REVIEW: Panda Managed Office Protection Service Reduces Endpoint Security Costs

The Panda MOP SAAS server and workstation anti-malware solution allows systems to be managed and protected from a central location, regardless of whether they are inside or outside the company network. This saves on the upfront cost of buying and installing a central management server and the ongoing cost of maintaining that server. Panda MOP also leverages true cloud-based functionality for analysis of suspicious files. In tests, malware detection worked well, at least when it came to viruses and Trojans.

If you take security seriously, then you already know that every endpoint on (or off) your network needs to be running some kind of protection. Endpoint protection typically consists of at least anti-malware, (HIPS) host-based intrusion prevention and a software firewall--all managed and deployed by a dedicated management server.

The overhead of installing and managing a central command and control server can be a burden depending on the size of the company and available resources. Many companies--particularly small to midsize companies--frequently find themselves trapped in the difficult position of needing a centrally managed solution without having the resources to install, configure, deploy and manage one.

Enter Panda MOP (Managed Office Protection).  This SAAS (software as a service) server and workstation anti-malware solution allows systems to be managed and protected from a central location, regardless of whether they are inside or outside the company network. 

Check out eWEEK Labs' gallery of Panda Managed Office Protection here.

This saves on the upfront cost of buying and installing a central management server and the ongoing cost of maintaining that server.  Administrators can log into the Web-based management console from anywhere to deploy software agents, trigger anti-malware scans and push policy to clients.

Panda MOP is a bit different from other SAAS offerings in that it also leverages true cloud-based functionality for analysis of suspicious files. Panda's Collective Intelligence system, available in all Panda products, stores the vast majority of signatures in the cloud while deploying only the signatures of malware the client is likely to encounter to the client itself.

Each client also reports malware prevalence back into the Collective Intelligence system. The client software provides definition- and heuristic-based protection for files, e-mail, HTTP/FTP downloads and instant messaging; a software firewall; and a HIPS.

Panda MOP, which costs $35 per seat per year, is not truly competitive with Symantec's, Trend Micro's or McAffee's business-focused endpoint protection products. On the bright side, it has a light footprint and is very easy to deploy and manage. 

To the Test

I tested Panda MOP on three Windows XP Pro workstations and on one Windows Server 2003 Enterprise Edition system running in virtual machines on VMware Workstation 6.5 for Windows Vista.

Installation and configuration were as easy as they should be with an endpoint security solution in the SAAS model. I browsed to the secure Website management portal and created protection profiles for groups and users.  MOP can be deployed either by sending users a link to the install package or by downloading the distribution tool, building your own packages and deploying them however you want.  Both ways worked in my tests, and with each the install package was pretty small--roughly 5MB.

The client application itself runs quietly on the system tray. Users can click the panda bear icon and choose to run a quick scan, a full scan, an e-mail scan; view firewall status; update the software/definitions; or view help.  Users have no additional control over the app--it is all managed from the management portal.

For the most part, I had few problems with the actual client software--the most serious being that it occasionally failed to update on its own and required me to force an update.  Updates are supposed to be a strong point of MOP: Workstations can be configured to update definitions through a peer-to-peer connection to another workstation on the same network or go out and get the update directly from Panda over the Internet. 

In my testing, this flexibility saved significant bandwidth and decreased the amount of time the workstation was involved in updating. I was easily able to configure update frequency and rules through the management console. 

The management interface is simple and straightforward, and can be found at https://managedprotection.pandasecurity.com. The home page shows licensing information and a status graph that lists detections and their sources. MOP has the ability to create multiple administrators (called users) with different privileges within the management console.

Additional reporting is available but not terribly informative beyond reporting protection status and detection activity in a few customizable graphs or pie charts. This is one of the places where Panda MOP simply doesn't compete with a more extensive centrally managed enterprise endpoint security solution. Overall reporting lacks depth, although the executive report shows some good, high-level info that can be read at a glance.

From the Computers tab, I could list all the endpoints under management in a single list by groups, or I could search by name. It's really easy to see which computers have protection turned on and signatures updated, and, by mousing over a computer name, I could obtain complete network information.

Clicking the Computer name opens a page entitled "computer details" that is, in fact, a bit light on details. It merely informed me which types of protection were enabled on that computer without offering anything more granular, configurable or informative. The only other option on this tab is to add a computer to the blacklist--meaning that it will not have MOP installed on it and will not appear in the management console. 

During tests. I downloaded and attempted to install a test set of keyloggers, rogue applications, adware and spyware, Trojan horses and viruses. MOP did best with viruses (it blocked eight of eight) and Trojan horses (it blocked two or two).

Performance was less stellar with keyloggers and adware. No keylogger was blocked or detected, and two of the two adware programs were downloaded, installed and run. (Surprisingly, InstantGet was not detected by MOP but blocked by IE 8.)

I then scanned the endpoint and found one of the keyloggers, but had not been removed. I was disappointed that the infections were not reported via the Management Console in real time, although real-time alerts are possible via e-mail (configured through protection profiles and warnings). 

Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting company in New York.