Endpoint Protection: HOW TO MEASURE THE EFFECTIVENESS?

 

Organizations should select security products that provide ­superior security­ value, not just in terms of monetary cost but also in terms of their security effectiveness. Security effectiveness is measured by the technology’s ability to deliver on these three core capabilities, at a minimum:

 

Performance of Intended Function:

Does the technology deliver on the security function that it is intended and expected to perform? 

There are two primary attack vectors used to compromise endpoints: malicious executables (malware) and vulnerability exploits. Effective endpoint security technology or products must prevent malware and exploits from compromising endpoints and servers. They must also prevent known and unknown variants of each malware and exploit.

Inherent Persistence:

Does it prevent attackers and users from bypassing its security functions?

 No endpoint security tool or technology, or any security tool or technology, is built with the intent of being easily bypassed. If an attacker and/or end users are able to circumvent the technology’s intended function, then the solution is not serving its ultimate purpose. An effective­ endpoint security platform should not enable attackers to bypass the security­ function, as well as cause performance issues that would result in users disabling components. 

Flexibility:

Does it evolve to accommodate and protect new applications, systems and platforms?

The frequency of cyberattacks several decades ago was low, as was the sophistication of the malware and attack methods. Endpoint security tools were designed to pre-vent ­viruses from infecting a system. However, today’s threat landscape is radically ­different and has relegated endpoint security tools, like antivirus, to reactive detection and ­response tools. Security products need to adopt a proactive approach in order to ­adequately secure the endpoint. There needs to be a focus on prevention in order to reduce the frequency and impact of cyber breaches.

 Organizations should select security products that deliver meaningful security value as measured by the effectiveness of the products’ ability to meet the three above requirements.
 

Ignite 2017 Vancouver