Ebook_Evolution of Endpoint Management and Tools_Ch3_final

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

1/7

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

WHAT TO LOOK FOR IN

ENDPOINT MANAGEMENT TOOLSChoosing the right endpoint management and protection tool can be a daunting task,but keeping the features you need in mind can help narrow the field. BY ED TITTEL

E-Book

February 2016

D Who Leadsthe Endpoint

ManagementPack?

D The Console’s

the Thing

D What’s ReallyImportant inEndpointManagement?

D Trending Functionsin EndpointManagement

D Key Endpoint

ManagementFeatures

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

2/7

2  E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

HEN IT COMES to

picking endpoint

detection, protec-

tion and manage-

ment tools, you have

a lot of options, but comparing them can be difficult. End-

point management utilities don’t line up neatly against one

another, so you probably won’t be able to do an apples-to-

apples comparison.

Instead, you must identify key features and functions,and approach vendor claims with a healthy amount of skep-

ticism. You must turn those claims into useful information

and consider ease of deployment and use.

The endpoint management market has s omewhat fuzzy

boundaries, so the tools often come with features and

functions similar to security management products. Such

features include asset and software license detection, in-

 ventory, and management components. These functions

also deal with matters of governance, policy and control

that have legal and financial implications.

THE CONSOLE’S THE THING

The central and unifying factor of all endpoint management

tools is the console. It’s usually some kind of Web-based

interface that acts like a high-level das hboard. Most compa-

nies share similar concerns and desires for informative and

easy-to-interpret displays, but no two companies are ex-actly alike. As a result, nearly all descriptions of what should

appear on a console differ from one business to the next.

This is also true from one branch or department to the next

in companies large enough to span multiple constituencies,

industries or customer bases.

Flexibility and customizability within consoles are key

attributes. When you’re evaluating endpoint tools it’s es-

sential to dig in and understand how you can configure each

W 

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

3/7

3  E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA G EM EN T TO OL S

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

one’s console to display key metrics, alarms and alerts. It’s

also important to know how that information may appear

on a dashboard; it should be properly labeled and easy to

understand.

Likewise, the data that appears as you drill drown into

dashboard elements is of utmost importance. Effective end-

point management involves filtering out some raw informa-

tion—the stuff that you can safely ignore—while prioritizing

and focusing on the information you need. Data filtering

mechanisms, selection rules and policies establishing event

and value priorities all control what makes its way onto a

dashboard’s uppermost drill-down displays. The finer de-tails are there for administrators who need them, but those

people aren’t usually the same ones forced to keep their fin-

gers on the pulse and posture of endpoint security.

Endpoint management vendors tout the things their

products or services can do well, and avoid highlighting

 weaknesses. As you’re evaluating and selecting endpoint

management tools, it’s up to you to short-list or pilot-test

products that will meet your requirements. This will give

you a clear sense of what kinds of information about end-

points you and other admins will need to see. Then you can

make sure candidate tools’ consoles meet at least the mini-

mum requirements for data handling, layout and display

capabilities.

VENDORS LEADING THE ENDPOINT

MANAGEMENT PACK 

Gartner’s technology research—specifically the MagicQuadrant for the Endpoint Protection market—can inform

administrators, giving them a better idea of which products

to consider. The Magic Quadrant ranks vendor tools in a

specific market.

  These endpoint protection and management vendors are

 worth further consideration:

n Intel Security/McAfee Endpoint Protection

n

 Symantec Endpoint Protectionn Kaspersky Endpoint Security for Business

n Trend Micro Smart Protection for Endpoints

n Panda Security Adaptive Defense 360

n IBM Endpoint Manager

n Webroot SecureAnywhere Business Endpoint

Protection

n Landesk Security Suite

n Microsoft System Center Endpoint Protection

Endpoint management vendorstout the things their productsor services can do well, and avoidhighlighting weaknesses.

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

4/7

4  E-BOOK: WH AT T O LO OK FO R IN EN DP OI NT MA NA GE ME NT T OO LS

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

KEY ENDPOINT MANAGEMENT FEATURES

Though the individual features and functions available

from various endpoint protection and management tools

 vary somewhat from one vendor to another, a basic subset

of features is critical. As such, it’s reasonable to expect any

 vendor to deliver these (in addition to the console) at the

core of whatever else they offer:

n Anti-malware protection: All endpoint protection

and management products include at least signature-based anti-virus detection, anti-phishing capabilities, and

URL screening or blocking (sometimes called content

filtering).

n Policy-based endpoint management: This covers a

range of possible applications for security policies based

on role, device or user account, and may apply to device

capabilities (such as enabling and disabling ports), data

protection, access controls, security state assessment,network gatekeeping and quarantine, application controls,

and more.

n Threat intelligence: All vendors in the endpoint protec-

tion game offer some form of threat intelligence, either

from third-party providers, or a combination of third-party

feeds with input from their own substantial user popula-

tions. Those user populations can be as large as half a billion

users; McAfee, Kaspersky and Symantec all collect data

from 400 million users or more.

n Mobile device management: Endpoints include mobile

devices such as smartphones and non-Windows tablets.

Google’s Android and Apple’s iOS are the leading mobile

operating systems in use. Modern endpoint protection sys-

tems embrace mobile devices running these OSes, as well

as other less popular ones (such as Windows Mobile, Black-

berry and Symbian).

n Virtual machines support: Modern endpoint protection

tools invariably include per-VM capabilities in addition to

host OSes.

n File protection and encryption: For data in motion, en-

cryption is more common than not in endpoint protection

offerings. But an increasing number of en dpoint protection

tools offer file and storage device (drive-level) encryptionas well.

n Patch, configuration and vulnerability management:

Threats and vulnerabilities go hand-in-hand, so most

endpoint protection tools also include various means for

remediating vulnerabilities which includes patch or

update management. An increasing number of vendors

also offer security configuration management, which

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

5/7

5  E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

relies on regular snapshots of baseline configurations

to establish known, secure configurations that you can

use to scrutinize configuration changes for evidence of

possible attack or compromise. Vulnerability management

helps organizations prioritize vulnerabilities via

risk assessment.

n Asset management: This is also known as device and

software inventory and management. Endpoint protection

and management tools must detect devices as they appearon organizational networks and catalog their security state

and contents. This not only supports patch, configuration

and vulnerability management, but it also providers fod-

der for software policy assessment and enforcement, and

it helps acquire and maintain information about software

licenses that are available or in active use.

TRENDING FUNCTIONSIN ENDPOINT MANAGEMENT

There are numerous features now showing up in end-

point protection and management systems that are a little

closer to the bleeding edge of technology; they’re not as

 widely supported in leading tools. At least some of these will

become more widespread over the next two to three years,

and thus subject to migrating into the core functionality

list:

n Advanced security policies: in addition to policy con-

trols, more tools are including geo-fencing and location

aware policies, especially as they relate to data access both

inside and outside corporate firewalls.

n Endpoint detection and response: EDR is a complex

collection of capabilities that usually incorporates patch,

configuration and vulnerability management with work-

flow and tracking to detect, identify, prioritize and reme-

diate security incidents or events in need of response. Automation plays a key role in EDR because zero-day

threats often require immediate reaction, something best

achieved through programmatic execution of proper reme-

diation tools and techniques.

n Suspect file analysis: When you can correlate access to

malware, malicious payloads or information with unwanted

security configuration changes, those items demand in-

spection, analysis, and sometimes remediation. Suchautomated acquisition and handling is becoming increas-

ingly common, especially in tools with EDR components or

capabilities.

n Sandboxing: Some endpoint protection systems in-

clude automated runtime isolation techniques for un-

known or suspect files and executables to prevent attack or

compromise.

