Friday, September 1, 2023

ManageEngine Endpoint Central review

The Zoho Corporation is perhaps most famous for their online office suite, not to mention their invoice billing platform used by many freelancers including this reviewer.

ManageEngine is a subsidiary of Zoho, whose purpose in its own words is to, "Monitor, manage, and secure your IT infrastructure with enterprise-grade solutions built from the ground up."

The ManageEngine EndPoint Central platform (formerly known as Desktop Central), comes in two formats: the cloud edition (which is the focus of this review) and the on-premises edition. The question is does Zoho's offshoot deliver when it comes to aiming to be the best endpoint protection for your organization?

ManageEngine Endpoint Central: Plans and pricing

(Image credit: ManageEngine)

ManageEngine Endpoint Central: Plans and pricing

The ManageEngine EndPoint pricing page is well laid out in that it lists prices in a grid and allows you to switch tabs between their various 'Professional', 'Enterprise', 'UEM' and 'Security' Plans. 

Given these plans are progressively more expensive, we're sure you'd like to know what you're getting for your money. Sadly this information is noticeably absent on the pricing page - there's no list of features or product comparisons. However, a quick google brought us to the Edition Comparison Matrix, which provides basic pricing information along with what you get for your dollars.

The good news is that unlike many endpoint security platforms we've reviewed ManageEngine offers a free tier for up to 25 endpoints.

The 'Professional' Tier starts at $795 for up to 50 devices if you're willing to pay a year in advanced. When going through the matrix we found it a little perplexing that the paid 'Professional' tier actually doesn't include some features found in the free version such as antivirus definition updates and patch management scheduling.

The 'Enterprise Edition' starts at $945 per year for up to 50 endpoints and even includes antivirus updates and patch scheduling but also lacks some of the other features you can find in the free version such as a Kiosk for Windows.

The 'UEM edition' is much more comprehensive, though certain features like Application Control and Endpoint Privilege Management are only available as an add-on. Prices start at $1095 annually for managing up to 50 endpoints.

The 'Security' Edition of Endpoint Central includes all features for both the on-premises and cloud versions. Subscriptions start at $1695 per year for up to 50 endpoints.

ManageEngine also offer monthly subscriptions for the 'Professional', 'Enterprise' and 'UEM' tiers. If you've decided that ManagEngine is the platform for you, you can also purchase a 'perpetual' license for any tier, which presumably means your organization can enjoy all features for life. 

ManageEngine offers a free trial of their software for 30 days. You manage any number of endpoints during that time.

ManageEngine Endpoint Central: Features

(Image credit: ManageEngine)

ManageEngine Endpoint Central: Features

As we've mentioned, ManageEngine's 'Edition Pricing Matrix' is the best way to learn which features are available for each pricing tier.

Still, the company also has an excellent overview page of the product's main features. Chief amongst these is 'Patch Management', allowing managers to automate patch management for OS/third party applications to protect them from threats. 

ManageEngine also promises 'Vulnerability Management' to scan endpoints regularly to detect weak points and fix them with patches, though we found that it had trouble detecting viruses in our tests (see below). Stated features also include ransomware protection through 'behavioral detection'. 

EndPoint Central also offers software metering and software license management, as well as the ability to restrict unauthorized software programs. While we're on the subject of software, the platform also supports deployment allowing managers both to install and uninstall software on endpoints using predefined templates. Operating systems can also be imaged and deployed to endpoints in the same way.

Managers can enroll endpoint devices manually or have users self-enroll their Android/iOS devices using 2FA (Two Factor Authentication)

ManageEngine Endpoint Central: Setup

(Image credit: ManageEngine)

ManageEngine Endpoint Central: Setup

One big plus of ManageEngine's platform is that it's very simple to set up an account and install agent software. 

As we mentioned, the first decision you'll make when deploying ManageEngine Endpoint Central is whether to use the Cloud or 'On-Premises' edition. Each have their own specific features depending on your subscription type. We've focused on the cloud version for this review but encourage readers to do their own research if they want to deploy on a specific device.

