Any device that connects to your corporate network can pose a security risk to you. Your users’ laptops and personal devices need to have endpoint protection installed for your network to be truly secure. Signature-based detection, the long standard tool of malware identification, can still prevent some attacks, but malware scanning alone can’t keep up with the volume of new viruses being written every day. Many products simply don’t update their malware signatures fast enough to remain relevant. When it comes to endpoint security, innovation and comprehensiveness will be the way of the future.
Questions you should ask when choosing an Endpoint Security Solution
- How good is the core functionality? - Apart from all the bells and whistles that are tacked on, endpoint protection includes three basic things: a malware scanner, a personal firewall, and the ability to control ports and devices. So, how well does your endpoint protection product perform those three basic functions? Does it rely on outdated methods such as signature-based detection? Does it incorporate new techniques like sandboxing, whitelisting, or behavioural detection? How well does it execute on these concepts?
- Will it run on all of my devices? - A typical enterprise has many devices that are connected to its network—not just Windows and Apple computers, but cell phones running iOS, Android, Windows Phone, and even the occasional Blackberry. That’s not even counting the servers. Can your endpoint protection product run on all these devices? Does it run well on different platforms? If the answer is no, you’ll need to either find a solution that’s platform-agnostic, or resign yourself to finding a second solution that will cover the platforms that the first one can’t.
- Will it provide granular data? - Many endpoint protection solutions now provide asset tracking functionality, and enterprise products will include a visor where you can survey all connected devices. How much information can you get out of these viewpoints? If you have many servers and workstations, it may be useful to collect and track statistics on how many computers are running on outdated hardware. Another time-saver is the ability to remotely push updates to connected devices, or push notifications to users and admins. Even if you don’t need these capabilities right away, these features may become more practical as the size of your enterprise increases.
- How does it react to the unexpected? - Let’s say that tomorrow morning, you find that a new piece of malware can exploit a vulnerability in an application you use—a Zero Day has emerged. How long does it take for your endpoint protection to react? In a 2018 study by Damballa, seven percent of dangerous malware went unrecognized by signature-based detection systems for longer than a month, and for as long as six months. More up-to-date methods look for suspicious behaviour to trigger alerts. Whatever solution you choose, endeavour to understand how fast they can react to new threats.
- Is the product well supported? - Aside from all the discussion about feature sets, capabilities, and detection methods, support is the last important question. Emergencies don’t happen on a schedule, so can the vendor get you on the phone with an engineer at the drop of a hat? If not, can they train your staff to support the product on their own? Lastly, is training bundled into the price of the product, or offered separately? As always, having well-trained staff and a thorough knowledge of a security tool is equally as important as the tool itself.
Capabilities to consider before selecting an Endpoint Security Solution
- Personal Firewall
- Port and Device Control
- Application Control and Sandboxing
- Endpoint Data Loss Prevention
- Endpoint Detection and Response (EDR) Technology
- Machine Learning
- Behavioral Analysis
- Vulnerability Shielding
For more information about Endpoint Security and to understand more about your requirements contact us on 0161 300 9643 or email: email@example.com