WithSecure (formerly F-Secure) is headquartered in Finland, though it maintains a presence in over 100 other countries. The award-winning company's emphasis is on cyber security, so we couldn't help but take the WithSecure Elements Endpoint Protection platform for a test drive to see if the Finnish security giant had done it once again to make this one of the best endpoint protection software services out there.

WithSecure Elements Endpoint Protection: Plans and pricing

If you're trying to decide whether WithSecure Elements Endpoint Protection (hereby shortened to 'Elements' for the rest of this review), is within your organization's budget you won't find much guidance on the main product page. 

Despite a dazzling and detailed overview complete with glossy, downloadable brochure, interested parties are invited to contact WithSecure's Sales department via the website.

Fortunately the company do offer a 30-day free trial of the platform for up to 10 devices. WithSecure don't demand credit card information for this - just an e-mail address to which they can send a one time password to enrol you on their systems.

There are separate editions of 'Elements' both for Computers and Servers. This review focuses on the version for computers. 

WithSecure Elements Endpoint Protection: Features

After downloading the product brochure, we discovered that the platform features depend on which particular version of 'Elements' you have installed. 

WithSecure Elements Endpoint Protection Standard incorporates 'advanced' anti-malware and patch management, as we'd expect to see for a platform of this kind. WithSecure's own 'DeepGuard 6' does this using a combination of heuristic and behavioral analysis - in other words, the platform doesn't rely only on signature-based scanning. 

The 'Premium' tier also includes additional anti-ransomware protection with application control, as well as WithSecure's own 'DataGuard', which periodically monitors sets of folders for changes made by ransomware and other harmful programs. It can also only allow verified 'safe' applications to access these folders.

WithSecure's Security Cloud also provides real-time threat analysis and prevention. We were delighted to learn that patch management is also integrated into the platform. While we're on the subject of patching the platform offers downloads for protecting Windows and Mac clients, though we understand the server edition can protect Linux servers. 

Protection for mobile devices is also available via WithSecure Elements Mobile Protection. Although this is listed as a separate product on WithSecure's website, We mention this as mobile protection is listed as a feature of 'Elements',  seems you can actually add mobile devices via the 'Security Center' via an installation e-mail or configuring relevant servers.

WithSecure also claims that 'Elements' can provide web protection by blocking access to phishing sites. We also noted that the agent software installed a plugin to the Microsoft Edge browser optionally forcing 'strict' content filters on search results for Bing, Google and DuckDuckGo. This has limited security value but could shield users from adult content. 

WithSecure Elements Endpoint Protection: Setup

Of all the platforms we've reviewed 'Elements' certainly ranks amongst the easiest to set up. We've mentioned already that in order to access the 30-day trial you only provide a valid e-mail address, to which a one-time password is sent. On first login, you can then sent a more personalized passphrase. 

On first login to the cloud portal we were (correctly) told that no endpoints had been set up but were also invited to click on the large 'Go To Endpoint Protection' button to see the options to either generate an install link or go to the dedicated 'Downloads' section.

Having chosen the latter, we were impressed to see agent installers for Windows (in both MSI and EXE format), as well as macOS (in MPKG format). We used one of our 10 free trial licenses to download an installer onto our Windows 11 test machine.

The tiny 2MB installer launched quickly and moments later the app popped up in the system tray saying that our test machine was now 'protected'. We were especially impressed to see more detailed information in the pop up, explaining this meant the agent was up to date, as well as that malware and browsing protection were active.

WithSecure Elements Endpoint Protection: Interface

When reviewing endpoint security platforms, we usually focus on the cloud management console. After all this is where network managers will spend most of their time. Agent software is usually very threadbare, given it's designed to help admins to manage endpoints remotely.

'Elements' bucks this trend however, in that the agent software is actually quite comprehensive and configurable. The options are also well-spaced, so are very easy to navigate.

The 'Malware Protection' window has simple rocker switches for the anti-malware, DeepGuard and DataGuard features, which are enabled by default. The 'Scanning Section' options are disabled out of the box however, as the agent uses real-time scanning to prevent threats before they happen. 

The 'Firewall' section is really a glorified interface for Windows Firewall but we don't deduct points for this, as it makes sense that all system security settings should be configured from one interface.

The aforementioned 'Web Content Control' option (disabled by default) can also be enabled to enforce 'strict' results for select search engines. Only system administrators can change settings.

The 'Security Cloud' has a similarly minimalist interface. Still, despite its simplicity the main dashboard presents helpful information like 'Workstation Protection' and 'Software Update' status.

