The primary reason for an organization to buy an endpoint security solution is to protect its network, systems and data from malware. It is tempting, therefore, to base an assessment of potential solutions largely on malware detection rates. In reality, however, detection tests – no matter how thorough – provide only a snapshot of a security vendor’s ability to provide ongoing manageable protection. There are several other equally important criteria that should be taken into account. It is in the vendors’ approach to these extended security factors that the clearest difference between competing products emerges, allowing a viable shortlist to be created for further evaluation.
First, however, it is important to have an understanding of the changing security environment, in which increasingly open networks and a rapidly evolving threat landscape are presenting IT with new and significant challenges.
The dissolving IT perimeter
It used to be relatively easy to secure the corporate network. It was a physically connected entity used only by internal users. Web browsing was not generally available at the desktop, and data was transferred only by removable media or email. Today, networks as we once understood them are disappearing as the network perimeter has become blurred by the prevalence of new technologies and business practices. Instant Messaging (IM), Voice Over IP (VoIP), peer-to-peer (P2P) file-sharing software, and wireless and mobile devices all offer new ways of transferring data. Network access is given to remote workers, business partners and contractors.
These changes fulfil the real business need to remain competitive, but they also increase the risk of malware and other threats infecting the network via unsecured hardware and unmonitored communication channels.
The changing nature of security threats
Malware is now big business and large criminal gangs, with considerable IT resources, have replaced fame-seeking teenagers as the primary source. The threats they create are low-profile, silent and targeted to avoid the attention of their victims and security vendors alike. These threats do not crash computers or delete files; they steal passwords and financial information.
In addition, today’s threats change with increasing frequency, looking to avoid detection. Over the course of 2007, around 50,000 variants of the Storm (aka Dorf or Dref) worm were seen. There has also been a significant change in the routes used by malware for attack. A move away from infected email attachments – in 2005, 1 in 44 emails had an infected attachment, compared with 2007’s 1 in 909 – has been matched by an increase in the use of blended threats, which use several different technologies to spread their malicious payload.
The challenge for IT
The changes in network environment and the speed and complexity of threats raise major new security challenges for IT. Solutions are needed that go far beyond simply installing up-to-date anti-virus software at regular intervals. They need to address the much wider issues that now exist:
More infection routes and more types of endpoint device need securing
All endpoint computers need assessing and controlling
Compliance with security policy needs monitoring
Fast-moving, zero-day threats demand effective proactive protection.
One answer to the problem is to buy numerous point solutions but, on the whole, IT budgets are not increasing to meet the new requirements. Another drawback is that point solutions increase the total cost of ownership since more security solutions mean:
- More initial purchase and set-up costs
- Slower networks
- More management effort
- Increased support issues (especially when the solutions conflict).
For these reasons, there is an increasing trend away from point solutions towards more consolidated products. Yet despite getting “total protection” from “integrated solutions” businesses are still getting infected.
So how does an organization ensure best protection?
6 critical questions to ask vendors
To ensure that a vendor not only provides best protection now, but is also best placed to address the IT challenges an organization will face going forward, there are a number of important questions that should be asked.
