Endpoint Security Suite v3.2

The Senforce Endpoint Security Suite (ESS) is a completely different offering than the other products in this category.

This review is part of the group test: Wireless security 2007

Senforce ESS uses a client installed on workstations to control the workstation’s access to known and unknown wireless devices. The ESS has both a standalone version and an enterprise (server-based) version.

The configuration of the EES application allows the administrator to lock the system down to only attached-to access points (no Ad-Hoc connections) on an approved list. The ESS offering can also deny access to the wireless interface while the wired connection is active.

In addition, all wireless interfaces on the client can be disabled, and ESS can require a minimum set of security features to be met on both the client and access point in order for a connection to be established.

The application is broken into two pieces — the Senforce security client, which provides the enforcement of the policy on the client, and the Senforce policy builder, which provides the security policy to which the client will have to adhere.

In the server offering, a central log management component is provided, as well as tools to push the configuration out from the Senforce server to multiple clients on the network. The Senforce policy builder does require the .net version 1.1 and SQL server version 2005. Once the policy builder is installed, the layout is easy to understand and building policies is relatively easy.

Senforce provided little documentation as part of this review process. A quick start guide would be quite handy to have around when performing the initial install and writing the first few endpoint policies.

Senforce offers several support options. The Senforce website has a knowledge base available, but it is password protected for registered users.

The Senforce Enterprise Security Suite is at the low end of the spectrum for products tested, but the pricing may be misleading because it is licensed on a per-node license, as opposed to a network or hardware device license.