Solution Architect / Presales Engineer at a comms service provider with 1,001-5,000 employees
24 September 19
I use the public cloud deployment model. I have installed the license, the software, on my VM and it is being managed by Cisco Cloud. My primary use case for this solution is to test it against malicious links and for encryption and decryption.
We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process.
Do you have any advice for your peers about the best way to conduct a trial/POC?
How do you conduct a trial effectively? Are there any mistakes to avoid?
You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include:
* antivirus updates via automation
* antivirus updates via cloud or on premise automation
* antivirus reporting to central on premise management server
* do you want to rely upon static signatures?
* do you want to find the zero days?
* what about polymorphic / variants of previously known malware?
* will your antivirus mechanism share with other machines / computer their discoveries?
* do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise?
* DLP -data loss protection
* DLP reporting to central management server
* DLP - how easily configurable?
* DLP -what type of additional work will this entail for analyses, etc
* Host Intrusion Prevention (HIP)
* HIP - will it report to a central management server?
* How will all the central management servers communicate with each other / other computers?
* Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment?
* Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?)
* has Gartner developed some frameworks that are used for testing endpoint solutions?
* has Gartner at least testing the solution you are looking at?
* potentially check firecompass.com for endpoint solution comparisons?
* does endpoint protection support all operating systems you are using?
* does endpoint protection interface with other security products on the endpoint?
* logging ... is it detailed enough?
* do you want to automatically quarantine computer if malware is found?
* go through vendors data sheet and ensure you check all capabilities and test them
* what things did the vendor promise? test those.
* talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc.
A couple of ideas - certainly not exhaustive.
Guide to Enterprise Telework, Remote Access, and Bring ...
NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya
Guide to storage encryption technologies for end user devices
Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone