Over the years, security organizations have amassed a variety of disparate solutions designed to protect endpoints from malware and other security attacks: antivirus, antispyware, host-based intrusion detection and prevention, and host-based firewalls — to name just a few. Each solution requires installation, administration and management. Meanwhile, the number of endpoints connecting to the corporate network continues to increase, resulting in growing risk exposure. And — let’s not forget — cyberthreats are evolving, becoming more sophisticated by the day.
To effectively manage endpoint security, organizations need to ensure that known threats are detected and blocked — on each and every device connecting to the network. Security professionals also need the ability to quickly detect and respond to advanced and zero-day threats. An endpoint protection platform (EPP) can help, but choosing the right one for your organization will take some legwork. This Buyer’s Guide is designed to help you navigate the diverse EPP marketplace.
An EPP integrates many of the security technologies organizations have come to depend upon to protect endpoints against malware and other attacks. Most commonly, EPPs include antivirus, antispyware, ransomware protection, a personal firewall and end-user behavior monitoring. These capabilities are often signature-based. They are most effective at blocking known threats at a device level.
Increasingly, EPP vendors are evolving their solutions to incorporate endpoint detection and response (EDR) capabilities. These advanced features are designed to help security organizations reduce the time it takes to investigate and detect unknown threats. EDR capabilities include next-generation antivirus, greater endpoint visibility, threat hunting tools and automated threat response. Some EPP vendors include these capabilities with their base product while others offer the capabilities for an additional cost.
It’s also worth noting that EPP vendors do not necessarily provide every feature for every OS they support. For example, a vendor may provide offline support for Windows operating systems but not Linux. In choosing an EPP, it’s important to consider the operating systems you need to protect and which features are a must-have for each one.
Given the variety of capabilities and evolution in this market, security organizations should ask about each vendor’s road map. What new capabilities will be added in the near future (particularly as they address EDR), and will they be provided for all supported OSes?
The majority of vendors represented in our Buyer’s Guide charge based on the number of endpoints. Pricing varies widely, from $15 per endpoint to as much as $50 per endpoint per year. For this reason, price will likely be an important factor in the purchasing decision, especially if your company is experiencing high growth.
That said, cost may be offset, at least in part, by productivity gains. Ideally, an EPP solution helps security organizations reduce the operational overhead associated with managing endpoint security while giving them an advantage when it comes to reducing their mean time to detect and respond to unknown threats. However, while most of the vendors in our Buyer’s Guide offer a cloud-based EPP solution, they do not all integrate with SOAR (security orchestration, automation and response) or other SOC (security operations center) automation tools. This lack of integration could mean organizations replace multiple, smaller silos (antivirus, antispyware, etc.) with one big silo (the EPP solution).
Endpoint security, with its myriad technologies, is complex. An EPP offers the potential to simplify endpoint security and give organizations a much-needed advantage against security threats. The key to achieving those benefits is doing your homework so you can make the right investment. Get started with our free Buyer’s Guide.