Your Guide to Software Selection

Endpoint Security Requirements

Did you know that 60 percent of cyber attacks on corporations come from people and devices inside the company? Whether the attacks are by malicious employees trying to steal information or by external hackers finding vulnerabilities in your infrastructure, endpoint security software can help protect your company’s valuable resources.

Endpoint security systems provide your company with the means to protect all endpoint devices, such as PCs, workstations, tablets, phones and servers. But in order to get the right functionality from your endpoint protection system, you’ll need to come up with a list of requirements. As luck would have it, we’ve created an endpoint security software requirements checklist to help you decide what features your company needs. Use it in conjunction with our customizable template to create your own list of requirements.
Check out our Endpoint Security Comparison Template

Top Requirements

Policy Management

Policy management is really just a fancy term for what kind of rules you can set for users and devices. Companies can use policy management tools to decide who gets access to certain data and what tasks they have to perform to get it. You can set up policies custom to the user and to the device. You can also set up policy override protocols to allow higher ups access to data wherever they may need it. Additionally, override procedures include alerts and audit trails, making it easy to trace unauthorized access.

Device Based Policies
User Based Policies
Override Policies

Patch Management

Patch management ensures that any security vulnerability is repaired in a timely manner. Many cyber attacks target weak points in a system for which a patch has already been created. But it takes a certain level of vigilance to ensure each device in a company is up to date, especially when using end-of-life operating systems or with a number of employees working remotely.

Patch management automates the collection and delivery of patches company-wide. Some systems can create a convenient list of devices that need patching and allow users to schedule and deploy patches remotely. Patch management also uses machine-learning and analysis to determine patch priority. If multiple patches are needed for one device, your endpoint security solution should be able to determine which is addressed first.

OS and Applications
Asset Management and Discovery
Remote Devices
Deployment Architecture
Scheduling Updates

Configuration Management and Management Options

These tools provides a centralized control panel to manage all your other endpoint security features. System administrators use configuration management to edit and establish policies, receive alerts, view audit trails and detect when users are attempting an override. This allows greater visibility into threats and gives administrators the ability to make exceptions when users need to access certain applications or information.

Symantec Endpoint Security Screenshot

Customize your level of aggression when it comes to protecting your endpoint devices.

Conversely, system administrators have the ability to completely shut down processes when an unauthorized user attempts restricted activities. Furthermore, this is the space in which users can perform or schedule mass updates outside of work hours. But users can install software or update endpoints on an individual basis as well.

Defining and Managing Configuration
Policy Editing
Scalability
Exception Management
Application Control
Automatic Client Updates
Live Security Alerts
Mass Updates
Remote Software Installation and Updates

Device Control

This feature allows users to inspect external devices connected to the endpoint, typically through USB. However, many systems also have the capability to monitor local disk, CD and DVD drives, Bluetooth connection, and cloud storage. Moveover, users can pick and choose which devices to allow and which to block. For instance, you may choose to allow a USB connected mouse but not a USB connected hard drive. Exceptions can be applied using product information such as serial numbers.

Additionally, device control supports encryption of any data that does make it onto an external device. Unauthorized parties won’t be able to access any of the stolen data without the encryption key. Further, device control can extend to offline endpoints or endpoints not connected to the company network. These systems will log all user activity offline, while continuing to enforce usual policies.

Multiple Device Support
USB Device Access Control and Monitoring
Workstations
Encryption Algorithms
Offline Support and Forensics

Check out our Endpoint Security Comparison Template

Advanced Endpoint Protection

Even though the internal threat to corporations is large, it’s still important to ward off outside attacks. Top endpoint security systems provide protection against known security threats as well as zero-day attacks. These systems can block attacks coming from email, social media, P2P applications (like Skype and Dropbox) and websites. This ensures that your devices and employees will be protected where they use the internet the most.

Endpoint solutions protect against threats like viruses, rootkits, Spyware, Trojans, Worms and the like. Companies can utilize these systems to detect and automatically remove threats using heuristics and other advanced detection technologies.

Blended Threats/Malware Protection
Host-Based Intrusion Prevention System (HIPS)/Behavioral Analytics
HTTP/Malicious Traffic Detection (MTD)
HTTPS Malware Detection
Automated Malware and Threat Removal
Web Filtering
Potentially Unwanted Application (PUA) Blocking
Email Filtering and Attachment Scanning
Botnet Protection
Exploit Blocker
Social Media Protection
Peer-to-Peer (P2P) Applications

Server Security

When shopping for a new security solution, you’ll want to make sure all your endpoints are protected. Servers are an especially sensitive endpoint, so it’s important to choose a system that can protect them just as well as it would a desktop PC. Make sure your system can block threats to collaboration servers, data storage servers, internet gateways and your email servers. Some vendors apply existing features to protect your servers, while others use specialized tools for each type of server.

Collaboration Servers
File Servers
Gateway Servers
Email Servers

Data Loss Protection

Data loss protection (DLP) includes tools that allow system administrators to manage the network and prevent data loss and leaks across all company endpoints. DLP works through encryption, customized rules, remote access and user authentication. Encryption tools prevent files from being shared by employees through the internet via chat or email. Further, if the system administrator detects a user attempting to share privileged information, the admin can remotely wipe the hard drive to prevent any breaches.

Screenshot of Kaspersky Endpoint Security

Secure your files by extension to ensure protection of your most valuable documents.

Endpoint Encryption
DLP Configuration
Remote DLP
Secure Authentication

Mobile and Virtual Environment

The same way you need server protection from your endpoint software, your company needs protection for mobile devices, too. Just like with a desktop, endpoint solutions allow restriction of application use. You can choose which apps a user will have access to and can monitor activity as well. For further security customization, admins can set lock screen timers, password requirements and block camera usage. And in the case of stolen or lost property, an administrator can erase all data from the device.

This feature also supports virtualized environment security. Virtualized environments are a great way to maximize capability from existing hardware, but you have to make sure each virtual machine (VM) is protected. Endpoint security solutions provide protection for your VMs even when they exist in the same physical equipment.

Mobile Device Management
Mobile Security
Virtualized Environments
Full Disk Encryption

Security Management Options

On-premise and cloud-based security both have their pros and cons. But since most of the top systems offer both management options, this requirement probably won’t affect your software selection. But it’s still good to look out for so you don’t find the system of your dreams just to learn it’s not offered in the cloud or vice versa.

Cloud systems offer security management from any internet connected device and can provide robust reports and real-time notifications. Cloud-based products also reduce the initial resource spend setting up the system. On-premise software isn’t necessarily more expensive long-term, but it does require more investment up front.

It also gives companies more control and privacy, as all the data is hosted in-house. However, this privacy benefits hackers as well. With an on-premise system, they can launch “practice” attacks on their own servers without anyone knowing what they are working on. It’s much harder to find vulnerabilities in cloud-based products, since they need to be connected to the vendor who would be able to see the attacks.

On-Premise
Cloud-Based
Hybrid

Check out our Endpoint Security Comparison Matrix

Next Steps

After you’ve decided what features and other aspects of endpoint security software your business needs, it’s time to compare vendors. In addition to our customizable template, we also offer a free comparison report detailing the top systems’ features and how they compare to each other. Our analyst team scores each vendor based on how well they offer top requirements, like the ones listed above. Use the report along with your own requirements to see which vendor can offer you the perfect endpoint security solution for your business.

So, what will you be looking for in your next system? Let us know if you have any requirements we didn’t list in the comments below!

Kim O'ShaughnessyEndpoint Security Requirements

Leave a Reply

Your email address will not be published. Required fields are marked *