Guide to Buying Managed Endpoint Security Software
A managed endpoint security product can provide centralized configuration and monitoring capabilities that you wont find in stand-alone anti-virus or more comprehensive Internet security software.
Its a given that any computer that needs Internet access also needs protection from the all the viruses and various other forms of malware it will inevitably come in contact with. Protecting a single PC from myriad of online threats can be enough of a challenge these days, but the job can get a lot harder when youre dealing with a large number of desktops and/or laptops on a corporate network.
When you need to protect a lot of client systems, a managed endpoint security product can provide centralized configuration and monitoring capabilities that you wont find in stand-alone anti-virus or more comprehensive Internet security software. Here are some things to consider when looking for a managed endpoint security product.
At a minimum, all endpoint security products provide basic anti-virus and anti-spyware protection. For the best protection against unknown or emerging threats, look for a product that supplements standard signature-based detection with heuristics and behavioral analysis.
Endpoint security products frequently offer a laundry list of other security features as well. These can include a firewall, spam control, intrusion prevention, DLP (Data Loss Prevention), a VPN client, and disk encryption, as well as things such as control over access to the network, applications, and devices like removable storage drives. These are great features to have if you need them, but since features are frequently bundled together, they can needlessly drive up complexity and cost if you dont. Look for a product that lets you choose the specific features you require up front but still gives you the option to add additional ones later if desired.
To keep deployment and administration as simple as possible, products should preferably use a single client software agent and management console regardless of how many features you opt for.
The cornerstone of any managed endpoint security product is its centralized management console used for command and control, but theyre not all the same. Consoles that are application-based will only work with specific operating systems, and they must also be installed on each computer you want to use to administer the product. Browser-based consoles, on the other hand, run on an included Web server (or in some cases one you may already have, such as IIS) and allow you to install the console once and access it from any system on the network.
With either type of console, take heed of its system requirements, particularly if you dont intend to run it on a dedicated system (consoles can sometimes run on any available workstation PC, or they may need to be run from a proper server). The CPU, RAM, and storage needs of some consoles can be considerable, which needs to be taken into account if it will need to run alongside other programs.
Platform Support and Client Deployment
Platform support isnt a big concern when youre dealing with a lone PC. The software either supports the systems OS or it doesnt, but it can be a major issue when you have a heterogeneous network with multiple versions of Windows (including 32- and 64-bit varieties), perhaps a handful systems running MacOS, Linux versions, or other operating systems, or virtualized environments. Be sure the product you choose doesnt leave any of those systems out of the loop.
Then theres the matter of how to get the client software onto all of your systems. A managed security product should offer multiple deployment options, including, ideally, the ability to automatically push software to clients and perform a silent install, preferably removing any existing security software in the process. A lack of push capability, however, and leave you to rely on a conventional distribution method like a shared network folder or third-party tools to deploy the software.
If you have a lot of remote systems such as telecommuters or mobile workers who are frequently off the network youll want a way to deliver the software to those far-flung systems, such as the ability to generate emails containing the appropriate download links.
Client Configuration and Updates
Most managed endpoint security products get you up and running with a set of predefined security policies, but youll want to make sure any product you choose lets you easily modify those default policies or create new ones without plunging you into a morass of rules and settings. Also, since security policy is seldom a one-size-fits-all affair, look for a product that lets you customize policies for particular systems, users, or groups.
Back to the issue of remote systems. Its a good idea to make sure theyll be able to obtain regular program and definition updates from the manufacturers servers as well as from yours since they wont always be connected to the latter. Moreover, you should be able to configure policies based on location, so that, for example, Windows file sharing can be allowed on the corporate LAN, but not when the systems connected to other networks.
Logging and Reporting
The whole point of managed security is to know whats going on with your network, so a products logging and reporting capabilities should factor prominently into your decision.
Its easy to wind up with a case of information overload due to the sheer volume of data a managed endpoint security product can collect about protected systems. A dashboard view with charts and graphs that provide critical info (such as recent infections and out-of-date systems) at a glance is a good start, but it should also be customizable and not simply report information in aggregate it should be easy to drill down for detailed information on a specific item.
Also, make sure that logs are updated in a timely fashion; with some products you may have to wait several minutes or hours for the latest activity to be visible. Its also important to consider how far back logs retain data for when you are trying to spot historical trends.
Heres a list of endpoint security products you can consider, most of which are for trial periods of up to 30 days:
Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.