View
229
Download
0
Category
Preview:
Citation preview
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
1/7
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
WHAT TO LOOK FOR IN
ENDPOINT MANAGEMENT TOOLSChoosing the right endpoint management and protection tool can be a daunting task,but keeping the features you need in mind can help narrow the field. BY ED TITTEL
E-Book
February 2016
D Who Leadsthe Endpoint
ManagementPack?
D The Console’s
the Thing
D What’s ReallyImportant inEndpointManagement?
D Trending Functionsin EndpointManagement
D Key Endpoint
ManagementFeatures
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
2/7
2 E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
HEN IT COMES to
picking endpoint
detection, protec-
tion and manage-
ment tools, you have
a lot of options, but comparing them can be difficult. End-
point management utilities don’t line up neatly against one
another, so you probably won’t be able to do an apples-to-
apples comparison.
Instead, you must identify key features and functions,and approach vendor claims with a healthy amount of skep-
ticism. You must turn those claims into useful information
and consider ease of deployment and use.
The endpoint management market has s omewhat fuzzy
boundaries, so the tools often come with features and
functions similar to security management products. Such
features include asset and software license detection, in-
ventory, and management components. These functions
also deal with matters of governance, policy and control
that have legal and financial implications.
THE CONSOLE’S THE THING
The central and unifying factor of all endpoint management
tools is the console. It’s usually some kind of Web-based
interface that acts like a high-level das hboard. Most compa-
nies share similar concerns and desires for informative and
easy-to-interpret displays, but no two companies are ex-actly alike. As a result, nearly all descriptions of what should
appear on a console differ from one business to the next.
This is also true from one branch or department to the next
in companies large enough to span multiple constituencies,
industries or customer bases.
Flexibility and customizability within consoles are key
attributes. When you’re evaluating endpoint tools it’s es-
sential to dig in and understand how you can configure each
W
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
3/7
3 E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA G EM EN T TO OL S
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
one’s console to display key metrics, alarms and alerts. It’s
also important to know how that information may appear
on a dashboard; it should be properly labeled and easy to
understand.
Likewise, the data that appears as you drill drown into
dashboard elements is of utmost importance. Effective end-
point management involves filtering out some raw informa-
tion—the stuff that you can safely ignore—while prioritizing
and focusing on the information you need. Data filtering
mechanisms, selection rules and policies establishing event
and value priorities all control what makes its way onto a
dashboard’s uppermost drill-down displays. The finer de-tails are there for administrators who need them, but those
people aren’t usually the same ones forced to keep their fin-
gers on the pulse and posture of endpoint security.
Endpoint management vendors tout the things their
products or services can do well, and avoid highlighting
weaknesses. As you’re evaluating and selecting endpoint
management tools, it’s up to you to short-list or pilot-test
products that will meet your requirements. This will give
you a clear sense of what kinds of information about end-
points you and other admins will need to see. Then you can
make sure candidate tools’ consoles meet at least the mini-
mum requirements for data handling, layout and display
capabilities.
VENDORS LEADING THE ENDPOINT
MANAGEMENT PACK
Gartner’s technology research—specifically the MagicQuadrant for the Endpoint Protection market—can inform
administrators, giving them a better idea of which products
to consider. The Magic Quadrant ranks vendor tools in a
specific market.
These endpoint protection and management vendors are
worth further consideration:
n Intel Security/McAfee Endpoint Protection
n
Symantec Endpoint Protectionn Kaspersky Endpoint Security for Business
n Trend Micro Smart Protection for Endpoints
n Panda Security Adaptive Defense 360
n IBM Endpoint Manager
n Webroot SecureAnywhere Business Endpoint
Protection
n Landesk Security Suite
n Microsoft System Center Endpoint Protection
Endpoint management vendorstout the things their productsor services can do well, and avoidhighlighting weaknesses.
