Wednesday, September 6, 2023

AhnLab V3 Endpoint Security review

South Korea is one of the world's most technologically advanced countries. The home of the tech giant Samsung boasts speed-of-light fiberoptic broadband, and is a world leader in robotics.

As such, it's not surprising that South Korea is also the home of Ahnlab. Since 1995 the company has been producing security solutions like antivirus, firewalls and intrusion prevention systems.

In the company's own words, Ahnlab V3 Endpoint Security software is a, "...comprehensive endpoint protection solution that provides strong protection and proactive defense for computers in enterprise environments."

This sounds irrefutable on paper but does Ahnlab's creation live up to its claims to be the best endpoint protection software?

AhnLab V3 Endpoint Security: Plans and pricing

(Image credit: AhnLab)

AhnLab V3 Endpoint Security: Plans and pricing

As we've mentioned, AhnLab is a South Korean company. We received a stark reminder of this when visiting the company's online store to find the entire website was in Korean with no English language option.

Scouring through the various products we were able to find prices (in South Korean Won) for Ahnlab's "Internet Security" and "Office Security" offerings but not for Endpoint Security itself. 

You can, however, download a free 30-day trial directly from the website without providing any contact information or a credit card. This is a welcome change from other endpoint security solutions which often require users to register an account and/or provide payment information first. 

AhnLab V3 Endpoint Security: Features

(Image credit: AhnLab )

Having criticized the lack of language options for the online store, AhnLab do maintain a product page and detailed brochure listing the main benefits of their software.

Chief amongst these is the ability to provide real-time protection against trojans, viruses, worms and spyware. This seems to work in tandem with AhnLab's "Smart Defense" feature, which uses cloud-based scanning of suspect files, meaning the client program doesn't have to be constantly updated. This can be combined with threat intelligence and real-time program analysis. The product page also claims the software can generate detailed reports, though in our tests we found we had to dig around a little to find them. 

The software can also scan DNS settings to check for hijacking, as well as block malicious URLs. 

AhnLab also list "Device Control" as another feature of the software, apparently meaning that control of devices when integrated with AhnLab’s central management solution, for instance to authorize specific removable media for endpoints.

We were glad to see this, because as far as we could see the software is only available as a standalone installer on individual machines but neither the website nor manual provide any clarity on exactly how devices can be centrally managed. 

AhnLab V3 Endpoint Security: Setup

(Image credit: AhnLab )

AhnLab V3 Endpoint Security: Setup

As we've said, all other endpoint security solutions we've reviewed such as Webroot Business Endpoint Protection involve creating an online account from where endpoint devices can be managed via a cloud console. From there, administrators can deploy client software to enroll endpoints.

AhnLab simply offer a download link to install their Endpoint Security software directly on the target machine. This is a refreshing change from companies like Microsoft that require you to register credit cards and other information before allowing you to trial their products. Still, this could be a concern if your organization has a large number of endpoints to manage.

Although the software's only currently available for Windows, any version from Windows XP Service Pack 2 is supported (though we wouldn't recommend running this for security reasons). Windows 11 is not listed as a compatible OS but the software ran on our Windows 11 test machine without any issues. 

The setup wizard only requires you to enter a user name, company name and install location before setup begins. Users do have to restart their PC to begin using the "Smart Scan" feature but once this is done the program window launches automatically from the system tray. 

Although endpoint security software is more than just antivirus, we did see that Windows Security settings had been updated to list AhnLab Endpoint Security as the system's antivirus scanner of choice. 

AhnLab V3 Endpoint Security: Interface

(Image credit: AhnLab)

AhnLab V3 Endpoint Security: Interface

AhnLab Endpoint Security's interface is spartan to say the least. The main window has large buttons for running an update, "full" and "quick" scans, as well as "System Optimization".

Other options like the can be accessed from the very top of the window. This includes the 'Security Center' from where you can see an overview of blocked threats. From here you can click into a category e.g. 'PC Security' to view more details.

