CHAPTER 3

Choosing the Right Protection

So, how do you find the right defender for your fortress? Different layers of your organization require different types of protection. At the device level, the most effective endpoint security solutions do not compromise security for the sake of performance—instead, they enable employees do their jobs better while being fully protected.

With extended firewall technology and cloud detection, effective solutions improve network-level detection of known vulnerabilities in widely used protocols, such as SMB, RPC and RDP, creating another layer of protection against spreading malware, network conducted attacks and exploitation of vulnerabilities for which a patch has not yet been released or deployed.

The right endpoint security solution will free up IT to focus on other projects.

It will do this by being easy to manage, proactively eliminating threats without needing action on the IT team’s part, and minimizing false positives. False positives not only eat up IT staff time, but also may reduce the effectiveness of true positive detection.

Your solution should look into the local cache to check for known malicious or benign objects when inspecting a file or a URL even before any scanning takes place, and it should go deeper to examine the DNA of potential threats and extract the behavioral “genes” responsible for the code’s actions. These behavioral genes alone contain more information than IOCs collect.

In today’s business environments, any truly effective endpoint security solution will guard not just your physical devices and your network, but your virtual environment, as well. And it should include cloud protection that provides blacklisting not by exact addresses, but by using “fuzzy hashing.” Fuzzy hashing takes into consideration the binary similarity of objects, which is important because similar objects have the same or a similar hash.

Because malware authors are so skilled in hiding their viruses, an effective endpoint security solution needs to incorporate technology that confronts the heavy use of obfuscation and encryption. It should include botnet protection that identifies exactly which process or module is responsible for malicious communication, allows action to be taken against that process or module, and even allows the communication’s encryption to be bypassed. As you can see, there’s nothing “simple” about an effective endpoint security solution. The key is that for IT and end users, such a complex, evolved and evolving solution should appear simple and unobtrusive while providing a bulkhead against cyber attacks.

A guide:
What to ask your anti-virus vendor when exploring a solution

1.

Do you have a 360-degree approach to security?

Such an approach takes into account the variety of vulnerabilities inherent in today’s software, applications and add-ons and seals all points of entry against malware.

2.

Do you use human experts to choose discriminator features for classification and to verify the inputs used for learning?

Machine learning cannot distinguish new versions of clean software from malformed versions, can’t distinguish an updater linked to a clean app from a downloader used by malware, and can’t recognize when clean software components are used for malicious purposes. Experienced humans can sort out these tricks and provide a solid backbone to an anti-virus solution.

3.

Do you have responsive customer support?

When a virus or other problem is detected, you don’t have time to wait in line or for the vendor to get back to you. Getting help now is imperative.

4.

How rapidly and frequently are your virus definitions updated?

Malware creators don’t give up when an endpoint solution blocks their access. Instead, they create workarounds. It’s a game of chess, and if your solution doesn’t update virus definitions often, then you’re effectively giving the malware creator free moves to put your system in checkmate.

5.

Do you have a small footprint that doesn’t slow down the system?

Your endpoint solution should increase productivity among your users. If it has a large footprint, the solution will bog down your system, slowing it and your end users down—and causing frustration by workers who want to get the job done.

6.

Do you have multi-user licenses?

It’s more affordable and efficient to buy multiple-user licenses of a single solution rather than multiple copies of that solution. Efficiency within the solution means more time for IT staff to focus on other projects.

In addition, following are some questions to ask yourself when deciding on which anti-virus platform to buy for your business:

Do you need a complete security suite, or just anti-virus software?
It’s important to buy enough protection.
Does the anti-virus solution protect a hybrid IT environment?
In today’s business environments, a solution that protects in-house devices, remote devices and cloud-based services is almost always essential.
Can you download a trial version to test on your specific environment?
A chance to test the solution in your unique environment will tell you if you’ve selected the right solution.
What changes will you have to make to your business’s security policies to ensure the anti-virus solution is effective?
Evolving solutions are great; but you don’t want a solution that will require a major overhaul just to be effective.
Does the application offer a layered approach to endpoint protection?
A layered approach will ensure all points of vulnerability are covered.
What is the overall footprint of the application?
The smaller the footprint, the less intrusive the solution will be on workers’ daily operations.
ESET Solutions Back