member sign-in
Forgot password? Create new account Close

End-Point Security

Definition

End-point platform protection is a set of technologies based on the strategy in which security software is distributed to end-user devices, but centrally managed. End-points can include laptops, PCs, and specialized equipment such as inventory scanners and point-of-sale terminals. End-point security systems work on a client/server model. A server hosts the centralized security program, which verifies logins and sends updates and patches when needed. A client program is installed on or downloaded to every end-point, which, in this case, is every user device that connects to the corporate network.

Simple forms of end-point security include personal firewalls or anti-virus software that is distributed and then monitored and updated from the server. The term is evolving, however, to include security elements such as intrusion detection and prevention, anti-spyware software, and application control programs.

Consolidating multiple components into single expandable agents, have as result reducing the footprint of these agents. Also, vendors are continuously improving their products focusing on the increasing the scanning speed, and other features aimed to decrease the impact of scheduled scans.

User Benefits

Malware has dramatically changed over the past few years. Not just the techniques used, but also the volume. It’s typical for an anti-virus company to identify 1-2 million new malware samples per month and it gets worse: a large portion of malware today is hidden within legitimate looking software.

Anti-malware software's purpose is to prevent, detect, and remove malicious software (malware) with only one agent and using a centralized management console. Malware can include computer viruses, worms, adware, spyware, stealware, and trojan horses.

Business Impact

Consolidating end-point security efforts from one console and one vendor is helping an enterprise to acquire stronger protection at a lower cost. Integration with one management console means the enterprise can turn on protection fast, with a single agent deployed quickly and easily.

Manage all the protection from one centralized console generates saving money every day by saving time and also improves visibility and reporting capabilities.


Products supporting this technology

Malwarebytes McAfee Quarri

There are new strategies for the control of the enterprise desktop, and new strategies will transcend horizontally across security and operations. Centralized management and agent integration are defining what is important for enterprises looking for greater control over what has been a disparate set of desktop technologies.

Traditionally, desktop support has had to worry about 3 and in some cases more agents that require central administration and management – that is they are dynamic in nature and require consistent updates or periodic configuration changes. Centralized management, although important, has not driven the need for a single or reduced set of agents until recently. The last 2 years are important not only for the significant change in the threat landscape, and the increase in regulatory pressures. Enterprises have business requirement to deploy a minimum of 3 but usually more separate security and operations technologies, such as antivirus, anti-spyware, personal firewall, host-based intrusion prevention, NAC or policy enforcement, encryption (for laptops mostly), content monitoring and filtering (or DLP), vulnerability management, patch management), software distribution, configuration management, policy compliance, and others. This complex set of technologies and the big challenge is how to simplify.  Simplicity in this case means two major processes: eliminating all redundant elements and integrating disparate elements into a common work-flow or process. The answer is in centrally managed agents or a single agent that promise to address a broad-set of functions.

Stand-alone, signature-based, anti-virus is not anymore an option. The stand-alone anti-spyware market is over too. Signature based anti-virus isn’t protecting anyone anymore; it certainly wasn’t providing any protection against spyware or some of the nastier threats that have popped up recently but it didn’t stop blaster, or sasser, or slammer, it offers limited protection against bots and their ability to detect rootkits is nearly non-existent. It can’t constrain the end-points, it doesn’t allow port or protocol blocking, it doesn’t protect data from theft, it does almost nothing to improve the security of the systems it voraciously consumes the resources.  It has become a vector of attack and hackers have shown increasing cunning in using AV product flaws as a launching point for attack.

Another factor that must be managed for achieving security is the increased mobility of corporate professionals. Today, corporate end users work at home and on the road, which creates a demand for Internet and email access beyond the internal controlled environment. Moreover, in most of the cases they do not want to be bothered with managing the security of their PCs. Without proper measures in place, corporate networks are at risk when noncompliant or infected laptops or other devices try to gain access. A single noncompliant system on the network can have potentially disastrous consequences—business disruption, fines, and loss of customer confidence, to name a few.

It becomes clear that IT security teams need to find ways to protect all endpoints from the rapidly growing number of complex threats and exposures. In response to a pressing need, security vendors have flooded the market with a host of products and solutions that generally address only one aspect, or, at best, certain aspects of the security concerns that plague most companies. As a result, IT teams find themselves spending a great deal of time handling all non-integrated products. This involves learning different management tools, tracking and maintaining multiple update schedules, and reviewing isolated reports that show only a small slice of their organization’s security.

