Thursday, September 14, 2023

Vipre EDR review

Vipre Security Group was originally founded in 1994 as 'Sunbelt Software', so it's safe to say in the thirty years or so they've learned a thing or two about cybersecurity and endpoint protection.

Vipre EDR (Endpoint Detection and Response) is one of their flagship products. The main website describes their platform as 'easy to use' and 'resource sensitive'. Has Vipre produced one of the best endpoint security software platforms, or is this snake oil security. 

Vipre EDR pricing

(Image credit: Vipre EDR)

Vipre EDR: Plans and pricing

When we visited the main product page for Vipre EDR, we were pleased to see that there's a basic pricing model of $60 per seat, for up to 10 seats, billed annually via automatic subscription, unless you email to cancel .This makes Vipre EDR one of the more competitively priced EPP (Endpoint Protection Platforms) we've reviewed.

Sadly there's no option to pay monthly. Organizations who need more than 10 seats also need to contact Vipre's sales department for a quote.

Interested parties who want to try out the platform can request a demo via the main website, to test out the interface and simulate attacks. You can also request a trial of Vipre EDR in order to run your own tests, as we did in order to write this review. 

Vipre EDR: Features

(Image credit: Vipre)

Vipre EDR: Features

Vipre develops a number of cybersecurity products, so we were grateful to find a dedicated page on their site comparing the features of their Vipre EDR (the focus of our review) with Vipre ESC (Endpoint Security Cloud) and Vipre Endpoint Security Server. 

The Vipre website also has an excellent overview of the platform, which clarifies that Vipre EDR has all the anti-malware capabilities contained in their ESC platform. This includes AI-driven malware detection, network intrusion detection, DNS protection, web exploit detection, and anti-spam engines.

Vipre also claims the platform has additional security measures, including correlation engines that combine raw events, security events, and contextual data to identify zero-day, "living-off-the-land", and gray zone threats not detectable by regular antivirus.

These are bold claims, which we were eager to explore in our tests. During setup (see below), we were able to confirm the platform's other advertised features such as application scanning, a remote shell to allow network managers to perform operations on endpoints, as well as patch management tools. 

Although it didn't form part of our tests, the platform also supports deploying agents with firewall and email scanning features.

Vipre EDR: Setup

(Image credit: Vipre EDR: Setup)

Vipre EDR: Setup

There's a dedicated trial signup page for Vipre EDR. The website requires a 'business' email address in order to receive a link which caused issues for our reviewer, who's a long-time GMX user but the good people of Vipre were happy to help us to set up a trial account.

Immediately upon logging in to the main dashboard, we saw a notification that no endpoints were set up and clicked the handy link to 'Deploy Agents'.

Currently agent software is available for both Windows (from Windows 7 SP1 onwards) and macOS. We were sorry to see that Linux and mobile devices weren't listed, though we later learned the console has an excellent mobile interface (see below).

When downloading the installer (in MSI format) for Windows, we had a slight comedy of errors, as Microsoft Edge warned us that the file wasn't "commonly downloaded". We imagine Vipre will want to speak to Microsoft about this false positive, as the agent is legitimate software.

Although the installer told us the process would take several minutes, the agent was up in less than 30 seconds. We say 'up' rather than 'up and running', as upon launching we tried to run updates to threat definitions, only for the update to fail. We tried several times more, disabled our VPN and even used a cellular connection with the same result. 

After removing and reinstalling the agent, we next attempted to manually update the threat definitions by downloading a data file directly from Vipre's dedicated page. In practice this feature exists for security reasons e.g. to update air-gapped networks but we felt it was the best way to run the update. Once again, however, the update failed. This meant we were unable to run any security scans, as this required an updated threat database. 

We were also surprised to see that the agent claimed that Vipre's "Active Protection" feature wasn't switched on, as the policy supposedly used by the agent ('VSM Laptop'), should have had this enabled.

We put these bugs down to the fact that the platform is currently in beta, so hope they'll be ironed out in future. 

Fortunately after removing and reinstalling the agent software again, the third time was the charm. The Vipre agent did update itself and enabled 'Active Protection'.

Vipre EDR: Interface

(Image credit: Vipre)

Vipre EDR: Interface

Having lamented the Vipre Agent's inability to update itself or scan for threats, we can't praise Vipre EDR online portal enough. As readers have learned, the main dashboard provides an excellent broad brush overview of endpoints. 

The top pane is devoted to vital information like the number of quarantined threats, infected devices and those which need attention for other reasons e.g. to run updates. The 'Protection Summary' is also displayed via a helpful graph, which shows both scan and threat counts.

The left hand pane provides easy to understand menu options, broken into sections: for instance, the 'Monitor' section from where you can access the Dashboard also contains options for 'Quarantine' and 'Reports'. 

You can access 'Devices' via the 'Manage' Section. From here you can filter devices by platform, operating system, status or active policy. Users can also click in to a device name to view a clear, well laid-out summary of relevant data such as the device status, scan, threat definitions and when the device was last seen.

Vipre were also keen to point out to us that they've gone to great lengths to make their UI smartphone friendly. We fired up an iPhone 14 Pro Max and were so impressed by the more compact version of the interface, not to mention the fast loading times.  

Vipre EDR: Performance

(Image credit: Vipre )

Vipre EDR: Performance

When reviewing endpoint security platforms, our first test is to attempt to download a fake computer virus, provided by the good people of EICAR. 

We were particularly eager to do this with Vipre EDR, as the agent supposedly contains features for blocking malicious URLs. 

As we mentioned, we were unable to update the Vipre Agent's threat definitions, so were unable to scan for threats. Nevertheless we opened Microsoft Edge on our test machine and attempted to download the fake virus in compressed (ZIP) format.

The Vipre Agent immediately detected the threat and displayed a pop-up notification to say the file had immediately been quarantined. We clicked to view more details and received a detailed rundown of the file itself, which programs had tried to launch it and actions taken. 

Our next test was to try to copy a new, real trojan virus that we'd caught in the wild to the test machine's 'Downloads' folder. We do this to make sure that endpoint security platforms can detect and prevent threats based on a file's behavior, not just by comparing it to known threats in an online database. 

The Vipre agent once again didn't let us down, showing another notification that the threat had been detected and immediately quarantined. 

Vipre EDR: Interface

(Image credit: Vipre)

Vipre EDR: Final Verdict

When reviewing this platform, we tried to bear in mind that we were reviewing a platform in a beta environment, so it shouldn't be judged on the same terms of a final product. To Vipre's product, they did offer to showcase a standalone demo of Vipre EDR to us, to simulate detection and prevention of real threats. 

We decided against the demo, as we believe it's fairest to run our own tests on all endpoint security solutions we review but are sure that we'd have had a fewer setup issues and a better experience of all Vipre EDR has to offer if we'd gone for a singing, dancing demo.

Agent installation and updates aside, Vipre can be very proud of the interface they've created. Not only is it easy to navigate but it's punctuated with colorful infographics which detail exactly the right amount of information about devices, threats and much more. We were also very impressed by the mobile version of the console website, allowing admins to manage endpoints on the go. Still, if the agent software needs to be installed three times on every endpoint to get it running, this could cause extra hassle for network managers. 

Our best advice at this stage is to take this product for a test drive yourself, both via the free trial and arranging a product demo to experience its full functionality to decide if it's a good fit for your organization. 

We've listed the best cloud firewall.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive