In my last post, I concluded that choosing the endpoint security solution that best fits your business is more important than debating whether a product is or isn't “next-gen.” This time around, I'll share some considerations for how to go about finding that ideal solution.
If you're considering an endpoint security change, it's likely because there's something that gives you pause about your current software. Maybe you've been hit too many times by ransomware. Perhaps you're not sure how and where threats are getting into your environment. Or maybe you're just frustrated with the day to day management hassles from your current AV product. Regardless, you see the need for something better for your business.
The first question you should ask is: am I ready to rip out my current AV product and replace it with something new? Or should I add new technology that runs alongside what I currently have to supplement my protection?
The rip-and-replace approach has some obvious advantages. It's a “cleaner” approach, leaving you with just one ecosystem to manage. It's likely less expensive, at least from a licensing standpoint, than adding a second product. And you don't have to worry about the challenges of compatibility, overhead, and conflicting information that sometimes comes with running two agents.
On the other hand, it's not always practical to start fresh with a brand new solution. Maybe you're only one year into a three year contract for your current AV. Or perhaps you feel that what you have now is working but you want to augment it with additional, newer capabilities, like anti-ransomware technology. This could lead you toward a supplemental solution. Indeed, if you choose well, it's feasible you'll end up with a range of technologies that all work together as a seamless system.
Whichever route you follow, you'll want to make sure you achieve the three key goals of endpoint protection: prevent threats from reaching the user or from running in the first place; detect attacks that are in progress or have already occurred; and respond effectively to infections or exploits once they're identified.
It's especially important to consider this spectrum of protection when adding a second product to run alongside your existing AV. I've seen some companies implement two endpoint products that both focus on preventing the execution of malware; meanwhile, there's nothing in place to limit exposure to malicious websites, detect command and control communications, or clean up an infected system. A car with good antilock brakes doesn't need a second set of brakes; a new set of tires will be a better investment. Likewise, your business is more secure when you cover all your bases instead of doubling down in a single area.
Remember, too, that an endpoint security solution is more than just a set of technologies, much like a car is more than its braking distance and its 0–60 time. Consider how an endpoint candidate fits into your environment, and take it for a test drive before buying.
The administrative burden should be a key focus. You want to fit the capabilities to your capacity to make effective use of them. If you commute in stop-and-go traffic, a 300-horsepower engine doesn't do much for you except waste gas. Likewise, an endpoint protection feature that requires weeks of configuration and testing before deployment may become “shelfware,” whereas a seemingly “throwaway” feature that's on by default could make the difference in preventing a data breach.
Matching the product to the knowledge and skills of your team matters, too. In-depth forensics and analytics capabilities can be empowering to an incident response team that's thirsty for more information. For an IT generalist in a small business, all that data and complexity is likely to be a distraction; perhaps a simply presented explanation of how the threat got in would be preferable. New technology should improve your workflow, not encumber it.
Finally, keep in mind that no security product exists in a vacuum. Look to avoid unnecessary overlaps and to fill gaps in your current environment. Seek out opportunities to consolidate the number of management consoles and servers you have to maintain. Embrace integration that lets products work together as a broad system that's greater than the sum of its parts.
Whether you supplement what you have or replace your AV with something all new, upgrading your endpoint protection is an important commitment. Make sure that it's the right fit, not just technically, but as an integral part of your organization's overall security posture. You'll know you've found it when you and your colleagues are working less hard to much more effectively prevent, detect, and respond to all types of threats, from ransomware to zero-day exploits.Let me know in the comments how you are trying to—or have already—fit endpoint security to your organization.