Special mention should also go to the 'Active Defense' section which lists currently running threats. By default AhnLab's "Smart Defense" is enabled to allow real time scanning of processes, to intercept potentially harmful running programs.

Apart from the 'Settings' area which can be used to perform tasks like tweaking scan settings, this sums up the entire interface. We've called it 'spartan' but it might be better to refer to it as 'threadbare'. The software contains none of the functions we've seen in other endpoint security solutions such as an integrated firewall, e-mail scanning or browser plugins.

AhnLab V3 Endpoint Security: Performance

(Image credit: AhnLab )

AhnLab V3 Endpoint Security: Performance

Although it's easy to slate AhnLab Endpoint Security's barebones interface, it's certainly not lacking when it comes to detecting and preventing threats. 

When reviewing endpoint security platforms our first test is always to try to download a fake computer virus, provided by the good people of EICAR.

When we attempted to do this using the Microsoft Edge browser on our test machine AhnLab Endpoint Security immediately detected the threat and deleted the file before it could be accessed.

Our next test is to copy a new, real computer virus we caught in the wild to the 'Downloads' folder on our test machine. We do this to check that the endpoint security platform can detect potentially suspicious files rather than simply comparing file signatures to a known database of threats.

No sooner had we begun to try to copy the real computer virus from a network drive when AhnLab Endpoint Security's 'Real Time System Scan' picked up on it and automatically quarantined the file.

Our final test for endpoint security platforms is to check the centralized cloud console to see if an appropriate alert has been generated. Given that AhnLab Endpoint Security has to be installed directly on target machines, we decided to open the software there instead.

We were able to access the software's log from the 'Tools' section. From here we could view all listed threats and click into each one to view a 'File Analysis Report', detailing the program name, size and the type of threat it presented.

Our only complaint is that other endpoint security platforms often will display recent alerts in the main dashboard to ensure they're not overlooked. We had to do some digging to view detailed information about these threats, made easier by the fact we introduced them ourselves. 

AhnLab V3 Endpoint Security: The competition

(Image credit: AhnLab)

AhnLab V3 Endpoint Security: The competition

As we've said, AhnLab Endpoint Security stands out from other EPP's (Endpoint Protection Platforms) we've reviewed in that there's no automatic, centralized interface for managing endpoints.

This has serious implications if your organization has a large number of devices to enroll, as there doesn't seem to be a way to deploy the client software besides downloading and installing it to each machine.

Compare and contrast this to competitors like Sophos Intercept X Advanced, which provided a cloud platform, from which you can easily download the client software configured for your endpoint or even send out links to allow installation remotely. 

AhnLab's Window-centric approach also ignores the reality of modern workplaces, where 49% of Gen Z employees are more likely to accept a job if they're offered Apple products. If this is important to people in your organization you should consider more platform-agnostic endpoint security solutions such as Microsoft InTune, which is available for Windows, macOS, iOS devices and Android. 

AhnLab V3 Endpoint Security: Final verdict

Given the language barrier and the fact the product doesn't seem to be listed on AhnLab's online store, we can't comment on whether it's competitively priced. We can say though that AhnLab V3 Endpoint Security is only a solution for very small businesses, running only Windows devices. This has to do with the time and effort involved manually installing the software on each device, as well as the fact the software is only available for one platform.

The lack of centralized cloud management also makes it impossible for network managers to perform routine endpoint management tasks, such as configuring device policies, pushing updates and reviewing threat intelligence analysis. In fairness AhnLab do claim it's possible to centrally manage devices through their platform but their website is thin on detail.

The threat detection and prevention routines are solid, plus the use of 'Smart Defense' means you're not wholly reliant on workers in your organizations manually running updates to detect malware. Still, the platform is limited compared to other endpoint security solutions which offer features like file restoration for protection from ransomware and integrated firewalls.

Much as we applaud the ease of setup, it's doubtful AhnLab Endpoint Security will provide the protection that most organizations need.  

We've listed the best MDM solutions.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive