Advantages and Disadvantages of Three Top Endpoint Security Vendors
By Tim Cullen, CISSP, F5-CTS and Jacob Hunt
Security Architects at ADAPTURE
Endpoint Protection (EPP) Security is a suite of software that is installed on laptops, desktops, and servers. The purpose is to prevent multiple types of malicious threats from infecting the local machine. These threats include malware, device exploits, live attacks, bots, and script-based attacks. The purpose of these threats is to steal data or remote device control for financial profit, or to otherwise harm systems, individuals, or organizations.
There are limitations with any endpoint protection solution, however, that can limit protection to only the client layer. There is also a need for security above the client layer, as endpoint protection products cannot intercept traffic. Vendors will often sell a multi-tiered solution that enables a network appliance to assist the endpoint protection client by intercepting traffic between the attacker and the infected client. Vendors will also sell solutions that monitor and intercept traffic on internal or external network segments to protect the enterprise from these threats.
A prime example of the limitations of endpoint protection software is infection via a phishing attack. A phishing attack could involve an individual unwittingly disclosing data to cybercriminals by doing something as simple as clicking a link or downloading a file. Another limitation is known as Lateral Movement. This happens when malicious software recruits other network resources within the organization and creates a network of interconnected infected devices, thereby giving the attacker multiple resources for a variety of nefarious activities. A complete solution from a security vendor would not only include provisions for identifying and blocking local phishing attacks and data exfiltration, but also prevent malware from executing lateral movement throughout the organization.
This is the approach we took when reviewing three Endpoint Protection software vendors: Cylance, Check Point, and FireEye.
Check Point
Advantages
|
Disadvantages
|
*The Total Secure license needs to be purchased for the combined anti-malware and encryption capabilities.
Cylance
Advantages
|
Disadvantages
|
FireEye
Advantages
|
Disadvantages
|
Honorable Mentions
F5 Websafe is a solution that protects the organization against web-based attacks. Websafe is agnostic to the client type, as it analyzes the client-to-server communication. This product is a gateway appliance that protects corporate resources from unauthorized access, web scraping, privileged escalations, and phishing redirects. This product is not an EPP solution but does provide EDR and DLP functionality.