If you've been using an antimalware protection product without strong central management capabilities, you're overdue for a change, especially with multiple detection engines and other security capabilities, such as full-disk encryption, application and device control, and data loss prevention (DLP).
First, think in terms of a single vendor. Companies that have gone the best-of-breed route may have multiple clients running on their PCs -- antivirus/antispyware, firewall, encryption, device control, maybe network access control (NAC) -- all managed separately. Look for one product suite that meets your needs. It's a lot easier if it's already available from the same vendor, integrated into the package and managed from the same console.
"Get out of the idea of best-of-breed security, and look for what you can get out of these packages," said Natalie Lambert, senior research analyst at Forrester Research Inc. "Look for operational efficiencies for small IT teams."
Look for these essential management capabilities:
- Centralized signature deployment, including control over signatures to make sure they are actually deployed.
- Centralized reporting for things such as malware infection detection, and how it is spreading. This includes centralized alerts for quick response.
- Managed configuration and deployment, enabling you to tweak configurations and push them to all desktops.
- A single-management console for multiple security technologies, the ability to create policy and report on it.
- "If you are looking to consolidate of security and management, it's just more policy across more tools," said Lambert. "It's that one single pane of glass."
- The ability to run remote scans and diagnostics.
NEGOTIATE WITH SECURITY VENDORS BEFORE YOU RIP AND REPLACE
For the most part, consider switching suppliers only if your current vendor doesn't have products with the management capabilities, state-of-the art malware/threat detection, and/or the security tools you need.
Otherwise, proceed with caution. Don't rip and replace if the endpoint security company is meeting your needs. There's just not that much differentiation among the major players, and switching is a daunting project.
"Don't underestimate the transition difficulties and cost," said Ed Skoudis, co-founder and senior security consultant with InGuardians Inc. "It's hard to move from one of these products to another."
That's particularly true for large enterprises; the time, effort and actual cost is prohibitive.
"They know they can't switch, and the vendors know it as well," Skoudis said.
However, switching may be a credible threat for midmarket companies, where it's not such a massive undertaking. In this economy, vendors are being very competitive in pricing. Or, you may be able to cut a deal for a better support package.
"These companies are always looking to make a deal to steal a customer," Skoudis said. "Definitely try to negotiate the best price you can."
Send comments on this technical tip email@example.com.
This was first published in August 2009