This lack of integration means increasing costs, decreasing visibility to what is really going on with the organization’s risk profile, and creates inefficiencies. Managing a collection of point products also requires additional administrative talent and training. It is easy to see how disparate point products can quickly escalate costs.

But what is more serious issue is the fact that the organizations can never feel completely confident that they have all of the bases covered on their endpoints. Reliance on too many management consoles constrains the organization’s ability to respond to threats and manage enterprise security efficiently. A company can potentially have one management console for virus protection, another to prevent spyware intrusion, another for establishing a protective firewall, and additional management consoles to protect enterprise resources. Without centralized control over internal security policies, violations cannot be detected and logged, so appropriate actions are almost impossible. And without centralized reporting, it becomes more difficult to quickly assess attacks, exploits, or outbreaks and apply remediation, so endpoints risk exposure for a longer period of time. Finally, without automated centralized reporting, compiling proof for a compliance audit becomes a monumental, resource-intensive nightmare consisting of long hours spent gathering data and poring over spreadsheets.

These days, regulations spawn new requirements and tighter controls every year. In this day of proliferating mandates and requirements, many of these regulations derive from common best practices or from one another. Despite this common heritage, separate regulations require separate audits, proofs, and documentation, even when they affect the same endpoints. Add to that mounting internal governance requirements, and IT has precious little bandwidth left for security. In addition to the heavy investment companies are required to put into implementing and enforcing controls to achieve compliance, organizations are also finding themselves dedicating a big amount of time and resources proving it at audit time.

Enterprises are under increasing pressure not only to be compliant, but also to be able to demonstrate it within the context of established compliance frameworks. For most organizations, audits require manual sharing of data between systems and organizations. One of the reasons companies resort to processes like filling out spreadsheets with manually gathered data is because enterprises tend to use multiple, disparate security technologies. Each set of controls has separate policy definition, implementation, and enforcement processes. It may take weeks to prepare for audits. In the meantime, with IT and security personnel buried in audit tasks, there may be serious lapses in enterprise security posture.

So what are the responses?  Anti-virus becomes part of a converged security client, offering multiple capabilities including anti-spyware, personal firewall, and intrusion prevention as the foundation.  From the beginning when end-point platform protection as concept was born and accepted in the market, all anti-virus vendors are combining more and more technologies onto the desktop, including data lost prevention, end-point policy enforcement, and patch and configuration management. All is bundle using some agent and single management console.

Enterprises will still need to invest in anti-virus, but more out of a sense of fear than because they believe it is offering value. Organizations with mature IS departments, have already realized that anti-virus is not enough and are looking to strategically address client security in a new world. It includes a signature component, like anti-virus, but it certainly include more components that working with anti-virus make the end-point security complete.

An enterprise looking for comprehensive solution should spend less, demand more. Consolidate spending on one client solutions that include all the end-point security and a single management console

A comprehensive, integrated approach to security helps an organization apply business discipline to proactively manage risk. This type of solution helps customers by presenting a pragmatic approach to managing security risks and compliance. It starts with discovering assets; evaluating and understanding risk; protecting endpoints, networks, and data from threats; enforcing policies; and, finally, remediating and reporting compliance.

A complete solution provides a complete process with a common architecture and management infrastructure. This approach integrates multiple threat prevention and compliance management tools to provide comprehensive solutions that work better, save time, and cost less. This strategy solves real security problems by integrating all the functionality - from threat protection to compliance - to provide knowledge-driven security that is automated and actionable, and which empowers organizations to be efficient and effective. A collaborative framework connect network and system security to save enterprises of all sizes money, improve protection, and provide a security and compliance solution that is greater than the sum of its parts.

The end-point protection platform provides broad protection without the complexity, expense, and headaches of multiple standalone endpoint products. It equips all systems deployed on the network with comprehensive threat protection and ensures enterprise-wide compliance with security policies and industry and government regulations This strategy eliminates the need to rely on unmanageable standalone products that do not offer sufficient coverage and cannot scale to support enterprise security and compliance goals.

  • manufacturer
  • License
  • Type