In the past year we have seen dozens of endpoint security products come to market, trying to fill a niche that represents a very real threat to enterprise networks. But how do corporate IT managers evaluate these kinds of products? In this article, we'll provide a roadmap, some suggestions on price points, and ways to sift through all of the products. Here are the six questions to address before you purchase any endpoint solution.
6 Questions To Ask Before You Buy
1. What pieces should you implement now?
2. What security and network infrastructure do you have already?
3. What on your network are you really protecting?
4. Do you manage all of your desktops?
5. Do you have non-PC endpoints to manage?
6. Where will you create and enforce your security policies?
1) What pieces of the endpoint security picture are most important to implement now?
Endpoint security means a lot of different things to different people. For the purposes of our discussion, we outline the following five elements that any endpoint solution should contain. Your needs may differ, and you may want to implement one or two items now and plan for upgrading to the remaining elements down the road when you can get more of the project funded.
There are three overall architectural approaches that are being worked on currently: Microsoft's Network Access Protection (NAP), Cisco's Network Admission Control (NAC), and the Trusted Computing Group's Trusted Network Connect (TNC).
Cisco's NAC is the closest of the three to being actually implemented. It does so by controlling access to the network layer through implementing modules in its switches and routers for both Windows and Linux clients. You'll need to mix and match several vendors to cover the five elements mentioned above, because Cisco doesn't supply everything. Its architecture is strong on enforcement and detection and short on remediation.