In our testing of 10 endpoint security products, we found that no one product does everything. You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff. While there is no single product that can suit all situations, endpoint configurations and IT requirements, there are a few key things to consider in your purchase:
1. Going agent or agentless. A few of the products we tested don’t require endpoint agents, but the trade off is that you will need to setup LDAP or clean up your Active Directory domain and make use of network switch SNMP management and other connections to your network fabric.
The upside of the agentless approach is that the product can track endpoints that might be used to compromise your network, such as IP cameras and other embedded devices that aren’t running traditional endpoint operating systems.
Another upside is because there is no code installed on an endpoint nothing is exposed to a potential attacker.
+ MORE ENDPOINT SECURITY: 7 trends in advanced endpoint protection +
A third advantage to going agentless is that some products with agents only have them for particular Windows versions and are still working on their Mac and Linux agents. Other products have begun to recognize the mobile universe and either integrate with mobile device management tools or (in the case of Comodo) have specific iOS and Android agents.
2. What does the endpoint user see on their desktop?
Products that install endpoint agents vary widely in terms of what an end user can observe and how stealthy they operate: some obscure any listing in the Windows Control Panel Programs list or taskbar icons, others operate more like ordinary applications. And those that operate without agents are completely invisible, of course.
3. How is the product configured and managed?
Each product has a combination of web and native management consoles, and some (even the SaaS-based tools) have fairly complex installation routines. Many of them will require consulting contracts to get setup properly. Of the product we tested, Comodo, Outlier and CrowdStrike stood out as the easiest to set up.
Pricing on endpoint security products is all over the map: most vendors charge between $15 to more than $50 per year per protected endpoint device or user, with some charging a fixed price per appliance.
Prices quoted are really more starting points than a hard-and-fast list price: especially as the number of endpoints rises, these are more an upper bound than anything else as volume discounts are liberally available.
5. Real-time or not
Some products, such as Guidance Software and Outlier Security, aren’t designed for real-time or even near real-time analysis and are best used on longer time horizons to examine larger trends. Depending on the complexity of your network and the nature of your business, this may be important in your purchase decision.
6. Better remediation through remote endpoint control.
One feature finding its way into more products is the ability to disconnect an endpoint from the general network and have it only communicate back to the EDR server for eradication and remediation. Many of the products we tested, including Sentinel and CrowdStrike, offer this feature.
This story, "How to buy endpoint security products " was originally published by Network World.