E-Book

February 2016

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

WHAT TO LOOK FOR IN

ENDPOINT MANAGEMENT TOOLS
Choosing the right endpoint management and protection tool can be a daunting task,
but keeping the features you need in mind can help narrow the field. BY ED TITTEL

D The Consoles
the Thing

D Trending Functions
in Endpoint
Management

D Who Leads
the Endpoint
Management
Pack?
D Whats Really
Important in
Endpoint
Management?

D Key Endpoint
Management
Features

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

to
picking endpoint
detection, protection and management tools, you have
a lot of options, but comparing them can be difficult. Endpoint management utilities dont line up neatly against one
another, so you probably wont be able to do an apples-toapples comparison.
Instead, you must identify key features and functions,
and approach vendor claims with a healthy amount of skepticism. You must turn those claims into useful information
and consider ease of deployment and use.
The endpoint management market has somewhat fuzzy
boundaries, so the tools often come with features and
functions similar to security management products. Such
features include asset and software license detection, inventory, and management components. These functions
HEN IT COMES

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

2 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S

also deal with matters of governance, policy and control

that have legal and financial implications.

THE CONSOLES THE THING

The central and unifying factor of all endpoint management
tools is the console. Its usually some kind of Web-based
interface that acts like a high-level dashboard. Most companies share similar concerns and desires for informative and
easy-to-interpret displays, but no two companies are exactly alike. As a result, nearly all descriptions of what should
appear on a console differ from one business to the next.
This is also true from one branch or department to the next
in companies large enough to span multiple constituencies,
industries or customer bases.
Flexibility and customizability within consoles are key
attributes. When youre evaluating endpoint tools its essential to dig in and understand how you can configure each

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

ones console to display key metrics, alarms and alerts. Its

also important to know how that information may appear
on a dashboard; it should be properly labeled and easy to
understand.
Likewise, the data that appears as you drill drown into
dashboard elements is of utmost importance. Effective endpoint management involves filtering out some raw informationthe stuff that you can safely ignorewhile prioritizing

Endpoint management vendors

tout the things their products
or services can do well, and avoid
highlighting weaknesses.
and focusing on the information you need. Data filtering
mechanisms, selection rules and policies establishing event
and value priorities all control what makes its way onto a
dashboards uppermost drill-down displays. The finer details are there for administrators who need them, but those
people arent usually the same ones forced to keep their fingers on the pulse and posture of endpoint security.
Endpoint management vendors tout the things their
products or services can do well, and avoid highlighting
weaknesses. As youre evaluating and selecting endpoint
management tools, its up to you to short-list or pilot-test
products that will meet your requirements. This will give

3 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S

you a clear sense of what kinds of information about endpoints you and other admins will need to see. Then you can
make sure candidate tools consoles meet at least the minimum requirements for data handling, layout and display
capabilities.

VENDORS LEADING THE ENDPOINT

MANAGEMENT PACK
Gartners technology researchspecifically the Magic
Quadrant for the Endpoint Protection marketcan inform
administrators, giving them a better idea of which products
to consider. The Magic Quadrant ranks vendor tools in a
specific market.
These endpoint protection and management vendors are
worth further consideration:
n Intel Security/McAfee Endpoint Protection
n Symantec Endpoint Protection
n Kaspersky Endpoint Security for Business
n Trend Micro Smart Protection for Endpoints
n Panda Security Adaptive Defense 360
n IBM Endpoint Manager
n Webroot SecureAnywhere Business Endpoint

Protection
n Landesk Security Suite
n Microsoft System Center Endpoint Protection

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

KEY ENDPOINT MANAGEMENT FEATURES

Though the individual features and functions available
from various endpoint protection and management tools
vary somewhat from one vendor to another, a basic subset
of features is critical. As such, its reasonable to expect any
vendor to deliver these (in addition to the console) at the
core of whatever else they offer:
Anti-malware protection: All endpoint protection
and management products include at least signaturebased anti-virus detection, anti-phishing capabilities, and
URL screening or blocking (sometimes called content
filtering).
n

users; McAfee, Kaspersky and Symantec all collect data

from 400 million users or more.
n Mobile device management: Endpoints include mobile
devices such as smartphones and non-Windows tablets.
Googles Android and Apples iOS are the leading mobile
operating systems in use. Modern endpoint protection systems embrace mobile devices running these OSes, as well
as other less popular ones (such as Windows Mobile, Blackberry and Symbian).
n Virtual machines support: Modern endpoint protection
tools invariably include per-VM capabilities in addition to
host OSes.

Policy-based endpoint management: This covers a

range of possible applications for security policies based

on role, device or user account, and may apply to device
capabilities (such as enabling and disabling ports), data
protection, access controls, security state assessment,
network gatekeeping and quarantine, application controls,
and more.

cryption is more common than not in endpoint protection

offerings. But an increasing number of endpoint protection
tools offer file and storage device (drive-level) encryption
as well.
n

Threat intelligence: All vendors in the endpoint protec-

tion game offer some form of threat intelligence, either

from third-party providers, or a combination of third-party
feeds with input from their own substantial user populations. Those user populations can be as large as half a billion

4 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S

File protection and encryption: For data in motion, en-

Patch, configuration and vulnerability management:

Threats and vulnerabilities go hand-in-hand, so most

endpoint protection tools also include various means for
remediating vulnerabilities which includes patch or
update management. An increasing number of vendors
also offer security configuration management, which

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

relies on regular snapshots of baseline configurations

to establish known, secure configurations that you can
use to scrutinize configuration changes for evidence of
possible attack or compromise. Vulnerability management
helps organizations prioritize vulnerabilities via
risk assessment.
n Asset management: This is also known as device and
software inventory and management. Endpoint protection
and management tools must detect devices as they appear
on organizational networks and catalog their security state
and contents. This not only supports patch, configuration
and vulnerability management, but it also providers fodder for software policy assessment and enforcement, and
it helps acquire and maintain information about software
licenses that are available or in active use.

