Endpoint Protection

The market for endpoint protection has been rapidly evolving over the years and emerging from the traditional virus protection has come two new areas namely Data Loss Prevention (DLP) and Content Monitoring and Filtering (CMF). Both these areas have been adopted by Gartner to support their 2008 Magic Quadrant. It is clear that anti-virus and its associated companions of Spam protection, phishing prevention, etc is not enought to protect an endpoint. Large vendors try to spice up their ‘endpoint’ offerings with PC tune ups, backups, in order to maintain their price points or way to expand the footprint of software into the customer. A term suitably named as ‘bloating’ out the customer.

It seems that the fragmentation into nebulous components of offerings is required in order for software vendors to maximise their revenue opportunity and to expand their foot print within the customer to ward off competition. But how many of the multitude of products actually do what the customer needs which is a combination of many things in order to protect, manage, control, monitor, capture the vital information resident on or passing through the endpoint. I would argue that none of the current vendors who have based their current offerings on out-dated network security models provide what the customer really needs.

In reality, protecting data from entering or leaving an organisation begins and ends with the endpoint. It is here that thorough protection is required and where the battle is won or lost. Even if that endpoint is a laptop or a virtual desktop then the same logic applies. However, just protecting at the point won’t sell network scanning, database security and all the add-ons so frequently mentioned. In addition if the protection is managed at the endpoint then the need for heavy backend infrastructure is nullified.

Here is a list of functionality that true, customer-oriented endpoint protection and control should have as standard. Included should be the monitoring, control and prevention of any method of moving data off the corporate network via an endpoint such as USB sticks, CD/DVD writing, HTTP uploads, IM, email, etc. There should be targeted and configurable encryption. There should be sophisticated search facilities to look for any text, credit card numbers, whether embedded in files to multiple and compressed levels. It should have inventory collection, audit capability and collection. It should have executable protection for malicious code. It needs to have ICA filters, prevention of copying forbidden files onto the endpoint. I think you get the picture that endpoing protection is all of these in one package not broken out seperately - A customer does not know which of these he may need or not need but all of the above attributes are required for a complete endpoint protection capability.