Whichever version you opt for, you'll be asked to enter your contact details to register an account. We were impressed to see that the platform immediately prompts you to secure your account via two factor authentication.

After creating your account, a very easy to follow splash screen guides you through the main process of installing the ManageEngine agent software on your endpoints, manage desktops through patches, scanning etc. as well as managing reports.

On our first login to the 'EndPoint Central' cloud hub we clicked into 'Software Deployment' in order to install the agent on our test machine running Windows 11. The agent's also available for macOS and Linux.

One quirk of this platform is that even once agent software is installed, the endpoint must be approved from the hub. On the first install we found that the agent was marked as 'waiting to install' but after reinstalling the software it appeared in the 'Computers' section right away.

ManageEngine Endpoint Central: Interface

(Image credit: ManageEngine )

ManageEngine Endpoint Central: Interface

Endpoint Centrals' interface or the 'ManageEngine Endpoint Central Cloud' to give it its full name, is well laid out. The main sections along the top of the screen such as 'Configurations' and 'Software Deployment' are arranged logically. 

The left hand pane contains menu options for the section in question - for instance for accessing the 'Inventory' section lists options to 'View' connected Computers, Hardware and Software. Other sub-menus are laid out clearly, such as the option to block executables or run specific scans. 

The agent software itself is rather threadbare. There's a "Self Service Portal" option but the window uses very small text, making it hard to read. If you decide to initiate a 'patch' or 'inventory' scan from the system tray menu you'll see a single pop up to say it's in progress but nothing after that. 

ManageEngine Endpoint Central: Interface 2

(Image credit: ManageEngine)

ManageEngine Endpoint Central: Performance

Our standardized test for endpoint security software is to place a fake computer virus (provided by the good people of EICAR), on the endpoint machine with the agent software installed to check how the agent and cloud software responds.

In this case when we copied the virus into our downloads folder the file was immediately quarantined by Windows Defender. When we disabled this from Windows Security settings, the Agent didn't react, even after we initiated a scan of the system.

On checking in ManageEngine's Cloud Hub we also saw no alerts had been generated.

Given that our fake virus posed no threat, we decided to give ManageEngine the benefit of the doubt and introduced a real computer virus to our test machine's 'Downloads' folder. Once again this wasn't detected, even when we manually ran a scan, nor were any alerts generated.

We did some delivering into the cloud hub. After exploring the 'Inventory' section we say that the 'File Scan Rules' made no mention of executables. We added extensions like .exe and .msi to our searches with the same results. 

Of course, malware detection is only one aspect of endpoint management. The platform could easily be used to automatically deploy powerful antivirus software to endpoints, as well as automatically update its threat database. Endpoint Central can also list installed apps, which can be removed by managers and threats can be blocked proactively.  

ManageEngine Endpoint Central: Final verdict

The greatest advantage of using ManageEngine Endpoint Central for small businesses is that there's a free tier covering up to 25 endpoints. As we discussed, the free version even has features lacking in the 'Professional' tier, so provided you're happy with just 25 endpoints it's worth signing up. 

Setup only takes minutes and the agent software is very easy to deploy, though we're not really sure there's much of a security advantage in having to manually approve endpoints as the software's installed.

Speaking of security, EndPoint Central is the only endpoint security platform we've tested to date that failed to detect the malware we deliberately placed on the machine, either at the point of download or when we ran a system scan.

This isn't to say your endpoints will necessarily be vulnerable if you use the platform. As we said earlier, it's great for deploying software as well as restricting prohibited apps so you could use it to install and update powerful antivirus software on every machine in your organization. Windows Defender may also pick up on some of the more obvious threats. 

Still, we'd like to see an endpoint management platform that proactively blocks harmful software by default. We'd also award bonus points for agent software which incorporates a firewall feature. This is noticeably absent from this platform, though admittedly you can manage Windows firewall settings for endpoints from the cloud hub.

Overall, we think Endpoint Central is a solid offering, provided you're willing to do the extra work to secure your endpoints properly. 

We've also listed the best cloud firewall.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive