This content is part of the Essential Guide: Understanding endpoint security products, features and vendors

Essential Guide

Browse Sections
Manage Learn to apply best practices and optimize your operations.

Ten questions to ask endpoint security vendors

Evaluating endpoint security vendors and their products can be a challenging task. Expert Karen Scarfone outlines 10 must-ask questions to start your list. Plus, check out a list of comprehensive endpoint security vendors

Before investing in endpoint security software, your enterprise should be prepared to question multiple vendors...

about their products and technologies. But what questions should you ask?

Below is a starter list of 10 must-ask questions to help get you started with your enterprise's endpoint protection software evaluation:

  1. Which of the following features are built into your product? If any features are provided by a third party (for example, an antimalware vendor), indicate the vendor's identity and the typical delay from the release of a third-party update to its availability in your product.
    • Antimalware
    • Application whitelisting
    • Data loss prevention
    • Device control
    • Host-based firewall
    • Host-based intrusion detection/prevention system
    • Storage encryption
    • Vulnerability assessment
  1. What other features does your product provide that are not listed in question 1 (for example, website filtering)?
  2. Which of the following features provided by separate products can be managed from your product?
    • Antimalware
    • Application whitelisting
    • Data loss prevention
    • Device control
    • Host-based firewall
    • Host-based intrusion detection/prevention system
    • Storage encryption
    • Vulnerability assessment
  1. For all the features from questions 1, 2 and 3 that you support, do you have a single management console? If not, how many consoles are there and which features does each console support?
  2. Does your product support mobile devices (smartphones, tablets, etc.)? Does the mobile device support include built-in enterprise mobile device management (MDM) functionality and/or integration with third-party enterprise MDM products?
  3. For endpoints (including mobile devices, if supported), which operating systems and major operating system versions are supported? For each of these, what are the performance requirements (CPU, memory, storage)?
  4. Describe in terms of technical methods (signature-based, anomaly-based, behavior-based, policy-based, etc.) how your product detects malware threats, both known and unknown (e.g., zero-day threats).
  5. Which of the features from questions 1 and 2 need to be updated frequently to retain their effectiveness? An example is updating antimalware signatures to detect the latest malware threats. For each feature that needs updates, how frequently are updates made available? Are updates pushed or pulled to the endpoint? How often are updates acquired (weekly, daily, hourly, etc.)?
  6. Does your product work in a virtualized environment? If not, what functionality is lost or what operational problems exist as compared to non-virtualized environments?
  7. How scalable is your product? For example, if your product requires the use of management servers, how many clients can be supported by each management server?

Check out the winners of Information Security's Readers' Choice Awards

Best of endpoint security 2014

Best of endpoint security 2013

Best of endpoint security 2012

Vendors at a glance

This is a representative list of endpoint protection software vendors.

About the author:
Karen Scarfone is senior cybersecurity engineer at tapestry technologies Inc. and the principal consultant for Scarfone Cybersecurity in Clifton, Virginia. She provides cybersecurity publication consulting services, specializing in network and system security guidelines. Scarfone was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST), where she oversaw the development of system and network security publications for federal civilian agencies and the public.

Next Steps

Learn why it's time to shift our thinking about endpoint protection

Check out the essential elements of a NAC endpoint security strategy

This was last published in January 2015

Dig Deeper on Endpoint protection and client security