The release of a new tool from DigitalPersona shows that the evolution of endpoint protection and management software is evolving from traditional client/server to hybrid approaches that make use of a cloud-based control and management console program.

The software includes several modules for locking down your endpoints, including better sign-on passwords than the standard Windows choices and the ability to centrally manage whole disk encryption policies too. It costs $2 per endpoint per month.

Having a hybrid client/cloud security program has some theoretical appeal. You don’t have to worry about your users forgetting to install the latest updates or turning the protection off. You can instantly see what is happening across your network and find out which PCs are protected and which aren’t. And when the time comes to deploy new PCs across your enterprise, there is less software to worry about, since the client piece will download what is needed from the Internet. By foregoing a central management server, you don’t have to bring up a local network connection to update your client, a nice plus.

The hybrid idea isn’t new, by any means. Microsoft’s Intune, for example, uses a similar hybrid client/cloud approach and offers a wide spectrum of protection including anti-virus, inventory and patch management, and centralized desktop firewall and security policy management. It costs $11 per endpoint per month. And traditional anti-virus makers like Panda, McAfee, and Trend Micro all have offered similar client/cloud versions of their desktop security tools for at least a year or more.

Network access control products were the buzz of 2006-7, but since then the products have seen less press play as they turned into deployment nightmares. A few, such as Symantec’s Endpoint Protection, survive and even thrive (and just released a new version this past month, too). But despite this lull in hype, the need for better endpoint protection is still there.

But the downside to DigitalPersona and other hybrid products is that the connection between client and cloud can be imperfect: sometimes you need to reboot your client PC to keep it synchronized with what the cloud thinks it should be doing. Or that the lightweight client piece turns out to be particularly fussy and require all sorts of Windows updates or additional software pieces to function: our test XP with SP3 machine required one such update before the DigitalPersona client could be properly installed. Another issue is that some products won’t work with 64-bit Windows versions, Windows Server OS’s or non-Windows endpoints (DigitalPersona, like Intune, is strictly for Windows but it does support 64-bit versions as well as 32-bit ones, for example.)

And not all cloud-based consoles are created equally: this is where conducting a free trial is worth the trouble to see how each service is managed. Things to check include what kinds of reports are available, how the central service alerts you to exploits or potential trouble PCs, and how flexible the settings are for these tasks to your particular needs. The console for DigitalPersona was fairly clear cut: you can set up groups of PCs, assign them protective policies, and deploy agents with just a few mouse clicks. Each protective feature though is individually licensed, which is a bit maddening.