UNDERSTAND THE MOTIVATION TO PURCHASE

Endpoint protection (EPP) remains a fundamental component of any organization’s security posture. EPP products are valuable to enterprises not only as security controls, but also as tools for visibility into resource consumption, file integrity, the presence of attached devices, and more. And with the emergence of advanced endpoint protection (AEP) products, enterprises are expecting even more from their endpoint products.

But is there a single feature that distinguishes more conventional products from “advanced” products? That’s a hard question to answer. AEP products are not easily defined; they most notably differ from conventional antivirus products by their underlying detection technologies and depth of forensic visibility, as well as by their management workflows, deployment options, and “threat hunting” toolsets.

When evaluating specific AEP products, organizations must ask:

• How well can the product catch threats both online and offline?
• How does the product handle previously unknown threats?
• How much visibility does the product provide, both into threats and into the host operating system?
• Does the product capture information about indicators of compromise and indicators of attack?
• How does the product impact adjacent applications? Is business continuity affected?

Before making a purchasing decision, organizations looking to replace or complement EPP products with AEP products should first determine their use case, their expectations for the product, and how they’ll measure the product’s success. For help answering these questions, visit the NSS website and download the first paper in our series on selecting an AEP product.