17
June 2022
Choosing an endpoint security solution - keep focused!
Mark Warren
Products offer too many features - how to choose?
When I wrote about the difficulties of making decisions when buying IT solutions, I highlighted the risks of over-thinking requirements. The dreaded RFP that runs to dozens or hundreds of pages of detailed feature requests that prevents good decision-making.
Another issue that makes selection hard is almost the opposite: the over-featured product.
Can you have too much of a good thing?
Imagine you want to catch a bus to work. It must have wheels, seats, a driver, and brakes. But what if the bus also happened to have a hot tub, a full-service restaurant, and a mini-golf course? Individually, they are all pretty desirable. But they'll probably mean the bus ticket costs hundreds of times more than it should (and not to mention that it'll be too big for you to get to work!) That doesn't sound like a great solution to getting to work.
The same is true when buying software solutions to address a specific need. A good example is improving security on Windows workstations.
Finding the right solution for endpoint security
The words "endpoint management" cover a wide range of capabilities. For some, it will be about managing the hardware and firmware: what models of laptops do they have? What is the hardware spec? What versions of UEFI/BIOS? What firmware and device drivers?
Others may be more concerned about the security measures on the devices: power-on passwords, Bitkeeper encryption, etc.
For others, it will be about what version of Windows, patches and service packs have been applied? It may also include application software and updates.
Many endpoint management solutions try to cover all those bases (and more). They often duplicate capabilities already provided by other tools (e.g., SCCM or Intune for software distribution).
For many organisations, that breadth of coverage could hamper decision making. Do you look for a tool that performs most of the functions reasonably or prioritise just one or two critical features? You either end up with compromised capabilities (the tool isn't as good as you'd like in any specific area), or you're paying for more features than you actually need. We're back to the example of the over-featured bus.
The benefits of focus for endpoint security
There's no doubt that endpoints need multiple levels of security, and no one would argue against anti-virus tools being installed and kept up to date. But they aren't the complete solution to protecting against malware attacks.
One of the ways that attacks break through endpoints and escape into an organisation's network is by exploiting local admin rights on end-users' workstations. Those local admin rights are handy for the user. For example, they can install a new printer driver or update an application plug-in without calling the IT help desk. But, they can also be abused to install malware or configure the computer to make an attack easier.
It could be easy to remove those local admin rights or the shadow user account on the workstations with those elevated permissions. But that will frustrate end-users and increase the load on the help desk.
Is it possible to focus on local admin rights?
A solution is needed that removes the risky permissions and lets users be productive. That sounds like an impossible balancing act. There is an answer: Osirium Privileged Endpoint Management (PEM). PEM was built to focus specifically on this exact problem. As a result, it's not overloaded with extra features. It's really easy to deploy out to all the Windows workstations in the business (which is the vast majority, so there's little need for complicated options for, e.g., Linux), and it's easy to manage. You can see it in action here.
Osirium recently published an "Endpoint Privilege Management" Buyer's Guide that goes into endpoint security issues in more detail. It helps buyers identify their priorities and choose an endpoint management solution that focuses on the highest priorities. You can get your complimentary copy of the Endpoint Privilege Management Buyer's Guide here.
Of course, suppose your priorities are not on having the fastest or most streamlined solution. In that case, a big-brand "universal solution" might be the answer you're looking for. Just like the hot tub, restaurant, and golf might be highly desirable if I were taking that bus journey for a holiday rather than getting to work.
If you'd like to learn more about PEM, please get in touch.