There’s no doubt the threat landscape is a complex one. Each month brings a new example of a targeted attack against an organization that was previously considered “invulnerable.” This begs the question, “What went wrong?” With today’s targeted attacks, there’s more importance than ever before to review your infrastructure to ensure you have a comprehensive defense in-depth security strategy.
A good place to start is at your endpoints. Endpoint security is critical to protecting your infrastructure, and many times, it is also the first line of defense for companies. Specifically, your endpoint security should cover your desktops, laptops, tablets, mobile devices, and servers (both physical and virtual). The increased pressure from advanced targeted attacks (ATAs) has created a tipping point that requires more advanced endpoint security technology─antivirus alone is no longer enough.
Whether you’re evaluating for a new endpoint security purchase or a replacement solution, here are a few key questions to ask your vendor:
- What protection components are included in your endpoint security solution?
Your endpoint security should not only include the most advanced malware detection capabilities in its “traditional” antivirus component─but it also needs to include comprehensive endpoint security components, such as, desktop firewall, email server antivirus, web filtering, Host IPS, device control, mobile antivirus and device management, application control, and encryption.
- Is there a single management console for all the endpoint security components?
Centralized management across your endpoint security infrastructure is essential to minimizing your operational costs, simplifying your day-to-day security processes, and ensuring you have single-pane-of-glass visibility that fully optimizes your response times. Also, ask if you have the option to operate the management platform on-premises and/or from the cloud.The value of a single management console is significant. For example, MSI International conducted market research comparing organizations using McAfee’s single management console, McAfee ePO, with organizations not using McAfee ePO to manage endpoint security. They found organizations using McAfee ePO experience:
- 41% less time developing security policies
- 45% less time developing security reports for analysis
- 31% reduction in security incident response time
- Will you cover all my devices?
Whether your environment has Windows, Macs, Linux, or Unix─or a mixture of any of these─your vendor should support all operating systems. The solution should also support your mobile devices, including iOS, Android and tablets, and when it comes to your data centers, the solution should include complete protection for your physical and virtualized servers.
- What is your approach to connected security to prevent targeted attacks and zero-day threats?
As you go “under the hood” to evaluate the capabilities, it’s important to ensure your vendor solution goes beyond detection capabilities to provide advanced protection against targeted attacks, often referred to as advanced targeted attacks (ATAs) or advanced persistent threats (APTs). Specifically, the solution should enable adaptive threat prevention by sharing relevant security data across endpoints, gateways, and other security products. In essence, it should allow your security components to operate as one, regardless of physical boundaries, to enable an adaptive threat prevention system against these attacks. Download the McAfee Threat Intelligence Exchange datasheet for further reading on McAfee’s approach.
- What data protection capabilities do you have?
Since an attack’s intended target is the data itself (e.g. customer data, credit card data, intellectual property, etc) it stands to reason that a quality endpoint security solution should also provide comprehensive data protection capabilities, including data encryption, file and folder encryption, native encryption management, device control, and data loss prevention (DLP).
In addition, you should ask about performance and protection features that are enhanced by hardware integration points. For example, McAfee Advanced Encryption Standard New Instructions (McAfee AES-NI) is an instruction set found in McAfee Core processors and latest-generation McAfee Atom processors that increases encryption and decryption performance and reduces processor load. McAfee AES-NI forms the secure backbone for the McAfee endpoint encryption technologies.
And, last but not least, inquire if the data protection capabilities can also be managed by the same console
- Does your endpoint security solution offer incident response capabilities?
Increasingly sophisticated attacks are driving increasing need for endpoint detection and response (EDR) capabilities. As Gartner notes, existing security tools—such as “set-and-forget” endpoint solutions—are no longer sufficient. Organizations need tools to better manage when a breach occurs, including detection, alerting, and rapid response capabilities.
Ask your vendor about their endpoint protection solution’s EDR capabilities, and be on the lookout for features that give you continuous visibility and powerful insights into your endpoints, so you can identify breaches and correct issues faster and in the way that makes the most sense for your business.
With exponential growth in innovations, organizations are under constant pressure to adopt and deploy emerging technologies, such as the cloud, bring your own device (BYOD), big data, and social media. This evolution means your endpoint security is even more critical to your overall security strategy than ever before.
Of course, this list only represents a few of the discussion points to ensure the vendor is aligned with the threat landscape and is able to meet your requirements. But, even at the endpoint, organizations need to practice a layered strategy, so ensure your vendor has technically sound answers to these questions and that their technology roadmap is innovating.