A comparative review of six corporate endpoint security products commissioned by Symantec and carried out by AV-Test suggests that it does. It rated SEP 12.1 the best at blocking or removing malware in direct or "drive-by" downloads, with Symantec's product scoring 100 in the tests, compared to 74 for Sophos's competing product, 40 for Trend Micro's, 34 for Kaspersky's, 17 for Microsoft's and 10 for McAfee's.

"Symantec has been good at implementing good technology in its consumer products, where they have effectively been beta tested. Now they have become the first to implement the full suite of protection technologies into their enterprise products," said Marx. "The other vendors have been a bit slower."

The Small Business Edition of SEP 12.1 was also ranked first in performance tests when compared to similar products from ESET, Kaspersky, McAfee and Trend Micro. The tests were commissioned by Symantec and carried out by Australian testing company PassMark Software.

SEP 12.1's on-demand and scheduled scans took less than half the average time of all these products, suggesting that Symantec's Insight system may indeed may helpful at reducing scan times.

Jon Oltsik, a security analyst at Enterprise Strategy Group, believes that the inclusion of the full suite of protection technologies will be vital for all security vendors in the future.

"Endpoint security products should offer defense-in-depth (DID) capabilities for all types of threats. Progressive vendors are also using intelligence gathered from their install base and security intelligence to offer much more proactive protection. If your vendor is not doing this, there is a problem," he said in a blog posting.

AV-Test's Marx cautions that Symantec's strong test results may simply be attributable to the fact that EP 12.1 is the most recent product to be released, and therefore the most advanced.

"Trend Micro, Kaspersky and Symantec are all really on the same level when it comes to protecting users," he said. "Endpoint Protection 12.1 may be one of the best on the market at the moment because the others haven't yet implemented all the protections that are commonly in consumer products into their enterprise products yet. McAfee and Microsoft will also do their best to add new protection technologies to their products. Things could all change when they do become available in the coming months."

In the real world, SEP 12.1 has been deployed in organizations such as Varian Medical Systems , a California-based maker of medical devices and associated software. So far the company is using SEP 12.1 on almost 1400 Windows workstations, six Macs running OS X and 90 Windows servers; including 70 virtual servers. They replaced Symantec's previous SEP 11 product.

"We've certainly had less infections on our machines with the new software, and we've seen less infections arriving because they have been blocked by the reputation system," said David Nguyen, the Varian system administrator responsible for testing the software.

SONAR's behavioral protection is also working well. "[The] behavioral rules are very strict, so we have been able to just run it out of the box to prevent users installing toolbars or peer to peer software like Kazaa," he said.

The software blocked some in-house applications and remote access software from running, but Nguyen re-enabled them by creating exclusions for those products.

The quick "Active Scans" that Symantec now recommends as a best practice are much faster and less resource intensive than the full disk scans that were used with SEP 11 and which brought users' computers and virtual servers almost to a standstill, Nguyen said. "We don't hear any complaints from users anymore."

SEP 12.1 is available in a Small Business Edition for companies with up to 99 end users. A cloud-based version called Symantec Endpoint Protection.cloud for is available for up 250 users, and a full on-premise version is available as well for organizations with 100+ users.

The Small Business Edition includes antivirus and antispyware protection, firewall and intrusion detection/prevention, as well as Insight and SONAR and support for Mac OS X.

The cloud-based version offers the same features with a management system hosted in the cloud and accessed by a Web browser, while the full version has a locally run central management console as well as support for Linux-based endpoints, device and application blacklisting and support for network access control (NAC) and VMware, Citrix and Microsoft-based virtual environments.

MSRP for SEP 12.1 runs $31.80 to $54.18 per seat, per year; and SEP 12.1 Small Business Edition runs $23.65 to $36.74 per seat, per year.

Paul Rubens has written about business IT as a staff and freelance journalist for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.