Testing Endpoint Security Solutions as an MSSP

Credit: Getty Images

If you are an MSSP looking to select a new Endpoint Protection Platform (EPP) – or replace the one you’ve got – you’ll want to make sure to run an effective proof of concept (PoC). But what does that mean exactly? In this blog post, we’ll look at some of the key challenges and give our recommendations on how to solve them.

When it comes to EPPs, there are plenty of options available. That is both a blessing and a curse because the depth and breadth of features available can be downright mind-boggling. To sort through them all and make the best choice as an MSSP (and your clients), you’ll want to start the process of vendor evaluation a good year in advance of deploying a new or replacement solution. Ideally, this process includes speaking with industry analysts, colleagues, reviewing Voice of Customer websites (such as Gartner Peer Insights), creating and managing the RFP process and finally, running a PoC. While the RFP includes features you need for your organization, the PoC should validate them.

Your PoC should be customized to your MSSP environment, but there are several common areas of functionality you should look for: Prediction, Prevention, Detection & Containment and Response (Investigation, Orchestration Remediation). You are likely familiar with the key metrics correlated to the efficiency and effectiveness of security tools and your staffing; these include average time to detection, containment, remediation and resolution. If you find that the tool you are testing in your PoC is not reducing these numbers, it’s time to move on to another vendor.

Make sure your PoC reflects the users/departments and devices that are within your clients’ organizations to achieve broad coverage and that it is run for the right amount of time – too short and you won’t know where the shortcomings are; too long and you’ll exhaust everyone.

Some Recommendations:

  • Don’t believe the marketing hype or take vendor claims at face value – assess for yourself whether the solution delivers what it promises and meets your needs.
  • Taking a checklist approach might not be the best way to go. Even though vendors might say they have the features you need, they will likely vary by degrees of utility, effectiveness, and accuracy. You need to understand exactly how much each feature delivers what it promises.
  • Work with the tested platform like it was your own - implement your best practices, integrate it with current 3rd parties, and go deep and wide when testing it out. Ensure that the user experience works for your needs. Will using this product change your workflows or staffing requirements? You won’t know until you’ve done a proper test drive.
  • Results from third-party testing (NSS Labs, AV-TEST, for example) are helpful in determining which candidate(s) to bring in for a PoC, but you should verify those results within your own environment.
  • Make sure it offers multi-tenancy capabilities. As we mentioned in our last blog post, multi-tenancy management is a critical capability/function for MSSPs because it enables them to manage multiple environments for multiple clients (many of whom are SMBs) from a single pane of glass. Moreover, multi-tenancy allows for easier and more efficient management of clients’ environments -- less time spent tracking down issues means less overhead, which results in increased efficiencies, lower costs and higher margins.

Key Questions to Ask:

At the end of the day, you need to assess whether the level of effort, product fit and impact on processes are worth the potential benefits of deploying a new or replacement solution. For example:

  • Is it easy to use? What is the user experience like? How are your workflows affected?
  • Does the platform integrate well with other tools? What is its level of interoperability compared to current or competing solutions?
  • What is the vendor’s customer service like?
  • How easy is the platform to deploy?
  • What is the OS coverage? Does it meet the needs of your organization?
  • Is the agent lightweight and will serve it all your organization devices, old and new?
  • Does the solution proactively mitigate risk across applications and IoT devices?
  • Can it block known and unknown threats?
  • Does it automate orchestrated incident response to minimize the burden on your staff?
  • How have your key security metrics improved (or not) during the PoC? Have you run through various attack scenarios and seen a baseline improvement?

Of course, there are much more in-depth questions to ask about specific functionality, but this list gives you a broad picture of what to look for.

How enSilo Can Help

enSilo’s automated, real-time approach to endpoint security drastically reduces dwell time down to nothing. For example:

Industry Avg.   enSilo
 Mean Time to Identify 197 Days Instantaneous
 Mean Time to Contain 69 Days Instantaneous
 Mean Time to Respond 6 Days Instantaneous

enSilo features:

  • Vulnerability management and proactive risk mitigation policies for any communicating device or application
  • The only kernel-level next-gen AV enriched with machine learning to prevent threats
  • Real-time post-infection blocking of data exfiltration and tampering
  • The first to eliminate dwell time and unify threat hunting, forensics, incident response and classification as well as virtual patch capabilities to preserve business continuity
  • All while capping OPEX for an affordable, predictable investment.

But don’t take our word for it -- see for yourself with a demo and your own PoC.

“The enSilo EndPoint Security product is extremely easy to install and manage. It provides an easy to use interface providing excellent insight into potential security events within the Organization. Customer Support is one of the best I've experienced with a Cyber Security product. Representatives know their software and its capability, and are quick to provide answers or a detailed analysis upon request. We have deployed the product across both Servers and Workstations with relative ease and it was basically a non-event to the end user. It's amazing how intuitive the interface is, so in our case we were up and running in a short amount of time. Thanks enSilo, great job!" – CISO, Finance, $3B-$10B organization, Gartner Peer Insights. Read more reviews here.

If you’d like to learn more about how to select the right endpoint protection platform by running an effective proof of concept, please download this complimentary Gartner Report now.

Request a demo to find out how enSilo can reduce the attack surface with proactive risk mitigation, protect endpoints pre- and post-infection, stop data breaches in real time and automatically orchestrate incident investigation and response.

Noam Harel is VP Marketing of enSilo, an Endpoint Security Platform provider. Read more enSilo blogs here.