Will the Real Endpoint Protection Solution Please Stand Up?

It is interesting to watch the trends in information security solutions and the ever-evolving arms race that is unfolding. For the longest time, the industry had been trying to protect data and endpoints by using network-based solutions. The basic premise was to protect everything behind a handful of devices that could intercept and inspect all ingress/egress traffic for whatever kind of badness or malfeasance the business needed to monitor/prevent.

The problem is that data and endpoints just won’t stay put, nestled safely and comfortably behind edge monitoring and protection devices. In fact, company data and devices are transient and with the sophistication of modern malware and use of encryption and other obfuscation technologies, network devices are becoming blinder and less capable of detecting and blocking threats. In fact, with SSL, DGA and tunneling on the network as well as the complete lack of confidence in antivirus on the endpoint, the industry is crying out for endpoint solutions that can truly solve the malware problem and actually protect both endpoints and data.

Recognizing this, traditional network protection vendors and new innovators have made a mad dash to acquire and/or create the latest and greatest “new-hotness” in endpoint protection. In fact, it was never more apparent than at the various security conferences this year. There was an endless procession of booth-babes, free t-shirts and new whiz-bang solutions all claiming victory over the endpoint concern. There is a dizzying array of seemingly competing products all of which overlapped mostly in marketing material. But, most of them have found a unique niche and are actually quite distinct from one another. More specifically, we have found that most of the endpoint products out there are more collaborative than competitive.

To understand exactly what each product does and their associated features and benefits, we put together a matrix spreadsheet and testing methodology. The intent is to help customers identify respective strengths and weaknesses of each product and determine the benefits each will provide to their specific environment, as well as find possible gaps that need to be addressed in another way.

The matrix looks at product functionalities that are key to identifying and combatting modern threats across all types of customer environments. However, we know that every environment is different, and functionality needs to be ranked in accordance with the needs of the organization. Therefore, each feature is given a weight to reflect those needs. The score is an indicator of how the feature performs overall, and the total is the end result of multiplying the weight and score. In this way, tools that have features that are irrelevant to the organization - i.e. the non-applicable features - will not influence the decision process.

The test plan that is provided lays out high-level guidelines for testing and comparing various endpoint protection and investigation solutions. It specifies test environments, connectivity method, scale and key endpoint protection functionality that must be validated for each solution.

We want to provide this to customers as a starting point to evaluate the various solutions and determine what problems the solutions solve within the continuum of things that are possible. Vendors may also find it useful for self-evaluation to identify how/where their products shine. I would love for vendors to complete the spreadsheet for their respective products and even share it with us, so that we can build a database that allows us to correlate/compare the results across a broad array of products.