WithSecure Elements Endpoint Protection review
WithSecure (formerly F-Secure) is headquartered in Finland, though it maintains a presence in over 100 other countries. The award-winning company's emphasis is on cyber security, so we couldn't help but take the WithSecure Elements Endpoint Protection platform for a test drive to see if the Finnish security giant had done it once again to make this one of the best endpoint protection software services out there.
WithSecure Elements Endpoint Protection: Plans and pricing
If you're trying to decide whether WithSecure Elements Endpoint Protection (hereby shortened to 'Elements' for the rest of this review), is within your organization's budget you won't find much guidance on the main product page.
Despite a dazzling and detailed overview complete with glossy, downloadable brochure, interested parties are invited to contact WithSecure's Sales department via the website.
Fortunately the company do offer a 30-day free trial of the platform for up to 10 devices. WithSecure don't demand credit card information for this - just an e-mail address to which they can send a one time password to enrol you on their systems.
There are separate editions of 'Elements' both for Computers and Servers. This review focuses on the version for computers.
WithSecure Elements Endpoint Protection: Features
After downloading the product brochure, we discovered that the platform features depend on which particular version of 'Elements' you have installed.
WithSecure Elements Endpoint Protection Standard incorporates 'advanced' anti-malware and patch management, as we'd expect to see for a platform of this kind. WithSecure's own 'DeepGuard 6' does this using a combination of heuristic and behavioral analysis - in other words, the platform doesn't rely only on signature-based scanning.
The 'Premium' tier also includes additional anti-ransomware protection with application control, as well as WithSecure's own 'DataGuard', which periodically monitors sets of folders for changes made by ransomware and other harmful programs. It can also only allow verified 'safe' applications to access these folders.
WithSecure's Security Cloud also provides real-time threat analysis and prevention. We were delighted to learn that patch management is also integrated into the platform. While we're on the subject of patching the platform offers downloads for protecting Windows and Mac clients, though we understand the server edition can protect Linux servers.
Protection for mobile devices is also available via WithSecure Elements Mobile Protection. Although this is listed as a separate product on WithSecure's website, We mention this as mobile protection is listed as a feature of 'Elements', seems you can actually add mobile devices via the 'Security Center' via an installation e-mail or configuring relevant servers.
WithSecure also claims that 'Elements' can provide web protection by blocking access to phishing sites. We also noted that the agent software installed a plugin to the Microsoft Edge browser optionally forcing 'strict' content filters on search results for Bing, Google and DuckDuckGo. This has limited security value but could shield users from adult content.
WithSecure Elements Endpoint Protection: Setup
Of all the platforms we've reviewed 'Elements' certainly ranks amongst the easiest to set up. We've mentioned already that in order to access the 30-day trial you only provide a valid e-mail address, to which a one-time password is sent. On first login, you can then sent a more personalized passphrase.
On first login to the cloud portal we were (correctly) told that no endpoints had been set up but were also invited to click on the large 'Go To Endpoint Protection' button to see the options to either generate an install link or go to the dedicated 'Downloads' section.
Having chosen the latter, we were impressed to see agent installers for Windows (in both MSI and EXE format), as well as macOS (in MPKG format). We used one of our 10 free trial licenses to download an installer onto our Windows 11 test machine.
The tiny 2MB installer launched quickly and moments later the app popped up in the system tray saying that our test machine was now 'protected'. We were especially impressed to see more detailed information in the pop up, explaining this meant the agent was up to date, as well as that malware and browsing protection were active.
WithSecure Elements Endpoint Protection: Interface
When reviewing endpoint security platforms, we usually focus on the cloud management console. After all this is where network managers will spend most of their time. Agent software is usually very threadbare, given it's designed to help admins to manage endpoints remotely.
'Elements' bucks this trend however, in that the agent software is actually quite comprehensive and configurable. The options are also well-spaced, so are very easy to navigate.
The 'Malware Protection' window has simple rocker switches for the anti-malware, DeepGuard and DataGuard features, which are enabled by default. The 'Scanning Section' options are disabled out of the box however, as the agent uses real-time scanning to prevent threats before they happen.
The 'Firewall' section is really a glorified interface for Windows Firewall but we don't deduct points for this, as it makes sense that all system security settings should be configured from one interface.
The aforementioned 'Web Content Control' option (disabled by default) can also be enabled to enforce 'strict' results for select search engines. Only system administrators can change settings.
The 'Security Cloud' has a similarly minimalist interface. Still, despite its simplicity the main dashboard presents helpful information like 'Workstation Protection' and 'Software Update' status.
The 'Devices' section similarly provides a rundown of all essential information at a glance, such as which features like anti-malware, are enabled. A series of hyperlinks at the top of the window allows managers to drill down into more specific information - for instance we clicked 'Show Security Events' to see the results of our tests.
The bottom of the window also displays an array of large buttons to push actions to the device such as installing software updates and running scans. This may be a little in the face but makes it much easier for managers to view all available options.
WithSecure Elements Endpoint Protection: Performance
When testing Endpoint Security platforms our first test always involves attempting to download a fake computer virus, provided by the good people of EICAR.
We fired up our Windows 11 test machine and loaded the website. Ignoring Edge's security warnings, we downloaded our test virus in compressed (ZIP) format to the 'Downloads' folder. As soon as we attempted to extract the file the 'Elements' agent immediately detected and quarantined it.
After we clicked the pop up notifying us of this, the agent actually displayed this security event along with a hyperlink to 'View description online'. This took us to WithSecure's online threat database, which provided more information about the nature of the virus. This is a very impressive feature, as most other platforms only make this kind of information available via the cloud console.
Our next test was to try to copy a new, real virus that we'd caught in the wild onto our test machine's 'Downloads' folder. As we opened the window to do this, once again the 'Elements' agent detected, blocked and quarantined the file. It then immediately ran a scan to make sure our system was clean.
When we chose to view more information online about the virus this time, we saw that the agent hadn't blocked this file because it matched a known virus but because it detected the files had features similar to a 'trojan dropper'. This is strong evidence that WithSecure's claim to use behavioral analysis to detect harmful files is true.
Our final test was to log in to the 'Security Center' to see what alerts had been generated. The main dashboard didn't throw up any issues but when we chose 'Show Security Events' for our test device, they were listed there.
WithSecure Elements Endpoint Protection: Final verdict
WithSecure Elements Endpoint Protection is an excellent platform. Its very simplistic interface belies the complexity of the tools used to maintain endpoint security such as the 'DeepGuard' machine learning that detects actual and potential malware.
Setup takes only minutes and the platform passed our test with flying colors, detecting both a dummy virus file as well as a recent one based on its behavior instead of basic signature scanning.
The only reservations we have about 'Elements' are minor: we feel IT Managers on a budget would appreciate it if WithSecure displayed a clearer pricing model on their website. With due deference to the server version of the platform (which we haven't reviewed), ideally the platform would also offer agent software for Linux endpoints as well as Windows, macOS, iOS and Android.
Certain other endpoint security platforms we've reviewed also offer client-side e-mail scanning for certain apps, though this doesn't seem to be supported in the 'Elements' agent. Naturally it may be possible to manage mail gateways via the server edition of 'Elements' but that's outside the scope of this review.
As we've said, these are minor criticisms and given that the platform offers a 30-day trial, you have nothing to lose by putting it to the test. We feel you'll be as pleasantly surprised as we were.
0 comments:
Post a Comment