “details on the timing of the Mac/Linux release will be available”
- Optimizations for virtual environments - no resource leveling – no way to prevent av storms in virtual environments
- Bootable recovery disk or a tool equivalent to Symantec’s Power Erasure
A few additional thoughts:
1. It appear that Forefront will provide poor protection for Windows XP users. The Windows XP version of the Microsoft scanning engine has very different malware detection rates then the W7 version. In fact Microsoft's Security Essentials for Windows XP failed AV-Test.Org’s certification for malware detection. For the results, see: http://www.av-test.org/certifications.
2. Forefront is dependent on System Center Configuration Manager and Active Directory for management and reporting
3. Forefront relies on the Windows firewall – which is far less functional than that offered by Symantec.
4. Gartner has long considered Microsoft a “niche player” in the endpoint security arena, lacking vision. In a few weeks the next magic quadrant from Gartner will be released. We do not expect Microsoft to improve their placement.
5. Microsoft has included something called, “Dynamic Signature Service” This feature checks suspicious files against an online blacklist of known malicious files. While it is nice that Forefront offers what essentially is fast access to signature files, this is not a “reputation” service and it is far less effective than the Insight technology (Ubiquity) that Symantec has announced.
Forefront lacks protection you need. Worms such as Stuxnet spread primarily by USB device. Without device control, Forefront customers are helpless in the face of future such attacks. Forefront lacks support for Mac and Linux, it lacks application control, it’s virus protection on Windows XP is weak. Sure, it may be free for some Microsoft customers, but with Forefront you do get what you pay for.