The 'Devices' section similarly provides a rundown of all essential information at a glance, such as which features like anti-malware, are enabled. A series of hyperlinks at the top of the window allows managers to drill down into more specific information - for instance we clicked 'Show Security Events' to see the results of our tests.

The bottom of the window also displays an array of large buttons to push actions to the device such as installing software updates and running scans. This may be a little in the face but makes it much easier for managers to view all available options.  

WithSecure Elements Endpoint Protection: Performance

When testing Endpoint Security platforms our first test always involves attempting to download a fake computer virus, provided by the good people of EICAR. 

We fired up our Windows 11 test machine and loaded the website. Ignoring Edge's security warnings, we downloaded our test virus in compressed (ZIP) format to the 'Downloads' folder. As soon as we attempted to extract the file the 'Elements' agent immediately detected and quarantined it. 

After we clicked the pop up notifying us of this, the agent actually displayed this security event along with a hyperlink to 'View description online'. This took us to WithSecure's online threat database, which provided more information about the nature of the virus. This is a very impressive feature, as most other platforms only make this kind of information available via the cloud console.

Our next test was to try to copy a new, real virus that we'd caught in the wild onto our test machine's 'Downloads' folder. As we opened the window to do this, once again the 'Elements' agent detected, blocked and quarantined the file. It then immediately ran a scan to make sure our system was clean.

When we chose to view more information online about the virus this time, we saw that the agent hadn't blocked this file because it matched a known virus but because it detected the files had features similar to a 'trojan dropper'. This is strong evidence that WithSecure's claim to use behavioral analysis to detect harmful files is true.

Our final test was to log in to the 'Security Center' to see what alerts had been generated. The main dashboard didn't throw up any issues but when we chose 'Show Security Events' for our test device, they were listed there.

WithSecure Elements Endpoint Protection: Final verdict

WithSecure Elements Endpoint Protection is an excellent platform. Its very simplistic interface belies the complexity of the tools used to maintain endpoint security such as the 'DeepGuard' machine learning that detects actual and potential malware.

Setup takes only minutes and the platform passed our test with flying colors, detecting both a dummy virus file as well as a recent one based on its behavior instead of basic signature scanning. 

The only reservations we have about 'Elements' are minor: we feel IT Managers on a budget would appreciate it if WithSecure displayed a clearer pricing model on their website. With due deference to the server version of the platform (which we haven't reviewed), ideally the platform would also offer agent software for Linux endpoints as well as Windows, macOS, iOS and Android. 

Certain other endpoint security platforms we've reviewed also offer client-side e-mail scanning for certain apps, though this doesn't seem to be supported in the 'Elements' agent. Naturally it may be possible to manage mail gateways via the server edition of 'Elements' but that's outside the scope of this review.

As we've said, these are minor criticisms and given that the platform offers a 30-day trial, you have nothing to lose by putting it to the test. We feel you'll be as pleasantly surprised as we were. 

We list the best MDM solutions currently available.

For over 25 years VMware has been developing cutting edge virtualization software and leading the way in cloud computing. VMware Carbon Black (formerly Bit9) was acquired by the virtualization giant in 2019. The company has a specific emphasis on cloud-native endpoint security solutions. 

Its creation, VMware Carbon Black Cloud Workload Protection, provides vulnerability assessment and inventory management for workloads hosted on vSphere ( VMware's own suite of server virtualization products) but VMware claims that this protection can be extended beyond their own workloads to your endpoints such as desktops, laptops and servers.

As such in theory, the platform allows organizations to manage and protect any number of endpoints via a single agent and console. 

So, is this platform one of the best endpoint protection software solutions, or is it better to stay carbon neutral? Read on to find out.

VMware Carbon Black Cloud: Plans and pricing

Despite a detailed product page, VMware encourage interested parties to 'talk to an expert' if they wish to deploy VMware Carbon Black cloud meaning their pricing model remains opaque.

This is the missing silver lining from black cloud, as despite its impressive capabilities, most users would expect to see at least a minimum price by way of a guideline.

VMware does however list 'Endpoint Protection Bundles', which come in three main tiers.

'Endpoint Standard' incorporates VMware's 'next-gen' antivirus as well as the platform's Behavioral EDR (Endpoint Detection and Response). There's also an option for managed alert monitoring and triage.

The next level 'Endpoint Advanced' includes all of the above plus risk prioritized vulnerability assessment, as well as real-time device assessment and remediation.

