Buyer's Handbook: Assess endpoint security tools to fulfill organizational needs Article 2 of 3

Olivier Le Moal - Fotolia

Find the right tool using this antimalware software comparison

Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings.

Antimalware is an essential layer in an organization's security defense apparatus. While these products share many common features, choosing the right one means paying attention to the details, as well as matching organizational needs to product features, platform coverage, performance and cost.

We performed an antimalware software comparison between Kaspersky Lab, McAfee LLC (Intel Security), Microsoft, Sophos Ltd., Symantec Corp. and Trend Micro Inc., to see how they stack up against one another, and which products are the best fit for small, midsize and enterprise environments. The right product choice is determined not only on the organization's size but on the features it requires.

Antimalware protection software performance

While Sophos Security and Control is still available for purchase, Intercept X Advanced is now Sophos' flagship protection product. Intercept X includes such technologies as deep learning and detection and response.

When antivirus and security software reviewer AV-TEST Institute performed tests on Windows 10 in November and December of 2018, Kaspersky Small Office Security grabbed a perfect score of 18 out of 18. Those tests focused on protection, performance and usability. Both Trend Micro OfficeScan -- rebranded as Trend Micro Apex One -- and Symantec Protection also scored 18. McAfee Security and Windows Defender Antivirus came in at 17. The lowest scores in this lineup were Seqrite Security, Sophos Security and Control and Palo Alto Networks' Traps, which each scored 15.5.

No independent tests were available for Trend Micro Worry-Free Business Security, but it uses the same engine and pattern files as Trend Micro Apex One -- i.e., the products are essentially the same under the hood.

Antimalware products for small organizations

When going through an antimalware software comparison for small organizations with 100 or fewer users, look into the following:

  • Kaspersky Small Office Security; 
  • McAfee Endpoint Security; 
  • Sophos Endpoint Security and Control; 
  • Symantec Endpoint Protection Small Business Edition, which is on premises; and
  • Trend Micro Worry-Free Business Security, which offers Standard and Advanced versions for on-premises installation, and the cloud-based Services and Services Advanced versions.

For McAfee products, very small organizations -- those with 10 or fewer users -- should consider an alternate product, such as McAfee Total Protection.

Most products geared to small organizations offer easy installation and administration, assuming these environments have limited IT administrative staff or expertise. Symantec Endpoint Protection Small Business Edition and Trend Micro Worry-Free Business Security, in particular, require minimal IT savvy.

The base feature set for all five products includes antivirus and antimalware protection, a firewall, URL blocking, web browsing protection and device control. Nearly all of the products provide anti-ransomware functionality. Kaspersky Small Office Security offers the broadest set of additional features, including application control, file-level encryption, online banking and phishing protection, online backup, password management and more.

Regarding platform coverage, all of the products support Microsoft Windows. Sophos Endpoint Security and Control appears to cover the broadest range of platforms outside Windows, covering Mac, Linux and the leading virtual environments and mobile device operating systems.

Kaspersky and McAfee are similar, although McAfee doesn't include mobile device protection natively. Kaspersky focuses on Windows, Mac, iOS and Android devices -- not Linux or virtual environments. Symantec Endpoint Protection Small Business Edition does not support Linux, virtual or mobile environments.

Trend Micro Worry-Free Business Security, in the Advanced and Services Advanced versions, supports macOS but not Linux. The Advanced version protects Android, iOS, BlackBerry and Windows Phone devices for IT shops running Microsoft Exchange ActiveSync.

Products in the small organization category can be managed from central management consoles running on servers, with agents running on client endpoints. Kaspersky Small Office Security is installable on stand-alone clients, however, and administrators can choose to manage those clients from a server.

The maintenance portion of licensing packages includes program updates and standard support, and all licenses have two-year and three-year options. Most companies enable small business customers to purchase licenses online or through a sales representative.

As a result, organizations that need a wide range of features for Windows, Mac and Android only will find Kaspersky Small Office Security the best choice. Organizations that have many platforms to support -- Windows, Mac, Linux, virtual and mobile -- should consider Sophos Endpoint Security and Control. Those without Linux desktops should also look at Trend Micro Worry-Free.

Antimalware products for midsize organizations

Solid antimalware choices for organizations with 100 to 999 users include Kaspersky Total Security for Business, McAfee Endpoint Security, Sophos Endpoint Security and Control, Symantec Endpoint Protection -- aimed at environments with more than 250 users -- and Trend Micro OfficeScan.

The base feature set for these products includes antivirus and antimalware protection, a firewall, application and device control, data loss prevention -- with some caveats -- URL blocking and web browsing protection. Most also provide ransomware protection. Kaspersky Total Security for Business focuses on Windows workstations and file servers, macOS and antimalware and antitheft protection for Android devices. The package's feature set is comprehensive, containing file-level encryption, password management, patch distribution, vulnerability scanning, mobile device management (MDM), centralized and remote management, the web gateway protection of email servers and collaboration systems, as well as online banking protection and online backup.

Beyond the base features, McAfee Endpoint Security includes application containment to corral malicious applications and processes on endpoints even when they’re offline. Customers that require mobile device protection should consider McAfee MVision.

Sophos Endpoint Security and Control includes application control; a host-based intrusion prevention system; email protection that includes antispam, patch assessment and MDM; and management of mobile applications and email. Organizations that run Microsoft Exchange also get antispam, antimalware and data loss protection.

Symantec Endpoint Protection is a client-server endpoint antimalware product aimed at environments with more than 250 users. It includes intrusion prevention, host integrity checking and Network access control, along with the product's Power Eraser, which enables organizations to terminate an endpoint infection remotely. Symantec Endpoint Protection does not protect mobile devices natively.

Trend Micro Apex One automatically detects and responds to an increasing variety of threats that include fileless malware and ransomware. It offers Windows PC and server support as well as Mac and virtual desktop infrastructure support, network-level host intrusion prevention, endpoint encryption and endpoint application control. To protect mobile endpoints and provide MDM, enterprises must also install Trend Micro Mobile Security, which supports Android and iOS.

Regarding platform coverage, all the products support Windows and Mac environments. Kaspersky Total Security for Business and Sophos Endpoint Security and Control natively support many mobile operating systems.

McAfee Endpoint Threat Protection, Sophos Endpoint Security and Control, Symantec Endpoint Protection and Trend Micro Apex One work for VMware, Citrix and Microsoft virtualization platforms, too.

Endpoint antimalware products for midsize organizations incorporate central management consoles that run on servers, and they typically run agents on the endpoints. Many offer cloud-based management. Although designed for central management, Kaspersky Total Security for Business can also install on individual endpoints as a stand-alone product.

Much like the options for small organizations, products for midsize companies are licensed per user or per device, depending on the vendor. When purchasing less than 150 licenses, for example, retail licensing costs run from a low of about $30 per license for Symantec Endpoint Protection to a high of about $59 per license for Kaspersky Total Security for Business.

Prices decrease with purchase volume, but customers must work with a sales rep or channel partner to place orders. Typically, base licensing also includes a one-year maintenance agreement.

For the midsize organization with many different platforms to support, Sophos Endpoint Security and Control is the most inclusive. Kaspersky Total Security for Business and Trend Micro Apex One are good primarily for Windows environments, with Kaspersky offering a larger feature set, including support for various mobile devices.

Support from endpoint antimalware vendors

Thorough antimalware software comparisons should help customers find ample resources in the form of knowledge bases, how-to articles and videos, product documentation, updates and more on all of the companies' websites.

Linda Rosencrance contributed to this report.

Next Steps

Explore endpoint antivirus alternatives for malware protection

Learn about some of the emerging endpoint security technologies

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing