When should you move to Advanced Endpoint Protection technology?

When should you move to Advanced Endpoint Protection technology?

Advanced endpoint protection (AEP) products are often described as the next step in the evolution of conventional antivirus, but when should organizations seriously consider deploying these products, and in what capacity—as replacements, or as augmentations? In a recent enterprise survey by NSS Labs, over 70% of respondents reported deploying AEP products to augment rather than completely replace their conventional antivirus. How an AEP product will be deployed within an organization will depend on that organization’s specific requirements.

If you’re looking to purchase an AEP product, you’ll quickly realize that the buying process involves a considerable amount of research due to the sheer number of products available. To give you some perspective, NSS Labs has evaluated more than 60 vendors for inclusion in our upcoming AEP Group Test.

While investigating AEP purchase options, organizations should consider the following product features:

  • Security effectiveness as it relates to use case (e.g., offline systems, online systems)
  • Impact on user productivity
  • Depth and breadth of system and forensic information
  • Information on indicators of attack and indicators of compromise
  • Threat hunting capabilities and information on threat trajectory and impact
  • Deployment workflow and management interface
  • Interoperability, in terms of both range of capabilities and maturity of features
  • Cost

Keep in mind that many of these features are not easy to measure. Especially challenging is catch rate, and most proofs of concept end up being more feature validation than test due to the use of known (and easily detected) samples. This is why it’s best to test and make decisions based on measurable facts, which produce more uniform results that are easier to compare.

Ultimately, it’s not a matter of if an enterprise will purchase an AEP product, but when. When you evaluate AEP products based on these measurable facts rather than on the abundance of claims surrounding them, it will be easier to determine which products best match your organization’s needs. To learn more about the evaluation process, visit the NSS website and download the second paper in our series on selecting an AEP product.

Follow me on Twitter (@jsnppp) to keep informed as new research is released.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: Advanced Endpoint, Advanced Endpoint Protection, AEP, Endpoint Protection, security posture, security testing, security visibility