Addressing the Challenge of Protecting the Endpoint

By Phuong Nguyen

The proliferation of endpoint devices such as desktops, laptops, smart phones, and tablets has undoubtedly created a challenge for IT security teams today. A single employee may have two or three such endpoints approved by corporate IT—and may also log in to the organization intranet using a personal device. Multiply this many endpoints by the number of employees in an organization and you see the potential for a large volume of devices that corporate IT must not only manage but also secure from cyberthreats.

Cybercriminals often exploit the endpoint in order to access an organization’s network infrastructure, servers, and sensitive data. Each endpoint has its own operating system (OS) and various off-the-shelf productivity and/or customized applications installed, and these are all potential vectors for attack if they are not kept up to date with the latest security patches. 

Organizations must protect sensitive data such as customer databases and financial and intellectual blueprints. Aside from needing to protecting its core IT infrastructure, an organization requires an endpoint solution that can quickly detect threats and can protect a variety of endpoints from attack. Additionally, the solution should be able to isolate and contain compromised endpoints to prevent an attack from spreading further into the corporate network.

Organizations traditionally have used antivirus (AV) and next-generation AV solutions to protect endpoints from cyberattacks; today, however, these solutions are not enough as cybercriminals become ever more adept and use advanced persistent threats to launch attacks against organizations. They are also leveraging the growing attack surface and social engineering techniques to breach organizational defenses. 

To protect the endpoint against today’s threats, advanced endpoint protection (AEP) products use sophisticated techniques such as machine learning, pattern recognition, and predictive algorithms to detect and block malware and to contain suspicious activities. Today, most AEP products offer many but not all of the following capabilities:

  • Detection and prevention using

    • Automated policies (mitigate, quarantine, remediate)

    • Application whitelisting

  • Visibility

    • Forensic information on indicators of compromise (IoCs) or indicators of attack (IoAs)

    • Monitoring of endpoint communications (memory, network, input/output, file registry

  • Vulnerability assessment of endpoints (includes operating systems and applications)

Enterprises looking to replace legacy technology and improve their endpoint security with AEP products can find themselves wading through a confusing marketplace that is rife with vendor hype. Many products claim to provide high efficacy through advanced detection and protection techniques, lightweight agents or sensors installed on the endpoint, and overall optimization of costs. However, before making purchasing decisions, enterprises buyers will need to validate such claims using rigorous testing methodologies and independent analysis.

NSS Labs’ latest group test of AEP products provides the empirical data enterprises need to make informed purchasing decisions. Our 2018 AEP Group Test evaluated 20 AEP products using our state-of-the-art testing harness, threat feeds, and active threats. Our AEP test reports can be used to understand the security efficacy of the tested products, the risk of evasions bypassing these products, and the true cost of investing in an AEP product.

Click here for more information on the test methodology used or to purchase the individual Test reports and stay tuned for our link to the 2018 AEP Group Test Security Value Map™, which provides a graphical comparison of Security Effectiveness and TCO across the tested products.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.