Making Sense of a Crowded Endpoint Security Market - Part Two

View the original article here

View the entire Feats of Strength magazine here

By Rick Grimaldi, Director of Information Security Services

How K logix helps organizations increase efficacy without impacting productivity or reputation

As outlined in the Spring Feats of Strength magazine, K logix’s Project Advisory Service gives organizations a head start on endpoint security projects.

According to a recent Piper Jaffray survey, 78% of CIOs cite endpoint security as a top priority. Their interest in next generation endpoint security is fueled by a move away from traditional anti-virus solutions that are ineffective and disruptive to the enterprise. But, there is so much noise and clutter in the endpoint market that security teams struggle to identify the appropriate solution for their environment. There are more than 50 vendors laying claim to endpoint security and more than 20 are “next-gen” products. It can be difficult for security teams to understand the varied approaches and to differentiate between products. It can also be hard to understand how a solution will fit within the enterprise, and if multiple solutions are required to effectively secure the endpoints. It is a complex, but important and highly-visible decision. Security teams must ensure the solution does not impact worker productivity because that can damage credibility for the product and for the security team.

K logix Project Advisory Service Brings Clarity to the Market
The experienced Information Security Services team at K logix performed a Project Advisory Service on the endpoint security marketspace to help clients evaluate solutions based on business requirements. In the review the team identified a number of market-wide realities.
The market still lacks clear definitions for basic terminology such as “prevent”, “detain”, “contain”, and “visibility”, which misleads the publics’ perception of each solution’s capabilities. It is necessary to clarify these terms with each vendor to ensure an accurate review. In short, the market is still emerging, and therefore difficult to navigate, which is why K logix undertook this evaluation process to help clients make better and more informed decisions. K logix evaluated nine of the leading endpoint security solutions. Those solutions each fall into one of four approaches to endpoint security. Those include:

DATA DETECTION/VISIBILITY AND INCIDENT RESPONSE – These solutions silently collect and observe countless critical operating system components such as processes, registry changes, file writes, network connections, etc. Once collected, this information is forwarded to a central brain where deep analytics is performed. Differences exist between products as to how data is analyzed and presented to administrators; some solutions provide additional context to data by incorporating threat intelligence while others compare individual host data against other machines within the enterprise to spot anomalies. Products may block some traditional forms of malware, yet as core competencies, typically will not provide direct prevention or blocking capabilities against advanced malware, and instead, are intended to be used as powerful visibility stop-gap tools to reduce the time administrators spend to evaluate indicators of compromise across the organization.

ADVANCED PROTECTION – Solutions falling in this category provide protection through detection and prevention by leveraging unique, vendor-specific malware detection techniques such as machine learning and artificial intelligence. These solutions are typically paired with capabilities for memory and exploit protection. Products differ in the level of protection they offer; some solutions are better suited for a direct replacement to existing signature based AntiVirus and are extremely effective at blocking malware, while others offer complementary protection against advanced exploits.

ISOLATION/SANDBOXING – This approach provides protection by “roping off” certain high risk applications from the underlying operating system. Individual applications, such as web browsers, office suites, email clients, or other high-risk programs can be shunted to a separate, self-contained processing area (container) within the computing environment so that if a threat is present, it will not have access to other critical system processes. These secure areas typically self-destruct when an infection is detected to return the container to a known good state.

WHITELISTING - Whitelisting allows administrators to “lockdown” endpoints so that they will only run approved applications and their supporting dependencies. This type of protection is accomplished by creating an initial system baseline consisting of hashes and application specific fingerprints and comparing all files and programs attempting to run against it. Good and approved applications matching the system baseline will run while unknown ones will be denied the ability to execute. Whitelisting is a strategy to reduce the available attack surface on endpoints.

As standard in the Project Advisory Service, the K logix Information Security Services team formulated a set of business and technical requirements from stakeholders. These requirements were documented and weighted in the K logix Project Advisory Evaluation. The evaluation is not a ranking system; the highest score does not always equal the best solution for the specific environment. Rather, it is a resource to help streamline the product selection process and to prompt conversation amongst stakeholders. For this reason, we have chosen to anonymize the vendor names, so their specific evaluation results were not taken out of context.

For the Endpoint Marketspace Evaluation “General Business Requirements”, including zero impact on worker productivity, protection regardless of network connectivity, and malware protection capabilities were given the greatest weight. Additional business and technical requirements including hardware & software support, ease of administration, reporting capabilities, vendor maturity, and seven other functional categories were also accounted for in the review.

The results of the Project Advisory Service give clients a comfortable starting point when reviewing endpoint security products for specific business requirements. Companies can glean the following from the service:
• Understand the impact various endpoint security solutions might have on worker productivity when deployed within their environment.
• Identify the leading solutions for specific use cases such as point of sale systems, compliance requirements or real-time visibility with incident response capabilities.
• Identify and engage the right endpoint security solution more quickly, by eliminating solutions that do not meet specific business requirements at the start of the project.
• Utilize the right endpoint security solution to ensure the ability to detect and prevent destructive malware.

The evaluation is updated on a quarterly basis as the market evolves quickly and vendors address feature and functionality requirements.
Contact K logix to review the Endpoint Security Marketspace evaluation & identify the best endpoint security solution for your organization.

[poll id="4"]