The Panda MOP SAAS server and workstation anti-malware solution allows systems to be managed and protected from a central location, regardless of whether they are inside or outside the company network. This saves on the upfront cost of buying and installing a central management server and the ongoing cost of maintaining that server. Panda MOP also leverages true cloud-based functionality for analysis of suspicious files. In tests, malware detection worked well, at least when it came to viruses and Trojans.
If you take security seriously, then you already know that every
endpoint on (or off) your network needs to be running some kind of
protection. Endpoint protection typically consists of at least
anti-malware, (HIPS) host-based intrusion prevention and a software
firewall--all managed and deployed by a dedicated management server.
The overhead of installing and managing a central command and
control server can be a burden depending on the size of the company and
available resources. Many companies--particularly small to midsize
companies--frequently find themselves trapped in the difficult position
of needing a centrally managed solution without having the resources to
install, configure, deploy and manage one.
Enter Panda MOP (Managed Office Protection). This SAAS
(software as a service) server and workstation anti-malware solution
allows systems to be managed and protected from a central location,
regardless of whether they are inside or outside the company
Check out eWEEK Labs' gallery of Panda Managed Office Protection here.
This saves on the upfront cost of buying and installing a central
management server and the ongoing cost of maintaining that
server. Administrators can log into the Web-based management
console from anywhere to deploy software agents, trigger anti-malware
scans and push policy to clients.
Panda MOP is a bit different from other SAAS offerings in that it
also leverages true cloud-based functionality for analysis of
suspicious files. Panda's Collective Intelligence system, available in
all Panda products, stores the vast majority of signatures in the cloud
while deploying only the signatures of malware the client is likely to
encounter to the client itself.
Each client also reports malware prevalence back into the Collective
Intelligence system. The client software provides definition- and
heuristic-based protection for files, e-mail, HTTP/FTP downloads and
instant messaging; a software firewall; and a HIPS.
Panda MOP, which costs $35 per seat per year, is not truly
competitive with Symantec's, Trend Micro's or McAffee's
business-focused endpoint protection products. On the bright side,
it has a light footprint and is very easy to deploy and manage.
To the Test
I tested Panda MOP on three Windows XP Pro workstations and on one
Windows Server 2003 Enterprise Edition system running in virtual
machines on VMware Workstation 6.5 for Windows Vista.
Installation and configuration were as easy as they should be with
an endpoint security solution in the SAAS model. I browsed to the
secure Website management portal and created protection profiles for
groups and users. MOP can be deployed either by sending users a
link to the install package or by downloading the distribution tool,
building your own packages and deploying them however you want.
Both ways worked in my tests, and with each the install package was
pretty small--roughly 5MB.
The client application itself runs quietly on the system
tray. Users can click the panda bear icon and choose to run a
quick scan, a full scan, an e-mail scan; view firewall status; update
the software/definitions; or view help. Users have no additional
control over the app--it is all managed from the management portal.
For the most part, I had few problems with the actual client
software--the most serious being that it occasionally failed to update
on its own and required me to force an update. Updates are
supposed to be a strong point of MOP: Workstations can be configured to
update definitions through a peer-to-peer connection to another
workstation on the same network or go out and get the update directly
from Panda over the Internet.
In my testing, this flexibility saved significant bandwidth and
decreased the amount of time the workstation was involved in
updating. I was easily able to configure update frequency and
rules through the management console.
The management interface is simple and straightforward, and can be found at https://managedprotection.pandasecurity.com
home page shows licensing information and a status graph that lists
detections and their sources. MOP has the ability to create
multiple administrators (called users) with different privileges within
the management console.
Additional reporting is available but not terribly informative
beyond reporting protection status and detection activity in a few
customizable graphs or pie charts. This is one of the places where
Panda MOP simply doesn't compete with a more extensive centrally
managed enterprise endpoint security solution. Overall reporting
lacks depth, although the executive report shows some good, high-level
info that can be read at a glance.
From the Computers tab, I could list all the endpoints under
management in a single list by groups, or I could search by
name. It's really easy to see which computers have protection
turned on and signatures updated, and, by mousing over a computer name,
I could obtain complete network information.
Clicking the Computer name opens a page entitled "computer details"
that is, in fact, a bit light on details. It merely informed me
which types of protection were enabled on that computer without
offering anything more granular, configurable or informative. The
only other option on this tab is to add a computer to the
blacklist--meaning that it will not have MOP installed on it and will
not appear in the management console.
During tests. I downloaded and attempted to install a test set of
keyloggers, rogue applications, adware and spyware, Trojan horses and
viruses. MOP did best with viruses (it blocked eight of eight) and
Trojan horses (it blocked two or two).
Performance was less stellar with keyloggers and adware. No
keylogger was blocked or detected, and two of the two adware programs
were downloaded, installed and run. (Surprisingly, InstantGet was not
detected by MOP but blocked by IE 8.)
I then scanned the endpoint and found one of the keyloggers, but had
not been removed. I was disappointed that the infections were not
reported via the Management Console in real time, although real-time
alerts are possible via e-mail (configured through protection profiles
Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting company in New York.