How to choose an endpoint protection suite

Studies show that CSO readers are most likely to know that endpoint protection is the modern iteration of antivirus tools from previous generations. Okay, I made up that first part, but the second part is, of course, true. Antivirus, better known as antimalware, has evolved considerably from the days of dedicated antivirus servers, daily signature updates, and manually managed policies.

Endpoint protection covers much more than anti-malware software. As attack methods and the technology behind them diversify and become more sophisticated, so too must the security tools tasked with protecting the often most vulnerable devices on the corporate network – the ones your users access on a daily basis. . Threat vectors for end-user devices include browser-based attacks, phishing attempts, malware, or spyware. Due to the variety of attack vectors, a variety of protection methods must be used to protect endpoints from compromise.

The term endpoint protection also refers to modern network architecture, which can include various types of devices distributed across multiple corporate sites, potentially even connected to the corporate network through a virtual private network (VPN). or outside the bounds of corporate control, such as an employee. devices owned.

Modern endpoint protection features

What features make up a modern endpoint protection suite? To get started, you need to prioritize a solution that fully embraces a modern hybrid cloud architecture. This could mean that customer devices are spread across disparate networks, including those under company control, home networks, and public Wi-Fi connections.

To maintain the security of these endpoints, your endpoint protection suite must communicate with these devices on a semi-regular basis. This communication typically involves receiving log information about scan results and blocked threats, receiving software and policy updates (or even instructions to roll back those updates), and launching at remote management tasks. More advanced endpoint management solutions can even take advantage of cloud-based machine learning to protect against zero-day attacks (more on that later).

While cloud-based solutions may make the most sense for many customers, don’t assume they’re the only option. Several vendors (especially those that have been around for a while) still offer on-premise solutions with many of the benefits found in a cloud-hosted suite.

The first, and perhaps the most important, management task is the initial deployment and enrollment of devices. Most endpoint protection solutions generate an installer that automatically enrolls the device (at least for Windows and Mac). Some solutions allow you to customize this installation package, defining which components are installed and activated. In most cases, existing infrastructures such as mobile device management (MDM) solutions or policy-based administration tools can also be leveraged to facilitate mass deployments.

Integrating with or even including an Endpoint Discovery and Response (EDR) solution is something you should consider, especially for large deployments. EDR improves the protection of your endpoints by correlating, alerting and automating mitigation steps when endpoint-based attacks are identified. This not only improves the initial protection provided to your endpoints, but helps limit the damage if an initial attack is partially successful (such as a phishing attempt).

The other big reason to look for EDR concerns situations where an attack is successful. EDR can help identify the successful attack, measure the extent and impact on your network, and even identify the root cause. Some endpoint protection solutions even go beyond EDR with options such as Managed Discovery and Response (MDR), which is typically a service where the vendor or partner provides monitoring, tracing services. 24/7 threats and analysis, working closely with your organic security. Staff. Another option is Extended Detection and Response (XDR), an evolutionary step more focused on automating aspects of the investigation process and empowering workflow-based remediation.

Basic Endpoint Protection Features

Endpoint management frequently protects against several attack vectors, including phishing attempts, browser-based attacks, email attachments, and worms. These attack vectors require different protection methods, which come in the form of modules such as antimalware, a personal firewall or even a host-based intrusion detection system (HIDS). HIDS is of particular interest on modern devices because it can monitor system state and critical components to prevent unauthorized system changes, such as additions to startup applications or system services, registry changes, or even changes to the system directory. Combined with traditional preventative security services such as anti-malware software and firewalls, HIDS can provide a last line of defense in cases where your endpoint protection suite is initially defeated.

Securing endpoints involves more than just components. There are always new variants and techniques of malware designed to circumvent security, which means that anti-malware solutions must also mature and become more sophisticated. For example, a polymorphic virus can dynamically change its signature, making it difficult to identify with traditional signature-based protection methods. Heuristic scanning has been around for a while and offers some protection against polymorphic malware, and behavior-based detection is also useful, but endpoint protection with big data-backed machine learning capabilities offers improved protection over either of these methods.

Endpoint protection solutions

Most of the endpoint protection suites listed here have a significant history in the world of computer security. However, this list is not exhaustive and inclusion does not imply endorsement or exclusion or review.

Bitdefender Endpoint Security

I have always thought of Bitdefender as a solution to protect home devices, but a few minutes of browsing its product catalog shows that this is not the case. Bitdefender Endpoint Security comes in three versions, offering increasingly sophisticated protection. Bitdefender’s GravityZone solution offers endpoint protection as well as tools to secure servers, Exchange mailboxes and mobile devices, all from a single pane of glass.

Its GravityZone Control Center console can be installed on-site and allows device management across your entire infrastructure. Bitdefender also offers add-ons that provide additional value, such as patch management, an EDR solution, and security optimized for virtual environments.

Kaspersky Endpoint Security for Business

Kaspersky Endpoint Security is exactly what you expect from one of the heavyweights in the industry: endpoint protection for a range of device types, pre-defined security policies to get you up and running quickly, and the option of cause detection. and kill chain analytics). Kaspersky also offers vulnerability scanning (helps identify missing system patches), outright patch management and device control (restricting access to connected storage devices). Kaspersky Endpoint Security can even discover unauthorized use of cloud services such as personal cloud storage or email and offers tools to monitor time lost on social networking and email services.

Malwarebytes endpoint protection

Malwarebytes Endpoint Protection comes from another vendor that I had previously (unfairly) relegated to the home defense category. Using tools to assess and whitelist properly signed code from popular software vendors and those who pass the Malwarebytes inspection process (they coined the term “goodware”) helps eliminate false positives and optimize the scanning process to reduce performance. Another key feature is the Malwarebytes management dashboard, showing you real-time device health and the status of all events. The dashboard also allows you to prioritize the response to threats with filters based on severity, physical location, and other factors.

McAfee Endpoint Security

McAfee has been around pretty much since the idea of ​​a computer virus became a recognized threat, and McAfee Endpoint Security is the modern highlight of their decades of experience. Incorporating all the components you would expect from an endpoint protection suite, McAfee offers cloud-based architecture, AI-based threat detection, and actionable reports that facilitate rapid progress through the investigation phase and the transition to resolution and elimination of the threat. If that wasn’t enough, McAfee offers both an MDR service and an XDR platform.

Sophos Intercept X Advanced

Sophos Intercept X Advanced uses machine learning and real-time threat data to protect your endpoints against zero-day attacks. Sophos also uses Exploit Prevention to identify potential attack vectors (such as running VBScript in an Office document or DLL hijacking), block the attack before it even starts, and even provide ventilation. of the attack, bringing it back to the root cause. Sophos is another vendor that offers different levels of EDR, XDR and even their MDR solution: Sophos Managed Threat Response.

Symantec Endpoint Security completed

Symantec is now a division of Broadcom, but they are still heavily invested in the area of ​​computer security, and Symantec Endpoint Security Complete (SESC) is its Endpoint Protection offering. Symantec seeks to slow or prevent attacks at every step of the attack chain, whether it’s minimizing the attack surface by limiting connected devices and hardening applications, preventing attacks through behavior detection and machine learning, or by tracking threats and attacks as they materialize to help you sort out and remediate devices.

Copyright © 2021 IDG Communications, Inc.

Source link

Comments are closed.