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

6/7

6  E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

n Security context/reputation management: Through a

 variety of techniques, also often related to EDR, endpoint

protection systems can establish security state profiles to

put potential threats or configuration changes into a larger

security context. This helps guide risk assessment and re-

sponse prioritization.

n Advanced system rollback/clean-up: Some systems

track damaged or infected files and can replace them with

clean versions from a security file repository. Other systemstake regular endpoint snapshots and can use them selec-

tively (file-by-file) or completely (rollback) to repair dam-

aged or compromised systems. Microsoft, for example, does

this in System Center from a “trusted cloud” file rep ository.

Landesk offers a re-imaging capability to correct malware

infections.

n Hypervisor neutral scanning: With increasing use of

 virtualization, endpoint protection and management mustsupport various stacks, containers and hypervisors.

n Inventory attestation service: An elaboration on soft-

 ware inventory/asset management, this service provides

information about the provenance and reputation for all

executed files, suspect or otherwise.

These added wrinkles and capabilities are just the tip of

an iceberg that reflects the evolving threat landscape, as

 well as the need for improved automation and extension

of endpoint security monitoring, management and

response. This is an area that promises to keep extending

and elaborating to keep up with evolving threats, ongoing

 vulnerabilities, and the relentless development of new

technologies.

WHAT’S REALLY IMPORTANT

IN ENDPOINT MANAGEMENT?Ultimately what matters first and foremost in endpoint

protection and management is providing end users with

access to the data, applications and services they need (and

are authorized to access or use). Organizations that have to

provide such access must always balance managing risk and

limiting liability or exposure against unnecessary or un-

friendly limitations to productivity and convenience. This

is the fundamental conundrum inherent to information

Ultimately what matters first andforemost in endpoint protection andmanagement is providing end userswith access to the data, applicationsand services they need.

8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final

7/7

7  E-BOOK: WH AT T O LO OK FO R IN EN DP OI NT MA NA GE ME NT T OO LS

Home

The Console’s the Thing

Who Leads 

the Endpoint 

Management 

Pack?

Key Endpoint 

Management 

Features

Trending Functions 

in Endpoint 

Management

What’s Really 

Important in 

Endpoint 

Management?

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

security in all of its many forms and manifestations.

The human aspect of security management should never

be underestimated or ignored, either. The best and most ca-

pable technology still needs to be buttressed and supported

 with careful and regular user security awareness training,

 whenever you onboard new users, and at regular intervals

thereafter. Users who understand the security implications

of what they’re trying to use endpoints for, and under what

circumstances, are far less likely to tax the capabilities and

boundaries of any endpoint management system. n

ED TITTLE is a 30-plus year IT veteran who has worked as a developer,

networking consultant, technical trainer, writer and expert witness.

Perhaps best known for creating the Exam Cram series, Tittel has

contributed to more than 100 books on many computing topics,

including titles on information security, Windows OSes and HTML.

He also blogs regularly for TechTarget, Tom’s IT Pro, GoCertify and

PearsonITCertification.com.

What to Look for in Endpoint Management Tools

is a SearchEnterpriseDesktop.com e-publication.

Colin Steele  | Associate Editorial Director

Margaret Jones  | Site Editor

Linda Koury  | Director of Online Design

Josh Garland | Publisher

 jgarland@techtarget.com

TechTarget, 275 Grove Street, Newton, MA 02466

 www.techtarget.com

© 2016 TechTarget Inc. No part of this publication may be transmitted or repro-duced in any form or by any means without written permission from the pub-

lisher. TechTarget reprints are available through The YGS Group.

 About TechTarget:  TechTarget publishes media for information technology

professionals. More than 100 focused websites enable quick access to a deep

store of news, advice and analysis about the technologies, products and process-

es crucial to your job. Our live and virtual events give you direct access to inde-

pendent expert commentary and advice. At IT Knowledge Exchange, our social

community, you can get advice and share solutions with peers and experts.

COVER IMAGE: KCHUNGTW/ISTOCK

STAY CONNECTED!

Follow @EntDesktopTT today.