The 'Endpoint Enterprise' tier apparently offers 'Enterprise EDR'. Despite an informative datasheet on this feature, we weren't sure what this offers above and beyond the aforementioned 'Behavioural EDR'. VMware's data sheet for Carbon Black Cloud however does clarify that it supports using threat intelligence and customizable detections. 

As always when providers are vague on pricing we encourage readers to contact VMware directly to obtain an exact quote. Although no free trials are offered, VMware offers an excellent "Hands on Lab" where you can try out a simulation of setting up and using Carbon Black Cloud.

VMware Carbon Black Cloud: Features

VMware's product page drills into more details on how Carbon Black Cloud can keep your infrastructure safe. For instance, the aforementioned 'Next Gen Antivirus and Behavioral EDR' is clarified as being able to "analyze attacker behavior patterns over time to detect and stop never-before-seen attacks, whether they are malware, fileless or living-off-the-land".

This is a bold claim, as LOTL (Living off the Land) attacks are some of the hardest to detect, given that they use an operating system's own tools to launch the attack, so attackers don't have to install any code or scripts.

This protection is available for both Containers and Kubernetes. 

The 'Managed Alert Monitoring and Triage' is also clarified as information provided by VMware's own security analysts, who can provide validation and clarification as well as monthly reports.

Carbon Black Cloud also supports "Real-Time Audit and Remediation" - in other words, managers can easily monitor the health of active systems and harden security for workloads as necessary.

VMware Carbon Black Cloud: Setup

As we mentioned there's no trial version of Carbon Black Cloud but interested parties can sign up for the "Hands on Lab" which uses an interactive tutorial to try out the platform. The simulation covers basic installation, configuration and use.

In order to get started you only need to register a user account and password, after which you can access any of the labs. You can launch the Carbon Black Cloud lab for up to 90 minutes but in practice we found this was plenty of time to become familiar with the platform.

On first launch, users are introduced to the various tiers plus an overview of the Carbon Black Cloud Workload Plug-in, which is designed to provide security for cloud workloads. The lab goes on to explain that the connection between the Carbon Black console and your vCenter Server is managed via a Carbon Black Workload Appliance - this is bundled with the plugin in a single '.ova' (open virtual appliance) file.

This 'Cloud Workload Appliance' is an on-premises based control point, which collects workload inventory data. You can install one appliance for each vServer Center.

To get started users need to download the relevant .ova file from VMware's website, then log in to VMware's vSphere to deploy it via uploading it from their device. This is covered in the online guide.

After uploading, users need to confirm the license agreement and choose the storage type (in this case 'thin provision), before selecting the network that has connectivity to the vCenter Server. The appliance will then begin to import and deploy.

Once this is done, the workload appliance can be powered on to reveal an IP address which users can access via their local browser. This has to be done in order to register it with the vCenter Server. After doing this and signing in, the appliance dashboard will appear. The final step involves configuring SSO (Single Sign On) Registration to create a service account for the appliance to interact with the vCenter SSO server. Users also have to create a custom API to interact with the Carbon Black cloud.

You can repeat these steps for as many vCenter servers as you want to manage, although naturally only one API and secret key can be used per appliance. 

VMware Carbon Black Cloud: Interface

Once the "Hands on Lab" has talked users through the setup process, you can start to have more fun via the interactive simulation for the Carbon black plugin. The 'Summary' page gives an excellent overview of CWP (Cloud Workload Protection) via a series of widgets.

Chief amongst these is the 'Health' section which displays the status of the CWP appliance. The 'Inventory Status' section displays a broad overview for workloads, such as notifying users that Carbon Black is enabled. 

The 'Affected Assets' and 'Vulnerabilities' section display how many assets have been compromised in some way, broken down by operating system type.

We were especially impressed by the dedicated 'Vulnerabilities' tab, which provides an excellent overview of all discovered threats broken down by type (Critical, Important, Moderate, Low and All).

Specific vulnerabilities also have a specific risk score, which you can view by switching into 'Vulnerability View'. These are well laid out, with a clear indication of key information like the asset name, as well as the OS name and version. You can even click a link to the 'National Vulnerability Database' to view an in-depth description.

The 'Monitor' tab also displays a detailed and easy to follow view of workload vulnerabilities. The 'Inventory' page also provides an easy to read overview of workloads for which you have and have not enabled CWP. (You can move between both lists with a single click).

The importance of a clear and easy to follow interface in this case can't be overstated, as Carbon Black Cloud can potentially be used to manage thousands of endpoints. 

