Endpoint security products are generally purchased on a subscription basis, where you will receive a certain number of months update with your purchase. They are generally sold with a years worth of updates, and this would need to be renewed on a yearly basis. Its worth remembering that even if you buy a perpetual licence, you will still only have a limited period of updates for that product, and an endpoint solution that is out of date is as good as none at all.
Endpoint Security works by installing some form of client based software onto the endpoint that is centrally managed to be configured and updated for protection against the latest threats from the Internet such as Spyware, hackers and other malicious code. Endpoint security will also include some form of policy management; this is where the agent will be deployed to any computer connecting to the network and before the endpoint is given access to the network resources it must 'comply' with a predetermined set of rules defined by the network administrator. These rules can include but are not limited to up to date virus protection, up to date Windows security updates as well as defining certain software that is not allowed such as peer to peer, games or messaging software.
Many security vendors are now producing suites of security software rather than individual products. Whether purchasing a security suite or individual products the areas below are the technologies you should be trying to get as part of your endpoint solution.
Anti-Virus Protection
In the past anti-virus software has always been reactive, this means that a virus will be discovered by a security software vendor and they will create an update for their virus protection software, which the user can then download and update their virus protection with so that it can prevent that particular threat or remove it from the system if they have already been infected. As well as these updates vendors are increasingly using pro-active methods of protection; this is where the software will monitor for 'suspicious' files and programs, it does this by comparing their behaviour or characteristics with its database of malware to see if it can find similarities and block the file or program before it has chance to cause any damage.
Firewall
A firewall is a system that secures a network, shielding it from access by unauthorised users. Firewalls can be implemented in software, hardware or a combination of both. In addition to preventing unrestricted access into a network, a firewall can also restrict data from flowing out of a network.
Anti-Spyware/Adware Protection
Anti-Spyware will scan your computer for all known types of Spyware and Adware to remove them and will usually block them from being installed initially. Although commonly integrated into an Anti-Virus Solution it is a good idea to check. As with the Anti-virus software it will also get updates from the security vendor so that it has information about the latest threats.
Policy Enforcement
Policy enforcement maintains the integrity of endpoint PCs and the enterprise network as a whole. Administrators can enforce all critical areas of endpoint security, including network access privileges of all users, PCs, and applications.
E-Mail Scanning
E-mail scanning or filtering software holds a list of known 'Spam offenders', and will block them or filter them into a 'Junk' mail folder. As with the Anti-virus software it will also get updates from the security vendor so that it has information about the latest threats.
Anti-Virus Protection
Having an Anti-virus solution installed will decrease your chances of being infected as long as you keep it up to date.
Firewall
A good firewall will prevent 'Hackers' from accessing or trying to access your network. Hackers are individuals who exploit security holes in a network to gain access to a computer. Their intentions can vary from simple vandalism to theft of passwords, important files or financial data.
Anti-Spyware/Adware Protection
This type of software will help to ensure that your endpoint remains free of Spyware and Adware, these sorts of threats are usually designed to invade your computer's security and gather information for various purposes. At its worst, Spyware can collect personal information such as passwords or financial details stored on your PC and forward them to a third party. Adware tends to be less dangerous and usually involves automatically playing or displaying advertising material on your computer without your consent, often gathering information from sites you've previously visited to focus subject matter towards your interests.
Policy Enforcement
This precise level of control prevents an unsecured or compromised PC from serving as an entry point for a worm or hacker attack.
E-Mail Scanning
E-mail scanning will stop spam, which is unsolicited mail advertising products or services being sent to your e-mail account without your permission. Spam wastes people's time and eats up network bandwidth and is becoming increasingly utilised in 'blended threats'.
Combination of technologies
In the past viruses were written by programmers for 'fun' or 'pranks' or to cause some general chaos on a company network, and were rarely intentionally malicious. However today's threats are generally targeted at a specific user or group of users with a goal or purpose in mind. To do this cyber-criminals now use 'blended threats', a blended threat is a combination of one or more of the above threats, which are used together in order to perform a targeted attack, these are much more difficult for security software to identify and block. Through a combination of the above technologies you will be equipping your network to deal with these blended threats when they occur.
An investment in proactive endpoint security software, services, devices, and resources can be weighed against known costs. Known costs include productivity loss because of downtime, recovery costs because of the required clean up after an attack, and legal costs because of the failure to protect privacy and comply with regulatory requirements.