If you're in the market for endpoint protection, Check Point's new R80 Unified Endpoint Security Management product shows promise.
The R80 represents the first integration of the Pointsec encryption product line, which Check Point acquired in 2007, and the notion of software blades. The R80 features six separately licensed blades that cover a wide range of endpoint security features, everything from host-based firewall to malware protection to the DLP-type ability to restrict removable media access, to the NAC-like ability to force a desktop to install security updates.
This means that you install a single security software agent on each desktop, and the management software will send whatever protective features to that agent to install and activate for each client. There is also a single management console.
While this sounds good in theory, the number of dials to turn and tweak is astoundingly complex. For an IT manager unfamiliar with Check Point products, the R80 will require a steep learning curve to understand the interaction of the various software blade modules, along with how to create the best policies and also to interpret and correct the inevitable mistakes made along the way.
As an example, the full disk encryption policy section, which is one of the more powerful features, comes with five main menu paths and dozens of options. So yes, you can secure just about anything and everything on your desktop, but at the price of spending time pouring over the manuals, reading the online discussion forums and getting on the phone with Check Point's support team.
We tested the product on a Windows 2003 Server with Windows XP and Windows 7 Ultimate clients connected on a small network. We didn't explicitly test performance but we didn't observe anything odd either.
On the server side, you need Microsoft .NET 3.5 SP1 Runtime Framework. The actual Checkpoint client agent consumes less than 6MB of memory and less than 2% of CPU activity, depending on what it is doing at any given time. Both of which are quite reasonable given the level of security protection it provides.
Deploying the product is very simple: you use the server console to create an MSI package that you can then deliver to each desktop to be protected, and once this is installed (you'll need administrative privileges) there is nothing further for a user to do, unless they run into something that you inadvertently blocked. If you need to uninstall or upgrade the agent, you first have to login with admin rights and remove the agent manually in the Windows Uninstall control panel.
The management console is organized into five broad thematic sections, each accessible from a tab at the top of the screen:
Sign up for Computerworld eNewsletters.