We just raised a $30M Series A: Read our story
2015-10-25T12:50:02Z

When evaluating Endpoint Security, what aspect do you think is the most important to look for?

112

Let the community know what you think. Share your opinions now!

ITCS user
Guest
1515 Answers

author avatar
Top 5Real User

Ariel,


Thank you for your question hope you are finding many answers to assist you here. My own opinion on this will probably be in line with multiple others here.


Several questions I like to ask during this process are as follows:


-Will this be hosted on cloud or on-prem?


-AI or machine learning threat model is a must today


-If hosted what are SLA's for detection, response, ability to view dashboards, what is your level of access to that dashboard, can you disable an agent quickly if needed and what is that process?


-Is this for your own environment or do you want to host it for someone else?


-How well does the product work when disconnected from the internet? - This is a key factor for me. If the product fails when disconnected from the cloud move onto another product.


-How well can the product recover should it miss something? Are you able to retrace the events that caused the issue?


-Cost per endpoint vs cost of being down due to infection.


-Easy to deploy


-What OSs does the product work on? Does it support Linux and what versions of Linux?


There are several questions for you on this. I hope they help you or others.


Thanks.

2021-10-11T14:41:50Z
author avatar
User

Being more advanced than a signature-based system. Its ability to detect lateral movement and not just remediate but prevent attacks before they start.

2020-09-14T16:28:34Z
author avatar
Top 20Real User

Solutions that are simple and easy to use can also leverage all available threat intelligence sources.  Must help proactively to prevent and mitigate any endpoints risks.


Vulnerability Threats and Patching with automation - Identify any misconfiguration, Vulnerability apps, settings or ports to regularly scan and suggest measures and auto-protect.  Even if no fix availability should be able to be captured the manual fix or workaround from vendors or the security community to apply the fix.


Should cover all aspects of unified endpoint security across platforms Windows/Mac/Linux/MDM- 


Configurations Management, Threats and Patching, Software Deployment, OS Deployments, Mobile Device Management, System Tools, Browser Security, Vulnerability Management, Application Control, Device Control and Bit Locker Management.


Should help auto-updating drivers, AV updates, browser updates etc and flexibility in controlling our rings fenced updates accordingly.




2021-11-18T20:56:18Z
author avatar
Vendor

On any given day, an amazing new technology could swoop in and fundamentally change the way you do business. That’s exciting, but there’s a downside to today’s technology-driven world.


New and unpredictable threats to your cybersecurity are forming all the time, and it’s next to impossible to stay ahead of them all. From assessment to cybersecurity, from ongoing support to network and infrastructure design, trust your network services to no one but the very best. 

2021-10-13T16:24:29Z
author avatar
Top 5Real User

The days of signature-based solutions are end of life. AI threat detection with human monitoring is where we are at today: Sentinel One, Crowdstrik, FieldEffects, Carbon Black. Check out Red Canary.  

2021-10-13T01:19:18Z
author avatar
User

Besides what's been already mentioned, I would also explicitly mention automation (API) and data export options. 


How good is the information provided, e.g. the threat/vulnerability database? 


How complete and useful are the reported findings, and how easy are they to interpret and explain? 


Is it possible to configure and manage exceptions, e.g. to manage obvious false positives reported, exceptions granted, "old news" or classifications of the findings that are obviously off? 

2021-10-12T10:19:36Z
author avatar
Top 5LeaderboardReal User

ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective? 


You could invest millions, what's good enough in your environment?

2021-10-11T13:20:54Z
author avatar
Real User

Security, Managment and easy deploy

2021-03-27T20:21:18Z
author avatar
Top 20Real User

Most important is the ability to recognize, stop and remove malicious software. 

2020-07-27T16:03:16Z
author avatar
Real User

Key points for me are speed, scale & reporting, and I generally classify my toolkit into these compartments.

2017-10-26T13:10:15Z
author avatar
Vendor

evaluation of endpoint protection should look at what the product offers for prevention, detection and remediation. On prevention does the product provide basic exposure prevention, the ability to prevent the end users device from navigating to known malicious sites, or to insert an unauthorized external media (usb). Does the product prevent the execution of malware, either through heuristics matching, emulation, downlaod reputation or signatures. If exposed to malware does the product provide robust malicious action detection, run time behaviors, exploit detection, malicious command and control beaconing etc. Last the product needs to include robust remediation capabilities, not simply malware removal but the ability to understand the root cause of the threat and what led to the detection of malicious activity. With that last bit of information you should be able to scan the network for other similar indicators of compromise, so you can fully remediate the detected activity. Often malware today involves the exploit of running applications with no payload delivery, in these situations it is critical that the endpoint product can detect/block and take action on memory resident threats. It gets fairly complex, but the key evaluation criteria are what does it do to Prevent, Detect and Remediate malicious activity. Any vendor without a good story for all of this is just a point solution in the overall security posture for your company.

2016-03-04T16:15:51Z
author avatar
Real User

Coverage. Performance. Enterpriseness :-)

2017-12-08T21:08:05Z
author avatar
Vendor

Speed (installation, detection, scans), low impact (on boot, memory). Then price etc.

2017-10-26T14:08:40Z
author avatar
Vendor

I agree with Stephen, but also would like to add that I think it's important to evaluate which attack vectors the solution will block. Oftentimes I see people do testing with only known malware samples. One should test with known samples, unknown malware 0days, as well as exploits.

2015-12-04T21:44:28Z
author avatar
Consultant

Endpoint Security should be proactive, the days of reactive endpoint protection are far gone. I have evaluated many End Point Security products and what stands out with all of them is they are very similar and are all working towards the proactive approach. Most technology being used are the same with a few exceptions. The answer to this question must be based around the organization looking for the solution. Some Company's don't allow BYOD there for mobile endpoint solutions are not needed
Generally I look for Suppliers Support, Price, Ease of installation and removal.

2015-11-17T12:59:44Z
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: November 2021.
554,873 professionals have used our research since 2012.