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
4/7
4 E-BOOK: WH AT T O LO OK FO R IN EN DP OI NT MA NA GE ME NT T OO LS
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
KEY ENDPOINT MANAGEMENT FEATURES
Though the individual features and functions available
from various endpoint protection and management tools
vary somewhat from one vendor to another, a basic subset
of features is critical. As such, it’s reasonable to expect any
vendor to deliver these (in addition to the console) at the
core of whatever else they offer:
n Anti-malware protection: All endpoint protection
and management products include at least signature-based anti-virus detection, anti-phishing capabilities, and
URL screening or blocking (sometimes called content
filtering).
n Policy-based endpoint management: This covers a
range of possible applications for security policies based
on role, device or user account, and may apply to device
capabilities (such as enabling and disabling ports), data
protection, access controls, security state assessment,network gatekeeping and quarantine, application controls,
and more.
n Threat intelligence: All vendors in the endpoint protec-
tion game offer some form of threat intelligence, either
from third-party providers, or a combination of third-party
feeds with input from their own substantial user popula-
tions. Those user populations can be as large as half a billion
users; McAfee, Kaspersky and Symantec all collect data
from 400 million users or more.
n Mobile device management: Endpoints include mobile
devices such as smartphones and non-Windows tablets.
Google’s Android and Apple’s iOS are the leading mobile
operating systems in use. Modern endpoint protection sys-
tems embrace mobile devices running these OSes, as well
as other less popular ones (such as Windows Mobile, Black-
berry and Symbian).
n Virtual machines support: Modern endpoint protection
tools invariably include per-VM capabilities in addition to
host OSes.
n File protection and encryption: For data in motion, en-
cryption is more common than not in endpoint protection
offerings. But an increasing number of en dpoint protection
tools offer file and storage device (drive-level) encryptionas well.
n Patch, configuration and vulnerability management:
Threats and vulnerabilities go hand-in-hand, so most
endpoint protection tools also include various means for
remediating vulnerabilities which includes patch or
update management. An increasing number of vendors
also offer security configuration management, which
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
5/7
5 E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
relies on regular snapshots of baseline configurations
to establish known, secure configurations that you can
use to scrutinize configuration changes for evidence of
possible attack or compromise. Vulnerability management
helps organizations prioritize vulnerabilities via
risk assessment.
n Asset management: This is also known as device and
software inventory and management. Endpoint protection
and management tools must detect devices as they appearon organizational networks and catalog their security state
and contents. This not only supports patch, configuration
and vulnerability management, but it also providers fod-
der for software policy assessment and enforcement, and
it helps acquire and maintain information about software
licenses that are available or in active use.
TRENDING FUNCTIONSIN ENDPOINT MANAGEMENT
There are numerous features now showing up in end-
point protection and management systems that are a little
closer to the bleeding edge of technology; they’re not as
widely supported in leading tools. At least some of these will
become more widespread over the next two to three years,
and thus subject to migrating into the core functionality
list:
n Advanced security policies: in addition to policy con-
trols, more tools are including geo-fencing and location
aware policies, especially as they relate to data access both
inside and outside corporate firewalls.
n Endpoint detection and response: EDR is a complex
collection of capabilities that usually incorporates patch,
configuration and vulnerability management with work-
flow and tracking to detect, identify, prioritize and reme-
diate security incidents or events in need of response. Automation plays a key role in EDR because zero-day
threats often require immediate reaction, something best
achieved through programmatic execution of proper reme-
diation tools and techniques.
n Suspect file analysis: When you can correlate access to
malware, malicious payloads or information with unwanted
security configuration changes, those items demand in-
spection, analysis, and sometimes remediation. Suchautomated acquisition and handling is becoming increas-
ingly common, especially in tools with EDR components or
capabilities.
n Sandboxing: Some endpoint protection systems in-
clude automated runtime isolation techniques for un-
known or suspect files and executables to prevent attack or
compromise.
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
6/7
6 E-BOOK: WH AT TO LO OK FO R IN EN DP OI NT MA NA GE ME NT TO OL S
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
n Security context/reputation management: Through a
variety of techniques, also often related to EDR, endpoint
protection systems can establish security state profiles to
put potential threats or configuration changes into a larger
security context. This helps guide risk assessment and re-
sponse prioritization.
n Advanced system rollback/clean-up: Some systems
track damaged or infected files and can replace them with
clean versions from a security file repository. Other systemstake regular endpoint snapshots and can use them selec-
tively (file-by-file) or completely (rollback) to repair dam-
aged or compromised systems. Microsoft, for example, does
this in System Center from a “trusted cloud” file rep ository.