TRENDING FUNCTIONS
IN ENDPOINT MANAGEMENT
There are numerous features now showing up in endpoint protection and management systems that are a little
closer to the bleeding edge of technology; theyre not as
widely supported in leading tools. At least some of these will
become more widespread over the next two to three years,
and thus subject to migrating into the core functionality
list:

5 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S

Advanced security policies: in addition to policy controls, more tools are including geo-fencing and location
aware policies, especially as they relate to data access both
inside and outside corporate firewalls.
n

Endpoint detection and response: EDR is a complex

collection of capabilities that usually incorporates patch,

configuration and vulnerability management with workflow and tracking to detect, identify, prioritize and remediate security incidents or events in need of response.
Automation plays a key role in EDR because zero-day
threats often require immediate reaction, something best
achieved through programmatic execution of proper remediation tools and techniques.
Suspect file analysis: When you can correlate access to
malware, malicious payloads or information with unwanted
security configuration changes, those items demand inspection, analysis, and sometimes remediation. Such
automated acquisition and handling is becoming increasingly common, especially in tools with EDR components or
capabilities.

Sandboxing: Some endpoint protection systems in-

clude automated runtime isolation techniques for unknown or suspect files and executables to prevent attack or
compromise.

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

Security context/reputation management: Through a

variety of techniques, also often related to EDR, endpoint
protection systems can establish security state profiles to
put potential threats or configuration changes into a larger
security context. This helps guide risk assessment and response prioritization.
n

Advanced system rollback/clean-up: Some systems

track damaged or infected files and can replace them with
clean versions from a security file repository. Other systems
take regular endpoint snapshots and can use them selectively (file-by-file) or completely (rollback) to repair damaged or compromised systems. Microsoft, for example, does
this in System Center from a trusted cloud file repository.
Landesk offers a re-imaging capability to correct malware
infections.
n

Hypervisor neutral scanning: With increasing use of

virtualization, endpoint protection and management must

support various stacks, containers and hypervisors.
n

Inventory attestation service: An elaboration on soft-

ware inventory/asset management, this service provides

information about the provenance and reputation for all
executed files, suspect or otherwise.
These added wrinkles and capabilities are just the tip of

6 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S

an iceberg that reflects the evolving threat landscape, as

well as the need for improved automation and extension
of endpoint security monitoring, management and

Ultimately what matters first and

foremost in endpoint protection and
management is providing end users
with access to the data, applications
and services they need.
response. This is an area that promises to keep extending
and elaborating to keep up with evolving threats, ongoing
vulnerabilities, and the relentless development of new
technologies.

WHATS REALLY IMPORTANT

IN ENDPOINT MANAGEMENT?
Ultimately what matters first and foremost in endpoint
protection and management is providing end users with
access to the data, applications and services they need (and
are authorized to access or use). Organizations that have to
provide such access must always balance managing risk and
limiting liability or exposure against unnecessary or unfriendly limitations to productivity and convenience. This
is the fundamental conundrum inherent to information

THE EVOLUTION OF ENDPOINT MANAGEMENT AND TOOLS

Home

The Consoles
the Thing

Who Leads
the Endpoint
Management
Pack?

Key Endpoint
Management
Features

Trending Functions
in Endpoint
Management

Whats Really
Important in
Endpoint
Management?

security in all of its many forms and manifestations.

The human aspect of security management should never
be underestimated or ignored, either. The best and most capable technology still needs to be buttressed and supported
with careful and regular user security awareness training,
whenever you onboard new users, and at regular intervals
thereafter. Users who understand the security implications
of what theyre trying to use endpoints for, and under what
circumstances, are far less likely to tax the capabilities and
boundaries of any endpoint management system. n
ED TITTLE is a 30-plus year IT veteran who has worked as a developer,
networking consultant, technical trainer, writer and expert witness.
Perhaps best known for creating the Exam Cram series, Tittel has
contributed to more than 100 books on many computing topics,
including titles on information security, Windows OSes and HTML.
He also blogs regularly for TechTarget, Toms IT Pro, GoCertify and
PearsonITCertification.com.

What to Look for in Endpoint Management Tools

is a SearchEnterpriseDesktop.com e-publication.
Colin Steele | Associate Editorial Director
Margaret Jones | Site Editor
Linda Koury | Director of Online Design
Josh Garland | Publisher

jgarland@techtarget.com

TechTarget, 275 Grove Street, Newton, MA 02466

www.techtarget.com
2016 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher. TechTarget reprints are available through The YGS Group.

STAY CONNECTED!
Follow @EntDesktopTT today.

About TechTarget: TechTarget publishes media for information technology

professionals. More than 100 focused websites enable quick access to a deep
store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice. At IT Knowledge Exchange, our social
community, you can get advice and share solutions with peers and experts.
COVER IMAGE: KCHUNGTW/ISTOCK

7 E-BOOK:

W H AT T O L O O K FO R I N E N D P O I N T M A N A G E M E N T T O O L S