Tip

Think about performance, data protection when choosing endpoint security suites

Antimalware protection is no longer just about signature-based antivirus and antispyware. It has evolved into the use of complex endpoint security suites with multiple malware detection techniques and features, such as host-based intrusion prevention (HIPS) and full-disk encryption.

    Requires Free Membership to View

More endpoint security resources
Three ways to prioritize endpoint security over perimeter defenses: Midmarket organizations should prioritize endpoint security management over perimeter defenses.
How to secure desktops as suites expand, network perimeters shrink: Learn about desktop security software and policy options, and why deperimeterization may be the best approach for securing desktops.

This two-part tip will cover some of the key points you should consider in choosing, keeping or upgrading your endpoint security software before your next subscription renewal. The second part will focus on centralized management of endpoint security suites and negotiations with vendors.

PERFORMANCE DISTINGUISHES ENDPOINT SECURITY SUITES
The shift to Web-based malware and the explosive growth in the sheer number of threats has forced security vendors to move away from reliance on signature-based detection and bundle in various forms of behavior-based and anomaly detection, HIPS and whitelisting/application control.

"You should only buy what you need, however, malware is getting pretty nasty," said Ed Skoudis, co-founder and senior security consultant with InGuardians Inc. "These packages are pretty all-inclusive, and it doesn't cost vendors any more to put these capabilities into the software."

Testing these complimentary technologies against various strains of malware and attack techniques is very complex. It's tough to tell which vendors, if any, do a measurably better job; the truth is they all miss more than they care to admit.

"Generally speaking, the market is commoditized," said Natalie Lambert, senior research analyst at Forrester Research Inc. "In my opinion, in terms of detection, if you're looking at individual technologies, is there a need to switch out? No."

Performance is another matter. You can and should test the client software's speed and how it impacts performance on fully loaded company laptops and desktops. Run the products on standard company PCs with all your applications.

"You really should evaluate performance, because users will notice the change and complain," Skoudis said. "They will call the help desk, and you don't want that."

ENDPOINT DATA PROTECTION CONSIDERATIONS
Midmarket firms have to deal with many of the same security and compliance issues as large companies do. That means you have to be concerned with the data on your laptops and DVDs, USB drives and MP3 players, and perhaps guest access controls and hygiene checks on devices coming onto the company network.

Not long ago, desktop protection was pretty straightforward: primarily signature-based antivirus and antispyware and, probably, a personal firewall. Your business' requirements have changed, and endpoint security suites are complex products designed to meet those requirements. Here is more you need to consider:

Full-disk encryption. This is rapidly becoming must-have security for midmarket companies that are concerned about data breaches and, in particular, state breach notification laws, PCI DSS and other regulations.

Device control. Some companies have gone to the extreme of disabling USB ports, but device control allows them to take a more flexible approach. This can range from prohibiting all use of removable storage to policy-based controls that require use of corporate USB drives, encrypting copied data, content-based controls over what can be copied, etc.

Application control. This is some form of whitelisting, a valuable approach that can prevent malware from running on company PCs by limiting the number of authorized applications. This can get messy in complex environments with many different desktop images. Application control may also include blacklisting to enforce restrictions on IM, P2P, Skype, etc. Whitelisting can be particularly effective if you run only a handful of apps.

DLP. Endpoint data loss prevention provides insight into what users are copying to their PCs and what they are doing with it, but everything you add has an impact on performance, and if it adds cost, consider passing on it, at least until you are prepared to deploy it as part of a larger DLP project. "DLP [in an endpoint security suite] is using a sledgehammer to crack a nut," said Lambert.

Send comments on this technical tip editor@searchmidmarketsecurity.com.

Join our IT Knowledge Exchange discussion forum; please use the midmarket security tag.


This was first published in August 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.