Back in 2007, ESG asked 206 IT security professionals to respond to the following statement: “Desktop security has become a commodity market with little difference between products.” As expected, 58% of respondents either strongly agreed (17%) or agreed (41%) with this statement. In other words, it really didn’t matter whether you ran Internet security tools from Kaspersky, McAfee, Microsoft, Sophos, Symantec, or Trend Micro; all would be equally effective.

ESG hasn’t re-visited this question since, but many anecdotal conversations with IT security professionals lead me to believe that nothing has changed. If anything, more people believe that endpoint security tools are a commodity today than four years ago.

In my opinion, this perception is not only wrong, it could also be dangerous. Why? For one thing, threat vectors have changed. The main threat vector today is the web and the primary target is the browser. In addition, traditional antivirus signatures have been joined by other defense-in-depth safeguards, like behavior-based heuristics and cloud services, to protect endpoints. Finally, there are the endpoints themselves. In 2007, the term “endpoint” really meant a Windows PC. Now it could mean a Mac, iPad, or some type of mobile device like a Blackberry, Droid, or iPhone.

Given these changes, CISOs should really take a hard look at their endpoint security tools before signing off on a new subscription. During this assessment, examine endpoint security tools in terms of:

1. Security protection. This is far and away the most important thing you are buying, so prioritize the product’s efficacy over price, manageability, integration capabilities, etc. Endpoint security products should offer defense-in-depth capabilities for all types of threats. Progressive vendors are also using intelligence gathered from their install base and security intelligence to offer much more proactive protection. If your vendor is NOT doing this, there is a problem. Note that I’m somewhat surprised endpoint security vendors haven’t really bundled disk encryption with antivirus and firewalls, but that’s another story.
2. Integration. Endpoint security tools should easily interoperate with network security (i.e., NAC/NAP/identity-based networking, SIEM), and endpoint management tools (i.e., patch management, vulnerability management, asset/inventory management). Other endpoint tools like disk encryption, eRM, and DLP also should fit here. This will help you keep endpoint configurations up to date, monitor behavior, and enforce security policies.
3. Management. Endpoint security tools should have their own management consoles for command-and-control. And it may not be a requirement, but I believe that central management of all types of endpoint devices will become the default configuration over time.

The main point here is that far from commodity products, the endpoint security tools used could mean the difference between business-as-usual or a costly security breach. Choose wisely.

Related posts:

1. The Future of Endpoint Security
2. Endpoint Security: As Important in 2010 as Ever
3. Enterprises Want Broad Functionality for Mobile Device Security
4. The Security Industry Needs to do More Around Web Threats
5. Network Security Renaissance

Tags: Antivirus, Blackberry, Droid, endpoint security, ESG, Firewall, iPad, iPhone, Kaspersky, Mac, Macintosh, McAfee, Microsoft, mobile phone, PC security, Security. anti-spyware, Sophos, Symantec, Trend Micro, Windows