If I had to choose only one misconception that companies have about endpoint security tools, it is the hope that one solution will resolve most of their concerns. Unfortunately, the appropriate security will largely depend on the type of object you’re trying to protect. Therefore, you have to put in the time and effort to figure out the variety of protections you need and then come up with policies, procedures and technologies that are a good fit for each one of them.
Having said that, there are certain types of supporting protections that are always going to be appropriate and will help in your overall endpoint security program. For example, having up-to-date Anti-Virus (AV) modules on each and every single resource – whether it’s desktop, laptop, tablet, smartphone, etc. – is always going to be necessary. Similarly, Data Loss Prevention (DLP) services are an integral part of making sure you have a good sense of where your confidential information is, who is accessing it, and when it is accessed or moved.
If your endpoint system is hosting an important web application, then your security tools need to be focused on managing that application or host. Here are several questions you need to address:
1. Has content been changed without notice?
2. Are tools being run against the application to look for unnecessary risks or vulnerabilities?
3. Has the application been reviewed internally for architectural issues or deployment characteristics as well as externally to ensure there has been an independent assessment for potential exploits?
The bottom line is you need to identify the different types or classes of endpoint systems you have and then develop a strategy to deal with general security (such as AV and DLP) as well as endpoint specific vulnerabilities. As with almost any aspect of your environment you are trying to secure, the human factor is likely to be just as important as the technology.