Endpoint Protection Platforms

Anti-Malware and Anti-Virus – Critical to any security program

Protection from malware, including viruses, worms, Trojan horses, rootkits, spyware, key loggers, and ransomware is critical to any business or individual.

End Point Protection has long been THE security solution most businesses would consider minimum adequate protection across an organisation. End Point protection is a critical element of any security architecture for businesses of any size from the smallest businesses to the largest corporations. Organisations falling under regulatory laws and requirements MUST run anti-malware software as a part of their compliance requirements.

Often seen as a commodity type product or solution most businesses believe all Endpoint Protection Platforms (EPP) are the same. Vendors would disagree and state their point of differentiation. From our experience commoditisation isn’t completely true for all platforms. Although most platforms have at their core Anti-virus/ Anti-Malware capabilities, solutions now offer a plethora of feature sets and management options.

Common feature sets include:

Host Based Intrusion Detection and Protection
Anti-Cryptor Controls
Application Controls
Web Controls
Email Controls
Application Whitelisting
Network based Malware Sandboxing
Centralised Management Console
Mobile Device Management (This can link through to the pages on Mobile Device Management)

The solutions are however evolving to include Detection and Response features and capabilities such as:

Hardening/ Vulnerability Masking/ Protection
Investigation (assistance)
Incident detection; and
Incident Response (through orchestration and automation capabilities).

What are the core components a business should look for in an End Point Protection solution?

As is often the case with business requirements and solutions, there is no one size/ solution that is fit for all businesses. As usual the selection and deployment of the right product set depends on the business size, risk appetite, available budgets, compliance requirements, internal resources (available for management, monitoring and response activities) and workload use cases.

Outside of features and capabilities of the various vendors a number of operational metrics should be included within the evaluation criteria.

Secure-ISS recommend the inclusion of the following:

Ease of Deployment
Ease of Management
Ease of Monitoring
Support and Maintenance resourcing (onshore/ offshore)
Operating System Support (and features available on each platform)
Whether the solution will be provided by a third party managed service provider
Does your business require Endpoint Detection and Response (EDR) features
(Accurate) Detection Rates for the solution (there are many third party sites that conduct independent tests (List some here));

Security Orchestration and Endpoint Protection

Over the short to midterm, automated approaches to Incident response are going to be required by organisations large and small! Although not all solutions offer up complete integration at present, for organisations that have a SOC or SOC as a Service (SOCaaS), integration requirements should be considered during an evaluation and selection process.

Why you should consider EPP for Servers as a separate conversation?

With today’s Server workload environment driven by trends such as VMs, Containers, and Hybrid Cloud deployments across Private and Public Cloud, specific tools and strategies need to be considered for these workloads. As such it make sense for businesses to consider the requirements for this workload as a separate exercise from the Endpoint Protection (Desktop/ Mobile) strategy.

In addition to going to market and selecting a product set for internal management and maintenance, organisations have an increasing option of taking requirements to market and purchasing the capability on a consumption based service model. Secure-ISS offer such a Managed Security Service (MSSP) model.

What ever happened to “Next Gen” AV technology?

A few years ago Next Gen AV was all the (marketing) rage. The approaches to detection via Machine Learning, static and dynamic analysis and behavioural based analytics sounded the death knell of Signature only vendors. The marketing and hype has (thankfully!) somewhat subsided and the technology in our opinion is a good addition to the overall EPP landscape. In keeping with our theme and recommendations on a Multi layered security approach, Secure-ISS recommends that businesses evaluate solutions that offer a number of detection capabilities.

Next Steps in Anti-Malware and Anti-Virus..

Although a core component, End Point Protection should be overlayed with other security strategies and solutions in the essential capability to ensure a minimum level of protection for any business.

Secure-ISS can assist with your End Point Protection strategy, through overall security and risk strategy, solution requirements gathering and design, procurement and management. To discuss your End Point strategy or your layered security approach, please get in touch with one of our team.

In September 2017 Gartner defined End Point Protection Platforms as:

…” An EPP is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.”…

(Source: Redefining Endpoint Protection for 2017 and 2018)