VMware certainly deserves bonus points for the fact that it's very easy to see a clear overview of principal assets and vulnerabilities, as well as drill down into specific details with just a few mouse clicks. This is particularly impressive given that some other reviews we found online criticized the interface for being overly complicated, when it's anything but. 

VMware Carbon Black Cloud: Performance

When testing endpoint security platforms our usual tests involve attempting to download a fake computer virus using the browser on our test machine, as well as trying to copy a recent, new one we caught in the wild into its 'Downloads' folder to see how the platform reacts.

Given that we could only experience VMware Carbon Black Cloud via a simulation, it wasn't possible to run these tests. However given the platform's advanced threat detection, we're sure it would prove more than a match for simplistic tests like these.

We can comment, however, on the setup process. Frankly without the helpful interactive videos from the online "Lab", anyone but an experienced network security professional would probably struggle to set up and configure the platform correctly. This may be a factor for small organizations who may not have a dedicated in-house network admin capable of navigating the rather involved setup process.  

VMware Carbon Black Cloud: Final Verdict

As we've said, the setup pross for VMware Carbon Black Cloud is one of the most involved we'd seen but we're sure its developers would argue this is a reflection of the fact it's designed to manage the security of potentially thousands of devices. Still, this is balanced out by the excellent online lab, which walks interested parties through the process. VMware are also renowned for providing excellent tech support, so

Once set up correctly, there's also no argument that the interface provides an excellent overview of assets, workloads and vulnerabilities without overwhelming users with information. 

The only real criticism we can level against the platform is that we'd like to see more details on pricing on the main page. Even if bespoke quotes are necessary for organizations, listing a baseline price could help organizations decide if this endpoint security solution's within their budget. 

We've featured the best MDM solutions.

South Korea is one of the world's most technologically advanced countries. The home of the tech giant Samsung boasts speed-of-light fiberoptic broadband, and is a world leader in robotics.

As such, it's not surprising that South Korea is also the home of Ahnlab. Since 1995 the company has been producing security solutions like antivirus, firewalls and intrusion prevention systems.

In the company's own words, Ahnlab V3 Endpoint Security software is a, "...comprehensive endpoint protection solution that provides strong protection and proactive defense for computers in enterprise environments."

This sounds irrefutable on paper but does Ahnlab's creation live up to its claims to be the best endpoint protection software?

AhnLab V3 Endpoint Security: Plans and pricing

As we've mentioned, AhnLab is a South Korean company. We received a stark reminder of this when visiting the company's online store to find the entire website was in Korean with no English language option.

Scouring through the various products we were able to find prices (in South Korean Won) for Ahnlab's "Internet Security" and "Office Security" offerings but not for Endpoint Security itself. 

You can, however, download a free 30-day trial directly from the website without providing any contact information or a credit card. This is a welcome change from other endpoint security solutions which often require users to register an account and/or provide payment information first. 

Having criticized the lack of language options for the online store, AhnLab do maintain a product page and detailed brochure listing the main benefits of their software.

Chief amongst these is the ability to provide real-time protection against trojans, viruses, worms and spyware. This seems to work in tandem with AhnLab's "Smart Defense" feature, which uses cloud-based scanning of suspect files, meaning the client program doesn't have to be constantly updated. This can be combined with threat intelligence and real-time program analysis. The product page also claims the software can generate detailed reports, though in our tests we found we had to dig around a little to find them. 

The software can also scan DNS settings to check for hijacking, as well as block malicious URLs. 

AhnLab also list "Device Control" as another feature of the software, apparently meaning that control of devices when integrated with AhnLab’s central management solution, for instance to authorize specific removable media for endpoints.

We were glad to see this, because as far as we could see the software is only available as a standalone installer on individual machines but neither the website nor manual provide any clarity on exactly how devices can be centrally managed. 

AhnLab V3 Endpoint Security: Setup

As we've said, all other endpoint security solutions we've reviewed such as Webroot Business Endpoint Protection involve creating an online account from where endpoint devices can be managed via a cloud console. From there, administrators can deploy client software to enroll endpoints.

AhnLab simply offer a download link to install their Endpoint Security software directly on the target machine. This is a refreshing change from companies like Microsoft that require you to register credit cards and other information before allowing you to trial their products. Still, this could be a concern if your organization has a large number of endpoints to manage.

Although the software's only currently available for Windows, any version from Windows XP Service Pack 2 is supported (though we wouldn't recommend running this for security reasons). Windows 11 is not listed as a compatible OS but the software ran on our Windows 11 test machine without any issues. 

