Regardless of the computing device in hand, or network connection at hand, end users need access. But from a security perspective, the price of this flexibility is an ever-growing, distributed perimeter that you can't always control.

Enterprise endpoint security safeguards can help rein in your distributed client security concerns. But that market encompasses an array of products, ranging from software that only will execute allowed applications  to products that monitor application or network activity for malicious or abnormal behavior.

In this round of testing, we focused on products that take some type of action in the face of an attack, such as blocking a port or stopping an executable. Products that focus solely on endpoint policy enforcement, such as warning that anti-virus definitions are out-of-date, are not included, nor are products that specifically address mobile devices such as handheld models. However, both of these classes of products will be covered in future tests.

Nine vendors submitted products for this test. They include eEye Digital Security's Blink 1.0; Finjan Software's Vital Security for Clients; F-Secure's Anti-Virus Client Security; InfoExpress' CyberArmor 3.0; SecureWave's Sanctuary 2.8; Sygate Technologies' Secure Enterprise 4.0; Symantec's Client Security 2.0, WholeSecurity's Confidence Online 4.0.3; and Zone Labs' - which is now a Check Point  company - Integrity 5.0.

Cisco, McAfee and StillSecure offer products that fit the criteria of our test, but declined to participate.

Each vendor takes a different approach to endpoint security. Some - F-Secure and Symantec - combine anti-virus with firewall technologies. Others - eEye, InfoExpress, Sygate and Check Point - try to combine intrusion prevention, "classic" firewall rules and application protection into the mix. Still others - Finjan, SecureWave and WholeSecurity - focus strictly on regulating applications running on the system. For the sake of a fair comparison, we pulled these last three products out into a separate test category (see story).

EEye's Blink wins our Clear Choice designation because of its solid reporting and hybrid approach to client defense.

F-Secure, Check Point and Sygate also make the short list of contenders because they registered strong performances across test categories.

To test the products, we approached them from two directions. First, we installed the products in our lab to define policy, deploy clients, and view reports. We then set up a scenario in which an attacker would attempt to compromise the client system being defended. We developed an attack plan (see "Attacking client security: Our strategy") and executed attacks against each product so we could evaluate how well their defenses worked.

From the top

Because setting up and deploying software that touches every client on your corporate network is no trivial matter, we assessed how each vendor handled this daunting process.

Sygate and eEye provided on-site installs of the management  server/console and several clients because it is included in standard purchases. We then re-performed their work to make sure there were no hidden "gotchas" in the process.

For Check Point, we ran the installer, followed the instructions and were up and running in just a few minutes. Client deployments are available through a download link, but they also can be pushed out via any other deployment mechanism used in the company, such as Microsoft's Group Policy setting or System Management Server.

We ran into one problem during the F-Secure console installation. The company did not provide all the software necessary for us to follow its install instructions, so we had to place a service call.

For Symantec, we followed the installation instructions but found various components not always showing up in the console, and the client firewall was not being deployed when we pushed software to clients. We ended up re-installing all Symantec server components from scratch, which resolved some issues, but the Alert Management System did not always show up in the console as expected.

For the firewall client component, we spoke with Symantec support and found that this is not installed by default. We needed to create a custom installation path. Because we were testing Symantec Client Security, we would like to see the firewall component installed by default, not just the anti-virus software.

With InfoExpress, we did not have complete, or even accurate, installation instructions. The documentation refers to out-of-date product components' names. We did not receive a license key and did not know we needed one until we attempted to log on to the console and were asked to enter one. Despite rebooting the system, there was a period of days that we could not access the administrator account, until it inexplicably began to work. Once we logged on, we could create new users, but could not create new accounts using the installation account name. We also had issues creating client software deployment packages. The documented instructions were not clear or detailed. It was only through a support call that we found we needed to state a URL path for a region before a deployment package could be created.

Check Point provided the best documentation that was clearly written, detailed, accurate and easy to understand. F-Secure and Sygate provide adequate documentation. Symantec provides a lot of documentation, including a lengthy installation guide, but we feel the installation guide needs to be revamped so users can avoid the installation hassles we encountered. As mentioned, InfoExpress documentation needs drastic improvement. It was difficult to perform any task because the product is not easy to use, and the documentation did not explain how things worked. EEye did not provide any documentation, but its product was intuitive and easy to use. We did not find ourselves looking for much documentation, and when we did, the online help was useful.