Landesk offers a re-imaging capability to correct malware
infections.
n Hypervisor neutral scanning: With increasing use of
virtualization, endpoint protection and management mustsupport various stacks, containers and hypervisors.
n Inventory attestation service: An elaboration on soft-
ware inventory/asset management, this service provides
information about the provenance and reputation for all
executed files, suspect or otherwise.
These added wrinkles and capabilities are just the tip of
an iceberg that reflects the evolving threat landscape, as
well as the need for improved automation and extension
of endpoint security monitoring, management and
response. This is an area that promises to keep extending
and elaborating to keep up with evolving threats, ongoing
vulnerabilities, and the relentless development of new
technologies.
WHAT’S REALLY IMPORTANT
IN ENDPOINT MANAGEMENT?Ultimately what matters first and foremost in endpoint
protection and management is providing end users with
access to the data, applications and services they need (and
are authorized to access or use). Organizations that have to
provide such access must always balance managing risk and
limiting liability or exposure against unnecessary or un-
friendly limitations to productivity and convenience. This
is the fundamental conundrum inherent to information
Ultimately what matters first andforemost in endpoint protection andmanagement is providing end userswith access to the data, applicationsand services they need.
8/16/2019 Ebook_Evolution of Endpoint Management and Tools_Ch3_final
7/7
7 E-BOOK: WH AT T O LO OK FO R IN EN DP OI NT MA NA GE ME NT T OO LS
Home
The Console’s the Thing
Who Leads
the Endpoint
Management
Pack?
Key Endpoint
Management
Features
Trending Functions
in Endpoint
Management
What’s Really
Important in
Endpoint
Management?
THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS
security in all of its many forms and manifestations.
The human aspect of security management should never
be underestimated or ignored, either. The best and most ca-
pable technology still needs to be buttressed and supported
with careful and regular user security awareness training,
whenever you onboard new users, and at regular intervals
thereafter. Users who understand the security implications
of what they’re trying to use endpoints for, and under what
circumstances, are far less likely to tax the capabilities and
boundaries of any endpoint management system. n
ED TITTLE is a 30-plus year IT veteran who has worked as a developer,
networking consultant, technical trainer, writer and expert witness.
Perhaps best known for creating the Exam Cram series, Tittel has
contributed to more than 100 books on many computing topics,
including titles on information security, Windows OSes and HTML.
He also blogs regularly for TechTarget, Tom’s IT Pro, GoCertify and
PearsonITCertification.com.
What to Look for in Endpoint Management Tools
is a SearchEnterpriseDesktop.com e-publication.
Colin Steele | Associate Editorial Director
Margaret Jones | Site Editor
Linda Koury | Director of Online Design
Josh Garland | Publisher
jgarland@techtarget.com
TechTarget, 275 Grove Street, Newton, MA 02466
www.techtarget.com
© 2016 TechTarget Inc. No part of this publication may be transmitted or repro-duced in any form or by any means without written permission from the pub-
lisher. TechTarget reprints are available through The YGS Group.
About TechTarget: TechTarget publishes media for information technology
professionals. More than 100 focused websites enable quick access to a deep
store of news, advice and analysis about the technologies, products and process-
es crucial to your job. Our live and virtual events give you direct access to inde-
pendent expert commentary and advice. At IT Knowledge Exchange, our social
community, you can get advice and share solutions with peers and experts.
COVER IMAGE: KCHUNGTW/ISTOCK
STAY CONNECTED!
Follow @EntDesktopTT today.
http://searchenterprisedesktop.techtarget.com/mailto:jgarland@techtarget.comhttp://reprints.ygsgroup.com/m/techtargethttp://reprints.ygsgroup.com/m/techtargethttps://twitter.com/entdesktoptthttps://twitter.com/entdesktoptthttp://reprints.ygsgroup.com/m/techtargetmailto:jgarland@techtarget.comhttp://searchenterprisedesktop.techtarget.com/Recommended