The setup wizard only requires you to enter a user name, company name and install location before setup begins. Users do have to restart their PC to begin using the "Smart Scan" feature but once this is done the program window launches automatically from the system tray. 

Although endpoint security software is more than just antivirus, we did see that Windows Security settings had been updated to list AhnLab Endpoint Security as the system's antivirus scanner of choice. 

AhnLab V3 Endpoint Security: Interface

AhnLab Endpoint Security's interface is spartan to say the least. The main window has large buttons for running an update, "full" and "quick" scans, as well as "System Optimization".

Other options like the can be accessed from the very top of the window. This includes the 'Security Center' from where you can see an overview of blocked threats. From here you can click into a category e.g. 'PC Security' to view more details.

Special mention should also go to the 'Active Defense' section which lists currently running threats. By default AhnLab's "Smart Defense" is enabled to allow real time scanning of processes, to intercept potentially harmful running programs.

Apart from the 'Settings' area which can be used to perform tasks like tweaking scan settings, this sums up the entire interface. We've called it 'spartan' but it might be better to refer to it as 'threadbare'. The software contains none of the functions we've seen in other endpoint security solutions such as an integrated firewall, e-mail scanning or browser plugins.

AhnLab V3 Endpoint Security: Performance

Although it's easy to slate AhnLab Endpoint Security's barebones interface, it's certainly not lacking when it comes to detecting and preventing threats. 

When reviewing endpoint security platforms our first test is always to try to download a fake computer virus, provided by the good people of EICAR.

When we attempted to do this using the Microsoft Edge browser on our test machine AhnLab Endpoint Security immediately detected the threat and deleted the file before it could be accessed.

Our next test is to copy a new, real computer virus we caught in the wild to the 'Downloads' folder on our test machine. We do this to check that the endpoint security platform can detect potentially suspicious files rather than simply comparing file signatures to a known database of threats.

No sooner had we begun to try to copy the real computer virus from a network drive when AhnLab Endpoint Security's 'Real Time System Scan' picked up on it and automatically quarantined the file.

Our final test for endpoint security platforms is to check the centralized cloud console to see if an appropriate alert has been generated. Given that AhnLab Endpoint Security has to be installed directly on target machines, we decided to open the software there instead.

We were able to access the software's log from the 'Tools' section. From here we could view all listed threats and click into each one to view a 'File Analysis Report', detailing the program name, size and the type of threat it presented.

Our only complaint is that other endpoint security platforms often will display recent alerts in the main dashboard to ensure they're not overlooked. We had to do some digging to view detailed information about these threats, made easier by the fact we introduced them ourselves. 

AhnLab V3 Endpoint Security: The competition

As we've said, AhnLab Endpoint Security stands out from other EPP's (Endpoint Protection Platforms) we've reviewed in that there's no automatic, centralized interface for managing endpoints.

This has serious implications if your organization has a large number of devices to enroll, as there doesn't seem to be a way to deploy the client software besides downloading and installing it to each machine.

Compare and contrast this to competitors like Sophos Intercept X Advanced, which provided a cloud platform, from which you can easily download the client software configured for your endpoint or even send out links to allow installation remotely. 

AhnLab's Window-centric approach also ignores the reality of modern workplaces, where 49% of Gen Z employees are more likely to accept a job if they're offered Apple products. If this is important to people in your organization you should consider more platform-agnostic endpoint security solutions such as Microsoft InTune, which is available for Windows, macOS, iOS devices and Android. 

AhnLab V3 Endpoint Security: Final verdict

Given the language barrier and the fact the product doesn't seem to be listed on AhnLab's online store, we can't comment on whether it's competitively priced. We can say though that AhnLab V3 Endpoint Security is only a solution for very small businesses, running only Windows devices. This has to do with the time and effort involved manually installing the software on each device, as well as the fact the software is only available for one platform.

The lack of centralized cloud management also makes it impossible for network managers to perform routine endpoint management tasks, such as configuring device policies, pushing updates and reviewing threat intelligence analysis. In fairness AhnLab do claim it's possible to centrally manage devices through their platform but their website is thin on detail.

The threat detection and prevention routines are solid, plus the use of 'Smart Defense' means you're not wholly reliant on workers in your organizations manually running updates to detect malware. Still, the platform is limited compared to other endpoint security solutions which offer features like file restoration for protection from ransomware and integrated firewalls.

Much as we applaud the ease of setup, it's doubtful AhnLab Endpoint Security will provide the protection that most organizations need.  

We've listed the best MDM solutions.