BigFix Takes On McAfee at the Endpoint

BigFix officials tout their new EndPoint Defender as an answer to McAfee's ePolicy Orchestrator 4.0.

Security vendors and customers alike have their eyes on the endpoint, with the market for security suites for such devices estimated to be in the billions.

BigFixs latest foray into this segment of the security space with BigFix EndPoint Defender (code name Project Fortinbras), an endpoint protection appliance aimed at mid-size enterprises. BigFix EndPoint Defender integrates BigFixs anti-malware, patch management, vulnerability assessment, and asset discovery functionality all in one easy-to-deploy tool.

"Todays enterprise is distributed, remote, mobile—multiple locations, large numbers of remote or mobile computers, distributed servers," said BigFix CTO Amrit Williams. "As a result, a large number of endpoints constantly move inside and outside the network perimeter. Workforce mobility means Starbucks is now part of the corporate network—IT organizations need to manage and secure endpoints, regardless of where they are located."

To officials at BigFix, that means providing real-time visibility and control over distributed IT assets regardless of location, connection status or OS platform, he said.

BigFix EndPoint supports Microsoft Windows and includes BigFix AntiThreat—composed of anti-virus, anti-spyware, and endpoint firewall—and BigFix Client Manager for AntiVirus, which allows customers to manage third-party antivirus clients. Patch management, vulnerability assessment, rogue and unmanaged asset discovery functionality is also included.


Click here to read more about BigFixs PC power management tool.

The announcement from the Emeryville, Calif.-based company comes on the heels of McAfees release of ePolicy Orchestrator 4.0 Monday, and as Symantec prepares to ship its Endpoint Protection 11.0 product.

Williams said the company distinguishes itself from McAfees release through scalability and by putting all its focus on the endpoint. BigFix, he said, relies on a fundamentally different real-time architecture that handles security, configuration assessment and remediation on the endpoints themselves regardless of connectivity—public or private networks, connected or disconnected.

"McAfee ePO is still based on a broken server-centric architectural model that is poorly suited for todays highly distributed, intermittently connected assets … a model that demands enormous investments in infrastructure and overhead costs," he said. "McAfee has attempted to integrate a set of disparate solutions—a mere hodgepodge of infrastructure-heavy point solutions."

McAfee officials contend ePO 4.0 lowers the total cost of managing security and compliance. According to data from Insight Express, ePO customers needed 44 percent fewer administrators to manage their environments and required 37 percent less time to manage their networks compared to non-ePO customers. In addition, there was a total security cost savings of 62 percent as compared to non-ePO users.

"The fact is that ePO is highly scalable, with our largest installation consisting of more than five million nodes," said Kevin LeBlanc, McAfees director of product marketing. "ePO 4.0 was designed from the ground up for distributed environments. This includes the ability to handle both virtual and physical servers, as well as both connected and non-connected endpoints," LeBlanc said.

Unlike BigFix EndPoint Defender, ePO 4.0 extends it protection beyond the endpoint to the network, enabling customers to correlate data and push signatures to network file-based appliances as well as endpoint appliances. It also includes data leak prevention capabilities.


To read about BigFix has evolved its patch management, click here.

"A lot of McAfees suite is either homegrown or acquired through acquisition while BigFix OEMs a bunch of its stuff; it OEMs antivirus from CA for example," said Jon Oltsik, an analyst with Enterprise Strategy Group. "I think the real technology distinction is whether a company focuses on security functionality or integration. BigFix went with integration while McAfee is going for the whole enchilada. I would argue that only the biggest firms have the resources to make this happen."

Oltsik sees a growing emphasis in the market on a layered defense that protects the endpoint and the perimeter.

"I believe you see more endpoint security innovation lately for two reasons: 1) more threats, and 2) more mobility," he said. "Endpoint security products have gotten a ton more functionality in a fairly short time frame. We started with AV, added firewalls, anti-spyware, anti-spam, etc. Now we are adding local IPS, NAC, device control, encryption, etc. Users keep buying new products to chase the latest functionality."

Williams said BigFix is converging a wide set of systems and security management functions into a centrally managed, lightweight infrastructure.

"Organizations are trying to eliminate an ever-increasing amount of bloatware and consolidate previous disparate functions into an integrated framework," he said. "(We) will continue to address operational, compliance and security requirements in a single, integrated framework."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.