As my customers explore endpoint protection platforms, they quickly discover that there are many solutions to consider. I advise them to evaluate four key features during the selection process.
1. Malware Detection
First and foremost, IT leaders should examine how the platform protects against malware infections on a system. Signature detection capabilities are still necessary to identify common malware threats, but they are no longer sufficient to guarantee protection. Endpoint protection platforms should supplement basic signature detection technology with the use of artificial intelligence and machine learning to rapidly identify systems that are behaving strangely, even if they do not show the telltale signatures of a specific malware infection.
2. USB Device Control
Malicious insiders may use USB devices to rapidly siphon large amounts of sensitive information from organizations and into unauthorized hands. USB devices also pose a risk of malware infection, serving as an entry point onto our networks. USB device control technology allows administrators to restrict the USB devices that may be connected to a managed endpoint, protecting the organization against these risks.
3. Ransomware Protection
Ransomware attacks continue to plague organizations across many industries. The effects of a successful ransomware attack have the potential to cripple an organization overnight, depriving users of access to information about customers, products and internal operations. Next-generation endpoint protection solutions supplement standard malware prevention techniques with technology designed to identify and reverse the rapid file encryption process that is the signature sign of a ransomware attack. Prompt intervention by these solutions can mean the difference between a minor annoyance and a devastating attack.
4. Exploit Prevention
Patching is time-consuming, and the stark reality is that we often don’t apply patches quickly enough. Attackers take advantage of patching delays and often launch attacks immediately after the announcement of a new vulnerability. Modern endpoint protection platforms include virtual patching technology that incorporates real-time threat intelligence to identify these exploits and block them before they reach unpatched systems. This level of protection buys security teams time to apply patches in an organized fashion.
Malware detection, USB device control, ransomware protection and exploit prevention are the four features that provide the core functionality that should be present in any endpoint protection platform. Make sure they they’re present and effective in any product that you evaluate.
Once you’ve satisfied yourself that a platform meets these key requirements, examine the other features that distinguish platforms in a competitive marketplace. These include the use of endpoint detection and response technology to enable proactive threat hunting by active security operations centers, the use of managed endpoint protection services and the incorporation of threat intelligence feeds.