We have published the Endpoint Security Management Buyer’s Guide paper, which provides a strategic view of Endpoint Security Management, addressing the complexities caused by malware’s continuing evolution, device sprawl, and mobility/BYOD. The paper focuses on periodic controls that fall under good endpoint hygiene (such as patch and configuration management) and ongoing controls (such as device control and file integrity monitoring) to detect unauthorized activity and prevent it from completing. The crux of our findings involve use of an endpoint security management platform to aggregate the capabilities of these individual controls, providing policy and enforcement leverage to decrease cost of ownership, and increasing the value of endpoint security management.
This excerpt says it all:
Keeping track of 10,000+ of anything is a management nightmare. With ongoing compliance oversight and evolving security attacks against vulnerable endpoint devices, getting a handle on managing endpoints becomes more important every day. We will not sugarcoat things. Attackers are getting better – and our technologies, processes, and personnel have not kept pace. It is increasingly hard to keep devices protected, so you need to take a different and more creative view of defensive tactics, while ensuring you execute flawlessly – because even the slightest opening provides opportunity for attackers.
One of the cool things we ve added to the new Buyer’s Guide format was 10 questions to consider as you evaluate and deploy the technology:
- What specific controls do you offer for endpoint management? Can the policies for all controls be managed via your console?
- Does your organization have an in-house research team? How does their work make your endpoint security management product better?
- What products, devices, and applications are supported by your endpoint security management offerings?
- What standards and/or benchmarks are offered out of the box for your configuration management offering?
- What kind of agentry is required by your products? Is the agent persistent or dissolvable?
- How are updates distributed to managed devices? What do you do to ensure agents are not tampered with?
- How do you handle remote and disconnected devices?
- What is your plan to extend your offering to mobile devices and/or virtual desktops (VDI)?
- Where does your management console run? Do we need a dedicated appliance? What kind of hierarchical management do you support? How customizable is the management interface?
- What kinds of reports are available out of the box? What is involved in customizing specific reports?
- What have you done to ensure the security of your endpoint security management platform? Is strong authentication supported? Have you done an application penetration test on your console? Does your engineering team use any kind of secure software development process?
You can check out the series of posts we combined into the eventual paper.
- The Business Impact of Managing Endpoints
- The ESM Lifecycle
- Periodic Controls
- Ongoing Controls – Device Control
- Ongoing Controls – File Integrity Monitoring
- Platform Buying Considerations
- 10 Questions
We thank Lumension Security for licensing this research, and enabling us to distribute it at no cost to readers.