Product Group Tests

Endpoint security

by Peter Stephenson August 01, 2012
products

GROUP SUMMARY:

The architecture – and especially the security architecture – of the current generation of enterprise is evolving rapidly, perhaps more rapidly than in the recent past. That puts stress on security management for those networks.

One of the things that we note from time to time is the mass evolution of a particular product type. To be sure, there always are those innovators that seem to be constantly updating their products to stay current - or ahead if they can - with the state of the art, but it is not all of the time that an entire product type generates a sea change. The architecture - and especially the security architecture - of the current generation of enterprise is evolving rapidly, perhaps more rapidly than in the recent past. That puts stress on security management for those networks.

If we add such things as cloud computing, SaaS (and today that could mean software or security as a service), and a semi-permeable perimeter, things quickly start getting complicated. As we mentioned in the section opener this month, we now are faced with a strong argument - stronger than in the past - for defense-in-depth. Lest we give too much credit to those who believe that because we must assume 100 percent compromise of every network, defense-in-depth no longer is the answer, the facts suggest that it is, in fact, the only practical solution to securing the enterprise. 

Today, though, securing the enterprise is as much about keeping the bad guys out as it is about keeping the data in. When the demarcation of a network is indeterminate, we really have no choice but to protect the data no matter where it lies. That is, at least in part, exactly what this month's product group is all about: Taking up the slack where the perimeter defenses are ineffective and managing the data from the endpoint.

In years past, the emphasis on endpoint security was specifically the safeguarding of the endpoint itself. This year, we found that the paradigm has shifted to an enterprise-centric model where all of the endpoints in the enterprise are managed and coordination through a single point, such as Active Directory, the rule rather than the exception. Most are maturing toward the same sort of model as most other enterprise-class security products: policy-driven tasking, management and configuration.

Many of the products we tested required an agent - which communicated with a management console - but a few use a very lightweight service. Services can be - but are not necessarily - a much smaller footprint in the device's memory. They are more efficient, more reliable and easier to install than applications. When these agents are tied to something, such as Active Directory, they can leverage existing user groups and organizational units, thus adding to their manageability.

Since a big part of information security today involves preventing data exfiltration, this approach helps keep the data where it belongs: inside the enterprise. By deploying, for example, data leakage prevention both at the perimeter and at the endpoint, data exfiltration at the endpoint using a CD or thumb drive - devices tied directly to the endpoint and not passing through the security perimeter - can be controlled. Additionally, malware that enters the system without passing through the perimeter - carried in on a thumb drive, for example - can be detected and, again, reported centrally.

Overall, we found this set of products to be a good example of the market responding to new threats and new network architectures, both of which necessitate fresh thinking about how we protect our data. The products this month were noticeably more mature, more feature-rich and more tightly integrated with the enterprise security architecture than in previous years.

We also found that attrition due to companies going out of business or being acquired was not as prevalent for this group as it is in many other product classes that we have looked at over the past year. Already, many endpoint products are part of an integrated whole that includes both perimeter and endpoint defenses and ties all of the pieces together through a central console and Active Directory or its ilk. For enterprises of just about any size, but especially large ones, this is good news, indeed.



Sign up to our newsletters

POLL