Skip to main content

Will the real endpoint protection solution please stand up?

December 04, 2014

It is interesting to watch the trends in information security solutions and the ever-evolving arms race that is unfolding. For the longest time, the industry had been trying to protect data and endpoints by using network-based solutions. The basic premise was to protect everything behind a handful of devices that could intercept and inspect all ingress/egress traffic for whatever kind of badness or malfeasance the business needed to monitor/prevent.

The problem is that data and endpoints just won’t stay put, nestled safely and comfortably behind edge monitoring and protection devices. In fact, company data and devices are transient and with the sophistication of modern malware and use of encryption and other obfuscation technologies, network devices are becoming blinder and less capable of detecting and blocking threats. In fact, with SSL, DGA and tunneling on the network as well as the complete lack of confidence in antivirus on the endpoint, the industry is crying out for endpoint solutions that can truly solve the malware problem and actually protect both endpoints and data.

Recognizing this, traditional network protection vendors and new innovators have made a mad dash to acquire and/or create the latest and greatest “new-hotness” in endpoint protection. In fact, it was never more apparent than at the various security conferences this year. There was an endless procession of booth-babes, free t-shirts and new whiz-bang solutions all claiming victory over the endpoint concern. There is a dizzying array of seemingly competing products all of which overlapped mostly in marketing material. But, most of them have found a unique niche and are actually quite distinct from one another. More specifically, we have found that most of the endpoint products out there are more collaborative than competitive.

To understand exactly what each product does and their associated features and benefits, we put together a matrix spreadsheet and testing methodology. The intent is to help customers identify respective strengths and weaknesses of each product and determine the benefits each will provide to their specific environment, as well as find possible gaps that need to be addressed in another way.

The matrix looks at product functionalities that are key to identifying and combating modern threats across all types of customer environments. However, we know that every environment is different, and functionality needs to be ranked in accordance with the needs of the organization. Therefore, each feature is given a weight to reflect those needs. The score is an indicator of how the feature performs overall, and the total is the end result of multiplying the weight and score. In this way, tools that have features that are irrelevant to the organization - i.e. the non-applicable features - will not influence the decision process.

The test plan that is provided lays out high-level guidelines for testing and comparing various endpoint protection and investigation solutions. It specifies test environments, connectivity method, scale and key endpoint protection functionality that must be validated for each solution.

We want to provide this to customers as a starting point to evaluate the various solutions and determine what problems the solutions solve within the continuum of things that are possible. Vendors may also find it useful for self-evaluation to identify how/where their products shine. I would love for vendors to complete the spreadsheet for their respective products and even share it with us, so that we can build a database that allows us to correlate/compare the results across a broad array of products.

Related Blogs

July 06, 2017

Indicators of Compromise (IOCs) are Not Intelligence

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence b...

See Details

June 28, 2017

Petya / Petna / NotPetya Ransomware Recommendations from the Trenches

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats, includ...

See Details

December 16, 2014

One Endpoint Agent to Rule Them All

As a significant part of my job, I regularly help customers architect and roadmap network, security and investigative technology solutions. At some po...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

September 08, 2010

Malware Mitigation Trends: Utilizing the Latest Weapons Against the Modern Malware Threat

In the malware mitigation market, there are divisions among the vendors. The perspective of the vendor, detection philosophy and technology approaches...

See Details

January 20, 2014

POS Malware - A Long-Term Mitigation Solution | Optiv

It has been reported that the KAPTOXA operation responsible for recent breaches to two major retailers – and potentially more – utilized a variant of ...

See Details

July 07, 2017

Enterprise Incident Management Program Primer

The Optiv EIM framework covers all the components necessary to respond to and manage an incident.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.