The large anti-virus vendors are rapidly transforming themselves into what Gartner calls endpoint protection platform providers - companies that aim to offer a complete endpoint security solution that can be managed from a central point.
The traditional anti-virus suites are evolving to include functionality such as full-blown anti-malware protection (including anti-spyware and other specialised features), client firewalls, host intrusion prevention, encryption, reputational services, data leak prevention (DLP), and device control.
Over the past five years, the information security industry has seen a tide of merger and acquisition activity as vendors have tried to position themselves to offer holistic threat management solutions that can be managed centrally. Such solutions are meant to reduce the cost and complexity of endpoint information security.
The trend arose as a response to the upwardly spiralling complexity of the endpoint information security environment. Companies have to constantly add new security applications to cater for a host of specialised functions as new security threats have emerged. Today, most organisations manage a complex set of endpoint security solutions from myriad vendors.
Traditional anti-virus solutions are not enough any more because they cannot deal effectively with the dangers posed by targeted Web threats, polymorphic viruses, intentional or unintentional data leaks and zero day exploits. Companies need to complement their anti-malware solutions with functionality such as host-based intrusion prevention systems, personal firewalls, Web threat protection and data leak prevention. Many enterprises would prefer to manage it all with a single agent on the end-user device run from a single management console, which is driving interest in integrated suites.
Some parts of the integration puzzle are more complete than others. For example, most integrated suites have successfully blended spyware and virus threat databases and scan engines into a single signature-based anti-malware agent. Anti-malware solutions have become commodities.
Knock-on effect
Traditional anti-virus solutions are not enough any more because they cannot deal effectively with the dangers posed by targeted Web threats, polymorphic viruses, intentional or unintentional data leaks and zero day exploits.
Dean Healy is Trend Micro product manager at SecureData Security
Interest in standalone personal firewall functionality has decreased because many organisations regard the firewall capabilities of their integrated suites to be acceptable. On the other side of the coin, most vendors have yet to fully integrate all of their other endpoint security offerings such as encryption and DLP with their anti-malware solutions.
As attractive as integrated endpoint security suites are on paper, they also bring a new set of risks and challenges along with them. One problem lies in the fact that an integrated suite is a single point of failure built on one shared foundation - what affects one component could affect another or the entire platform could fall over if one component were to fail.
Also, it is unlikely that every component of an integrated suite will be as strong as the best-of-breed alternatives. Companies need to consider the strengths and weaknesses of an integrated suite and weigh up whether they are prepared to accept some compromises to simplify the management of endpoint security.
A comprehensive and integrated approach to information security management demands that companies put together well-defined information security policies, and then put processes in place to enforce and monitor these policies. Integrated security suites may help companies to achieve this end, but are not essential to it.
In essence, balancing security on endpoints needs to be done in order to ensure the business has its most optimum mix of security and usability. All-in-one does not mean one size fits all.
* Dean Healy is Trend Micro product manager at SecureData Security.
Share