Home United States USA — software F-Secure Protection Service for Business

F-Secure Protection Service for Business

124
0
SHARE

F-Secure provides excellent endpoint protection but with a dated, cumbersome management console. We welcome the upcoming update to the console’s look and feel, although it won’t add features we’d like to see such as better reporting, customizable email alerts, and a customizable dashboard.
F-Secure Protection Service for Business (which begins at $39.60 per device per year) is a cloud-based hosted endpoint protection software solution that delivers on most fronts. It supports a full range of popular office devices, including those based on Apple OS X and Microsoft Windows as well as mobile devices running Android or Apple iOS. It even offers server protection for Microsoft Exchange. Since devices are managed from the cloud, it promises to cut down significantly on the amount of time IT personnel need to manage and update client-side antivirus, anti-malware, and firewall configurations. However, while it did well on all of our tests, a weakness against some script-based attacks as well as a lackluster reporting module keep it behind Editors’ Choice winner Bitdefender GravityZone Business Security for now.
Another minor hoop you’ll need to jump through should you decide to purchase it is that F-Secure Protection Service for Business isn’t available directly from the company. It’s only available for purchase through resellers, though a free trial is available on the company’s website.
F-Secure Protection Service for Business’ web console is all business. The Home screen keeps it simple, with an indicator of systems protected and a notification that all software is up to date. But, similar to the overly simple user interface (UI) I found on Avast Business Antivirus Pro Plus, I also found this view in F-Secure Protection Service for Business to be a bit too simple for my liking. For IT professionals, a better way to spend their time might be on the Devices page or Reports page for a better variety of indicators and trends on the latest threats. The Infections sub-tab keeps a running tally of each threat blocked. Sadly, these reports are not printable. It’s possible to send a summary report to the website manager but this is not configurable by an administrator. You can, however, export a list of infections to a CSV file for later analysis. Still, this is a slightly sub-par reporting capability overall and could use some improvement.
Adding and managing devices is easy. To enroll a computer, simply click “Add New Device” and then select the appropriate license. After providing a name, email, and a phone number, a link is emailed to the user to install the endpoint software. Once enrolled, it updates and becomes available on the device list. It is important to recognize that, once the software is installed, not all protection measures are enabled until after all updates are completed. Malware protection seems to take the longest to turn on, so it’s best to make sure clients avoid doing anything daring until that update is completed.
It’s important to note that the Profiles page contains a few basic configurations that cannot be modified. However, they can be cloned into new configurations that can be customized and then later applied to devices. The profiles control a variety of switches and settings for scanning, real-time detection, firewall settings, and browsing protection. Surprisingly, F-Secure Protection Service for Business doesn’t include its own firewall but it does have a built-in system for managing the existing Windows Firewall as part of each policy. This lends an extra level of flexibility that you don’t often find in the bundled software firewalls of other security packages. The downside, of course, is that the complexity is still there. Fortunately, the defaults that F-Secure Protection Service for Business has in place are pretty good, so there isn’t much reason for the casual admin to touch these.
F-Secure Protection Service for Business does have a comprehensive device control section as part of its profile configuration. This generally revolves around devices that could be plugged into the system, such as webcams, external hard drives, and USB sticks. Since this is still a valid method of infection if the attacker has access to the physical device, it’s a good idea to be able to shut these down.
The Software Updater is another novel and useful tool. It keeps a running database of out-of-date software on your computer and can run updates automatically. While this relies on F-Secure Protection Service for Business’ database, I haven’t found any common software that isn’t on the list yet. For some of the more obscure applications out there, you might be on your own. But for many of the apps that are most often exploited, it will have you covered.
My initial testing involved using a known set of malware collected for research purposes. Each was stored in a password-protected ZIP file and was extracted individually. Out of the 110 threats presented to F-Secure Protection Service for Business, all of the items were detected. Furthermore, if there were multiple components to the malware, each was identified individually. While having the threat on disk was not often enough to trigger a warning, after a full scan, everything was identified. Triggering execution also halted the malware from progressing.
To test protection against harmful websites, a random selection of the 10 newest or known-bad websites were selected from PhishTank, an open community that reports known and suspected phishing websites. All of the Uniform Resource Locators (URLs) that attempted attack resulted in a “Harmful website blocked” message in the browser. Also, there’s a button to allow the website if it turns out to be a false positive.
Overall, F-Secure Protection Service for Business was on par with Editors’ Choice Bitdefender GravityZone Business Security when it comes to blocking exploits in my tests. Both Java- and Flash-based exploits were shut down immediately. The first test utilized a flaw in Java 1.7, and below that, lets an attacker run programs remotely if a specific URL is clicked. F-Secure Protection Service for Business quickly shut down the process and reported a threat on the dashboard. Similarly, the Flash-based exploit that allowed remote code execution was also blocked and eliminated. In addition, F-Secure Protection Service for Business successfully detected and removed several PDF documents infected with a Metasploit payload that would have allowed a persistent connection to the machine.
Once malware protection was activated, F-Secure Protection Service for Business was also able to detect several Microsoft PowerShell-based exploits generated by Metasploit. These sometimes tend to go undetected under other platforms, such as in Trend Micro Worry-Free which missed them entirely. One was caught by F-Secure Protection Service for Business’ Deep Guard after launching and the other was shut down as malware. A compiled Ruby-on-Rails-based exploit, however, was not flagged as malware and delivered its payload.
In addition to activating a keylogger, I could sniff keystrokes on websites secured by HTTPS. This goes to illustrate a pervasive weakness in many detection algorithms: scripting engines are generally under-served. While Microsoft PowerShell exploits are very much improved across the board, there are still weak links in the chain.
To further test my access levels, I attempted to elevate privileges by using a common User Account Control (UAC) exploit. Unfortunately, I could gain administrative privileges and proceed to completely compromise the system.

Continue reading...