Endpoint security tools: A buyer's guide
A collection of articles that takes you from defining technology needs to purchasing options
Threats to data privacy and security, and the risk of unauthorized access to proprietary or confidential information, are accelerating. Malware writers are becoming more sophisticated and better organized, and are often better funded today than they have been in the past.
Malware's reach is also increasing. It can affect desktop computers, servers, printers, network devices and a plethora of mobile devices, resulting in everything from minor operating annoyances to locked systems, stolen data and erasure of files. What's more distressing is that some forms of malware can sit silently within a system for weeks or months, and upon execution, self-replicate to many more connected computers and devices.
Other types of malware are written to change much more frequently -- sometimes as often as every few minutes -- as a means to avoid detection. And a computer or device can be infected with malware just by the user visiting a website, without ever clicking a single link.
The ever-growing danger and sophistication of the threat of malware makes the deployment of endpoint antimalware protection more important than ever.
Endpoint protection: Malware threat and infection statistics
The Microsoft Security Intelligence Report reported that the U.S. malware infection rate doubled between the fourth quarter of 2012 and the first quarter of 2013. The infection rate in late 2012 was 3.3 of every 1,000 computers scanned, which increased to 8.0 in early 2013. The worldwide infection rate in 2013 was 11.7 per 1,000 computers.
Zero-day exploits, phishing emails, and vulnerable applications like Web browsers, Adobe Flash Player and Oracle Java that can be exploited for remote code execution are recurring news items, as are serious breaches resulting in theft of confidential data. According to Symantec's Internet Security Threat Report for 2014, the total number of breaches in 2013 was 62% greater than in 2012.
Then there's Information Security Forum (ISF), an international nonprofit association with more than 320 member organizations that researches and reports on information security threats and documents best practices and effective solutions to lower risks for all organizations. ISF's top security threats for 2014 included bring your own device (BYOD), data privacy in the cloud, reputational damage, privacy and regulation, cybercrime, and the Internet of Things. BYOD and data privacy are of particular concern to organizations attempting to control the spread of malware.
Not only do criminals value the information that can be accessed on mobile devices, but information leaks also occur fairly often because of a lack of device security. And although the term data privacy in the cloud typically refers to the general state of cloud security, a relatively new trend called bring your own cloud (BYOC) poses serious threats to organizations as well.
With BYOC, employees can use free accounts on non-company-sanctioned cloud services, or shadow cloud, such as Box, OneDrive or Dropbox to save work files. What begins as a convenient way to store and access files turns into a serious data leakage risk. Once data is outside of the control of the IT department, it can more easily fall into the hands of unauthorized users.
Endpoint protection: The danger of mobile malware
Studies by Kindsight Security Labs, a division of Alcatel-Lucent, indicate that mobile malware attacks grew in complexity and maturity in 2013 and continued to do so into 2014, increasing 17% during the first six months of the year. The infection rate was about 0.65%, which means roughly 15 million devices were infected worldwide.
About 60% of devices containing malware run the Android operating system (OS), while less than 1% of infected devices are BlackBerry smartphones, iPhones, Windows Phones and Symbian phones. The remainder of mobile malware infections include Windows computers connected to a mobile network.
Much like malware on an ordinary PC, mobile malware watches the device user's activities (Web browsing and email), but can also monitor calls and text messages. A Trojan app, for example, can report phone activity and confidential data (account information, credit card numbers, etc.) to a third party, even using the phone's short message service (SMS) to relay information.
Malware affects a range of systems and devices and is a danger to organizations of any size, from small businesses to large enterprises.
Endpoint antimalware protection scenario No. 1: Small organizations
According to Gartner, a small business is one that has fewer than 100 employees and makes less than $50 million annually.
Owing to budget limitations, these organizations often do not have adequate IT staff and rely more heavily on other employees to help maintain security. Budget constraints might also prevent needed operating system upgrades. Shops that are still running Microsoft Windows XP, for example, are especially vulnerable to malware attacks because Microsoft stopped providing support and security updates for that version of Windows in April 2014.
The smallest of organizations may also have a more challenging time picking the best endpoint antimalware product, mainly because typical endpoint antimalware suites require a good deal of administrative maintenance and come with ongoing licensing costs. Even so, suites and/or licensing options are available that are designed for very small organizations.
Endpoint antimalware protection scenario No. 2: Medium-sized organizations
A medium-sized organization -- one with 100 to 999 employees and revenue of $50 million to $1 billion per year -- most likely has security staff that can minimize a host of vulnerabilities that small organizations can't. BYOD is still a considerable risk, however.
To stretch budgets further, more and more medium-sized organizations are encouraging employees to bring their own devices to work, resulting in the need for more rigorous network and antimalware protection. However, more resources doesn't always mean better security.
Malware is spread by means other than Internet-connected devices, such as USB flash drives and infected software on other types of media. Unfortunately, it's common for employees to experience security apathy, where they assume someone else is responsible for security and is taking care of it.
Endpoint antimalware protection scenario No. 3: Large organizations
Large organizations and enterprises have the biggest budgets and largest IT security staffs. But they also have thousands of computers and devices, any of which may present an attack surface.
Even the supply chain can present considerable risk to an organization. Today's large enterprises may have tens or hundreds of business partners that are connected to its networks, making the organization's data the partner's data as well. This is especially important for businesses that must be compliant with regulations and standards.
Ensuring the safety of very large IT environments, which are often spread over various geographic locations, can be incredibly challenging.
It's important to remember that no organization is immune from malware. Even those with strong perimeter defenses, such as well-tuned network firewalls and intrusion detection and prevention systems, are still vulnerable to infection. For example, an employee might click a link in an email that looks like it's from a trusted source or might open an email attachment and inadvertently install a keylogger program, Trojan or rootkit on his workstation, allowing an attacker access to that system and potentially the internal network.
Endpoint antimalware: Part of a global security strategy
Given the ease with which malware can infect computers and devices, endpoint antimalware is a must-have for small, medium-sized and large enterprises. But protecting against malware via antivirus and antispyware software should only be one part of a carefully formulated strategy.
Firewalls work to block malware from making its way onto a system in the first place, and data loss prevention components prevent certain types of information from being shared outside protected systems or networks. Meanwhile, reputation scanning is a key security feature that should be a part of any endpoint antimalware suite.
When you're evaluating endpoint antimalware products, part of the planning process involves rightsizing the product to fit your environment. That means comparing features of leading endpoint antimalware suites against your organization's needs and creating a short list of products, and then determining the best product or product suite based on cost, resource requirements, support options and other important factors.
Learn more about alternatives to antivirus and endpoint antimalware
Explore some of the emerging endpoint security technologies