F-Secure Elements is the newest version of its business-grade endpoint protection suite. Elements has one of the longest lists of supported platforms we reviewed this time around, including macOS, Windows, Windows Server, and Linux for servers and workstations. Both iOS and Android get love on the mobile side, and there’s even a dedicated agent for the Microsoft Exchange email server. Add excellent customization and good threat detection performance, and Elements proves itself a superb protection choice for small businesses. The current version earns our Editors’ Choice award, even though our two other Editors’ Choice winners, Bitdefender GravityZone Ultra and Sophos Intercept X, do a better job at reporting.
F-Secure Elements Pricing and Plans
Similar to Sophos Intercept X, F-Secure only sells Elements via its partner channel, which means its pricing isn’t altogether transparent. F-Secure says Elements starts at $46.20 per device per year, but that’s without the endpoint detection and response (EDR) features, which were a big part of why we liked the product. Most businesses will want these capabilities, but they’ll need to fork over almost double to get them, as they raise the starting price to $83.34 per device per year.
Compared to our other contenders, this puts Elements on the pricy side. By comparison, the full suite of Editors’ Choice winner Sophos Intercept X’s capabilities is available for $40 per device per year and other vendors have even lower pricing, notably Vipre Endpoint Protection Cloud, which only runs to $30 per device per year. Our other Editors’ Choice winner, Bitdefender GravityZone, starts at $57.40 per device per year, but that similarly goes up depending on which features customers select (such as EDR), so its price tag will likely end up fairly close to F-Secure’s.
Bear in mind that channel partners could add additional fees (or discounts) to these prices, so you’ll want to tread carefully and be sure you’re not paying for services you won’t need. If you’d like to evaluate F-Secure Elements, there’s a free trial available on the company’s website.
(Editors’ Note: Vipre is owned by Ziff Davis, the parent company of PCMag.com.)
Getting Started
F-Secure’s web console has undergone a significant overhaul. The home screen launches you directly to a dashboard showing you the number of managed systems and their current protection status. This is handy for checking systems that might have fallen off the grid for a while and not received the latest updates. Also, an EDR panel lists the total number of security events and whether any open detections need attention. Newly added is the Protection for Microsoft 365 panel that keeps you in the loop on any email that has been flagged and quarantined.
If you need more in-depth information, there is a reports section. While the reports were colorful and good for a high-level overview of what’s going on, we found them overly simplistic. The Infections tab and Security events (PILOT) tab are the only truly detailed reports present, and even these are not printable. It’s possible to send a summary report to the site manager, but strangely this is not configurable by an administrator. You can export them to a CSV file, however.
The Software Updater is a built-in patch management system that automatically scans your devices for critical updates for the OS and common software packages, and it should have you covered for many of the heavily exploited apps out there. While this relies on F-Secure’s database, we haven’t found any major software package that isn’t on the list yet, but for more obscure applications, you might still be on your own.
A Strong Focus on Mobile Device Management
Adding and managing devices is easy. To enroll a device, you navigate to Downloads and pick the installer for your platform. One caveat is that although Linux is supported, you can’t find the installer here. Separate instructions are available for that, which is a slight annoyance. Otherwise, the install is simple and nearly unattended.
It is important to understand that once you enable protection on a device, not all protection measures are active until all updates are completed. Malware protection seems to take the longest to turn on, so it’s best to avoid doing anything daring until that update completes.
The Profiles page contains a few basic configurations that cannot be modified. However, you can clone them into new configurations, customize them, and then apply them to devices. The profiles control a variety of switches and settings for scanning, real-time detection, firewall settings, and browsing protection.
F-Secure doesn’t include its own firewall, but it does have a built-in system for managing the existing Windows firewall as part of each policy. It extends Windows’s default firewall rules and lends an extra level of flexibility that you don’t often find in the software firewalls of other security packages. The downside, of course, is that the complexity of the Windows firewall is still there. Fortunately, the defaults that F-Secure has in place are pretty good, so there isn’t much reason for the casual admin to touch them. And none of this applies to Mac or Linux users, which is a shame.
F-Secure’s profile configuration does have a comprehensive device control section for such devices as webcams, external hard drives, and USB sticks. Since rogue hardware is a dangerous vector for malware attacks if the attacker has access to the physical device, it’s a good idea to have the ability to shut these down. Fellow Editors’ Choice winner Bitdefender GravityZone Ultra has a similar feature, and it’s handled well in both products.
F-Secure Elements’ EDR Features
Perhaps one of the best features is the one that comes only with the Premium edition. The endpoint detection and response (EDR) feature is invaluable for handling attacks against your environment. For each threat detected, you’ll get a forensics flow chart showing the origin of the threat (in so far as F-Secure can figure), and you get details for each step taken If you are genuinely unsure of what to do after the automated advance, you can elevate the situation to the F-Secure support staff to help guide you through next steps. This is a killer feature and very helpful to anyone who needs to get to the right answer in a stressful situation.
Testing Performance
As part of our endpoint protection testing process, the first test we performed was against F-Secure Elements’ anti-phishing capabilities. First, we ensured that the F-Secure plug-in was installed into each browser. The installer had already done this in advance, but it requires an extra step to enable it. We then selected ten known phishing pages from PhishTank, a collection of suspected and verified phishing websites. F-Secure detected and blocked all ten.
Next, we used Metasploit’s Autopwn 2 feature to launch a browser-based attack against the system using a known vulnerable version of Chrome with the Java 1.7 runtime installed. It only launched attacks that were likely to succeed in granting a remote shell, and none of the attacks succeeded.
We simulated executing a standard Meterpreter binary tacked onto the end of Windows Calculator. The executable was immediately stopped on launch and removed from the desktop. One somewhat annoying side effect of the test was that it also found and removed the same executable in my network attached storage (NAS) folder, but in fairness, it gets bonus points for diligence. We also tested a set of Veil 3.0-encoded Meterpreter executables that included PowerShell, Auto-IT, Python, and Ruby. All of them were detected, and we were unable to proceed with any further access tests.
Lastly, we disabled the network connection on my VM, extracted a set of known malware executables called TheZoo, and attempted to run them. Each of them was quarantined before it had the chance to run, confirming that F-Secure’s signature-based detection was working well. Overall, the service passed with flying colors.
Third-party testing corroborates these findings. AV-Comparatives awarded F-Secure its Advanced Plus Malware Protection Score with Three out of Three Stars in its September 2020 test. It blocked 100% of the threats in the Real-World Protection Test and scored in the top tier for Performance and Malware Protection.
A Great Overall Solution With Minor Annoyances
F-Secure is a great product that has really tightened up in recent years. While it has some minor flaws in reporting, this is a largely forgivable issue. Bitdefender’s GravityZone Ultra still does a better job with reporting, but F-Secure is certainly worthy of our Editors’ Choice award this year. Given its strong policy management, excellent detection abilities, and a full suite of security tools that extends beyond simple anti-malware, F-Secure has earned its stars.