WithSecure Elements Endpoint Protection review: Holistic protection at a great price

Finnish company F-Secure offers separate consumer and business security solutions and has relaunched its enterprise endpoint protection portfolio under the new WithSecure brand. The underlying product family remains largely the same, with the Elements Security Center cloud portal providing a central point to manage them all.

The Elements Endpoint Protection (EPP) module on review can look after Windows and macOS workstations, Windows, Linux and Citrix servers, plus Exchange and SharePoint hosts. Along with malware protection, EPP applies web content security and removable device controls, and the price includes patch management for Windows OSes as standard.

EPP's DeepGuard feature exposes zero-day attacks and unknown malicious programs by analysing file contents, system change attempts and program behaviour. An EPP Premium subscription increases yearly device costs to £34 and adds application controls plus WithSecure's DataGuard, which uses behavioural rules to detect potential ransomware activity.

The Elements portal home page provides an overview of licensed products, their status and the devices under protection. The EPP module is accessed from the same console, and its dashboard presents graphs showing the number of protected devices and the status of software updates with a list highlighting vital security events.

Deployment is simple: you can email a link to users or download the agent directly and place it in a central distribution point. Either way, the agent takes five minutes to install, connect to the portal and acquire updates. We deployed the iOS protection app by sending email invites from the portal and, when the app had loaded, it created a VPN link to the nearest WithSecure concentrator and applied reputation-based web filtering. The Elements home page is being updated and currently can't show mobile devices, but the EPP dashboard displayed them without any problems.

A preconfigured read-only profile is assigned to devices on first contact. This enables full protection and allows users to access the local interface, run manual scans and turn off features.

Another default profile is provided that stops users from accessing the agent settings, and we cloned these and used them as a basis for our own profiles. Profiles offer full control and are used to manage real-time scanning, permit users to run manual scans, determine when automatic updates occur and schedule regular system scans.

Web protection includes reputation-based web page scanning, safe search enforcement, browser plug-ins to show link reputations in searches and content control, with a list of 32 URL categories you can block. The infection reports from the older portal have been replaced with a more informative security events view, where you can also enable email alerts.

We were impressed with EPP's lightning-fast reactions: after introducing malware to our test clients, the security events page listed them in 15 seconds with email warnings issued within five minutes.

EPP can be augmented with the optional Endpoint Detection and Response (EDR) module, which provides a proactive stance on attacks that can automatically isolate compromised systems before they affect others. You can also extend your security umbrella over Microsoft 365, as the Collaboration Protection module keeps threats at bay for Exchange and SharePoint Online, and both this and EDR are accessed from the same cloud portal as EPP.

WithSecure's Elements Endpoint Protection is a good-value choice. It's simple to deploy, supports a wide range of client platforms and is easily managed from the Elements cloud portal.