Cyber security companies are all announcing their latest and greatest endpoint solutions, and clients are asking about the value of moving from traditional antivirus (AV) to these endpoint suites. There are a number of things to consider to make sure you get the value from an endpoint investment:
- Is your organization subject to compliance requirements? If so, you want to confirm that any solution you consider meets the compliance requirements that apply to you. Compliance requirements often lag behind the latest solutions, and you may technically need to have antivirus to “check the box” even if an endpoint solution provides more actual protection.
- Does you organization use mobile devices? Not all endpoint suites include mobile coverage, so be sure to ask that question early on in the vetting of any solution.
- Which services are important to you in an endpoint solution? Options include asset management, configuration management, patching, disk encryption, data loss prevention (DLP). You will want to know which services are most critical to you, which (if any) you already have covered by current solutions that you will either maintain separately or replace with the endpoint solution, and what processing power and disk space will be needed to support the various options as older hardware may not be able to without affecting productivity. Ask your Reseller if they can assist you with comparison guides, endpoint assessment, or proof of concept.
- Who will monitor the solution? Some solutions include monitoring, others do not.
- Can you correlate the data from the endpoint solution? One of the benefits to these endpoint suites is the addition of the log data that they create, and you can gain even more insight if you add correlation with other logs – such as core servers, firewalls, IDS/IPS, etc. Most of the time the endpoint vendor will not offer correlation with other logs, but you can look to MSSPs to provide it. Our ProVision solution is one example of a vendor-agnostic platform with threat intelligence.
- How will Incident Response be handled? What happens if the endpoint solution indicates a compromise that it couldn’t prevent and remediation is needed? You will want to incorporate the solution into your Incident Response plan and/or have an Incident Response firm on retainer if needed.
A recent poll showed that almost half of the respondents planned to choose an endpoint solution in 2018. If you are among that group, we hope you find these questions helpful to your decision-making process.