Review: Avast Endpoint Protection Suite
Multiple levels of anti-malware protection combined with a community-based threat detection network and a centralized management server make Avast a compelling alternative for business-level virus protection.
Avast may not be a household name in North America, but the company has built a huge user base around the world for its sophisticated free and premium consumer anti-virus products. Its 16.3 percent share of the global anti-virus market make it the market leader: According to research by Opswat Inc., Avast's marketshare is about two or three times that of industry heavyweights such as Symantec and McAfee.
But what's less widely known is that in addition to its free and paid-for consumer products, the Czech Republic-based vendor also has a business anti-virus offering: Avast Endpoint Protection Suite, released in June, offers businesses the same multi-layered protection approach as the company's consumer products – but with the addition of server protection and a choice of two central management consoles. A web-based console is available for smaller businesses with up to around 200 users, and a fuller-featured console application is designed for enterprise organizations with up to 10,000 or more users.
Multiple Levels of Anti-Malware Protection
The strength of Avast Endpoint Protection Suite lies in the sheer number of techniques that it employs to keep your Windows endpoints malware-free. In addition to the standard virus signature definitions and heuristics, these techniques include behavioral protection, the ability to get up-to-the minute information about new threats from a huge cloud-based threat detection network, and even sandboxing to run suspect files in a way that means that they are unable (in theory) to interact and cause any damage to your system.
"This really does seem to be a very smart product that covers the full range of protection techniques," said John Hawes, a technical consultant at anti-virus product certifier Virus Bulletin. "What we find in our tests is that the more layers of protection an AV product offers, the better it is."
As ever, the most fundamental protection comes from virus detection signatures – and Avast generates new signature files with impressive frequency. Your endpoints can download the signature files either directly from Avast or via a local update server on your own network. There is also an option to deploy mirrored update servers at your branch offices to reduce WAN traffic.
When your endpoints are set to update directly from Avast's servers, they can take advantage of a new feature called streaming real-time updates: These are individual signatures pushed to your endpoints as soon as they are finished, rather than being bundled into signature update files which are pushed out just once or twice a day. "This is a huge benefit compared to conventional anti-virus software updates because 95% of users will get new updates within 5 minutes," said Pavel Sedina, Avast's program manager.
Streaming updates are not currently supported when your endpoints connect to local or mirror update servers, but this will be addressed in a future release of the product, according to Sedina.
Scan times are reduced (by up to 80 percent, the company claims) through the use of "intelligent" scans: Known good files are whitelisted and omitted from scans unless they change.
Community-Based Threat Detection Network
The company is helped in its efforts to spot new viruses and create detection signatures by its Community IQ network, a threat detection network made up of the more than 150 million computers around the world that are running its consumer and business AV products.
When protected machines encounter a malicious web site or an unknown file which contains malware, this information is reported back to Avast. Other endpoints encountering the same files or websites can then check their reputation and discover that they are known to be malicious before they can cause any harm.
"The Community IQ network is very valuable because it gets so much information from the large number of Avast's free customers," said Peter Stelzhammer, of independent anti-virus testing organization AV-Comparatives.
Thanks to Avast's threat network, a web site that has been found to be the source of malware by other users can be blocked instantly. The information held in the cloud also includes the number of times a particular website has been visited by other Avast users, and over what period of time. This enables the detection of what appear to be new web sites or ones that have relatively few visitors - two characteristics which may indicate that the site is a malicious one. When these types of web sites are identified, the software can take further steps to protect you.
One way that Avast Endpoint Protection Suite can do this is by using sandboxing – effectively running the browser in something akin to a virtual machine – to protect your machine from any threats that come from the browser. And when Avast detects suspicious activity from any process that is launched, such as an application trying to modifying certain registry keys, or even an attempt to run an unsigned executable file, that application can also be run in a sandbox.
Centralized Management Server
Of course endpoint (and server) protection is only half the story when it comes to an enterprise-grade product: Centralized management capabilities are also crucially important. And while Avast's management console historically has been fairly limited, and really only suitable for small businesses, the signs are that with the latest release this has been put right.
That's because Avast now offers a choice of two management consoles to customers: A web-based Small Office Administration console and an Enterprise Administration application.
Sedina said that the former is designed for companies with up to 200 end users. Its simplified interface has been designed to make it easy for unskilled administrators to control endpoint and server security, he added. Despite its simplicity, it offers remote installation and updates of endpoint software, auto-discovery of unprotected or "rogue" machines, scanning and remote running of scan jobs, and virus activity reporting.
The Enterprise Administration console, which has been used in production by companies with over 10,000 endpoints, is accessed as a Windows application (so administrators in separate locations have to install their own copy) and offers more sophisticated functionality for skilled IT security staff. It enables admins to manage devices organized in a tree structure based on the geographical or organizational structure of their network, and makes it possible for them to assign administration access rights and policies, Sedina said. It also includes customizable alerting so they can receive a warning by email or other means if an event occurs that warrants their attention.
The Enterprise Administration console also supports mobile devices: When laptops connect to the corporate network – either directly, remotely over the Internet or using a VPN – it will push updates to them
Downside: Windows only
The main drawback to the product is that it is can only protect Windows endpoints. Support for OS X and Linux is missing entirely. Supported versions of Windows include Windows XP (32 bit only, with Service Pack 3), Windows Vista, and Windows 7 (32 and 64 bit versions). The Home and Starter Editions of these operating systems are not supported.
Pricing starts at $34.99 per endpoint or server for 4-9 machines, falling to around $24.99 for 100 machines or more.
Paul Rubens is an award-winning technology journalist who has been covering IT security for over 20 years. He has written for leading international publications including The Economist, The Times, The Financial Times, The Guardian, the BBC, and Computing.
By Paul Rubens
May 30, 2012
All-in-one security appliances deliver comprehensive protection and easy manageability for small to mid-sized organizations.