Do you know what end-point protection tools are running on your desktop or laptop? If not, you can hover your mouse over at the quick access task bar and see icon descriptions. A more interesting question might be - how is that end-point protection tool helping you and your organization stay secure and compliant.
With the advent of technology in all realms, including security solutions, end-point protection tools have also evolved significantly. Typical end-point protection capabilities include anti-virus, malware protection, firewall, Instruction Detection and Preventions Systems (IDS/IPS), vulnerability management and device compliance. More advanced and recent capabilities include application control, data loss prevention, shared policy integration, memory protection along with an integrated central platform.
However, not all vendors have evolved their tools equally. This means, the tools that you had installed a while ago and were perfectly reasonable choice at the time, may not be good enough for today's needs. At the same time, there are extensions of related tools from major vendors that can provide same level of protection services as the original software. In many cases, it may make sense to migrate from one end-point solution from a particular vendor to another. However, changing the protection on a large number of devices can cause unrest among the user community. Here are some guidelines that can help manage the initiative in a structured manner.
First comes the due diligence around the choice of replacement tool. Onefactor that we should consider while evaluating a potential replacement is the quality of the solution. Is it a mature product or something that just came out? We can refer to market research studies, such as Gartner for a quick overview of how the tool stacks up against other choices. Quality, in this context, will also mean performance, ease of deployment, and ease of maintenance and protection capabilities. Compatibility with our existing products is an obvious consideration. If we have a mix of Windows and Mac products then our choice might be different than if we had only Windows environment.
End-point management, if not done right, can be a major overhead. We should thoroughly evaluate available management platforms and their integration with other security solutions. Ability to clearly view the states of end-points is a valuable metric to use to ensure compliance. Further, having the ability to configure various types of alerts is critical in proactive security measurements. Many end-point management consoles come with pre-built reports that can be customized.
Next, we should evaluate how potential replacement stack up against our current footprint, in terms of technologies. Are there existing products that can do a similar job? What is the coverage gap and what is the benefit/effort of covering that gap. Another dimension to consider would be the vendor’s presence in our organization. Will it be a net new relationship or is it an existing partnership? While the difference might be trivial for smaller organizations, managing vendor relationships, agreements and licensing can be a significant overhead.
Lastly, the cost of the solution should be carefully considered. Many vendors bundle their services and it’s not easy to separate out clearly how much end point security will cost. Even, if we can calculate the cost, it may not be possible to get rid of it since it is in the form of a bundled license deal. This forces the organization to go with larger vendors, who may not have the best product, but from a business perspective make more sense since their product is already included in the total licensing vs. a niche player who might have a better product but will increase the overall price.
In summary, organizations should start with putting a list of available solutions and vendors together. Next, they should evaluate each of the available solutions based on the maturity of the solution, compatibility, existing footprint and cost of implementation and management and then decide which solution makes most sense to their organization.
Cybersecurity and Risk Services (CRS) practice lead for Americas at Wipro
Taimoor Malik is Cybersecurity and Risk Services (CRS) practice lead for Americas at Wipro where he is responsible for cybersecurity practice development. He also actively participates in client events and meetings to share current state of cybersecurity, industry trends and challenges faced by organizations.