What's the best way to trial endpoint protection solutions?

Ensure you have a defined set of outcomes. Communicate these expectations to the VAR/Vendor to ensure they can address all criteria and review results. (Example; EPP should not utilize more than 2% CPU).

Things to think about when forming the outcomes: 

Why are we looking at this solution? 

What have they previously claimed in conversations? 

What impacts will it have on the production environment? 

How does this align with company goals? 

…

Many solutions can be turned into production once the POC/POV has concluded and licenses purchased. This may allow cost savings in professional services. A good discussion to have when deciding the scope of the POC/POV.

Mistakes:
1. Choosing only using a Gartner magic quadrant.
2. Don't consider cross-platforms,like Linux, variants and mobile.
3. Evaluate the cost of each modules and TCO.

Advices:
1. Test against pieces of real artifacts.
2. Consider geographic and political issues (including support/language).
3. Prefer virtualized (and controlled) installations/images/tests.
4. Evaluate exit/disruption capability with supplier.
5. Cross testing (scripts from supplier-A against supplier-B and vice-versa).

Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition. 

1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products being similar of course. That usually narrows it down to 2 or 3 tops for vendors to choose from. 

We then work with our VAR to help coordinate a POC for us from anywhere from 30-90days depending on the vendor/product. 

Our architect sets a requirements doc. for the POC to see how each vendor performs: stops virus, test remote healing, replication, client mgmt. features, failover testing when things go bad, etc... 

Once the requirements are completely charted either success or failure in the checklist we then review how those top 2 or 3 vendors performed and score them accordingly. If they do well and the price point is right we typically start working on an SOW and agreement with the vendor and get a quote to purchase from there. 

It normally works out ok. Sometimes products change over the course of time or support gets work, but this general method works for the US.

Well, these are pretty good points with a vast variety of options and hints.

Please think of creating success criteria out of these points and let the vendors agree to them. 

And if you have a lot of criteria you should sort them in A, B, C classification (from "must" to "nice-to-have"). 

You can use marks (or scores) to grain down and make different solutions more comparable.

Best Regards,
Norman

Hello, the best way to carry a proof-of-concept is to implement an environment as much as possible, at least a few users who are part of all kinds of company profiles, for example, financial, marketing, human resources, legal, technology, etc.; what are the expected features at the functional and response level of the Endpoint Protection Platform (EPP) solution.

Now, for the tests, you must also consider the technical aspects such as: Implementation, Performance, Response to conventional and advanced Threats, if you have Artificial Intelligence if you can add an Endpoint Detection and Response (EDR) solution. It is highly recommended that the tests performed on the new solution, also with the same laboratory will be tested on the current EPP solution, confirm that it is working as expected.

The most important thing of all comes, both technical and functional tests have already been done, the time has come to review costs. I think I intentionally left it last. The new EPP + EDR solution if meets everything expected, the cost should not be the first option to evaluate. It is important to have a new solution but that can integrate more security solutions such as identity management, devices and information, consolidate solutions.

Few points to add:

-Test the capability, effectiveness provided by the endpoint security solution compared to the one they are already running.
-The complexity of the migration.
-The implementation impact on the business.
-Efficacy of this solution in the long term.
-Local support and Vendor support.
-How easy to arrange the POC- without complicated formalities and commitment.
-Limitation of trial license. For e.g. Crowdstrike falcon POV is a full product - without any restrictions and user/usage limitations.
-How easy it is to navigate the required feature on a daily basis without external support.
-Flexibility from a channel partner and OEM

Before you do end point evaluation, I think you should identify proper requirement and feathers that you required. Also you have to consider feature security implementation, if there, because sometimes we do focus only Antivirus and later may need some additional feathers such as DLP, Encryption, Web and App filtering.
1st step - Selected few antivirus Product and do feature comparison at technical point of view. And get an idea about the features currently available in market.
2nd step – Considering those features select which are more suitable for your environment, always need to consider the latest advance features rather than looking for a common traditional AV features.
3rd step- Select one or two best product that will suite for your environment and get proper evaluation licenses from expertise and do the evaluation.
Consider the
1. PC Performance
2. How easy to use
3. Product rating
4. Malware detection rates (NSS labs, IDC, Gartner and etc.)
5. Implementation Structure and architecture.
6. Protection for malware and non-malware attacks
Recommended products
Next Generation AV
• Carbon black
• CrowdStrike
or
Common AV solution
• MacAfee
• ESET
• Kaspersky
• TrendMicro
• Symantec

Consult with several VARs with any product being looked at. If possible work directly with the vendor of the product to avoid the VAR pressing you in any one direction. The product vendor can then point you to the proper/ best fit VAR offering the best price for the product as this will vary based on VAR choice.
Provide the VAR with a list of what things you need and then things you might want in a product.
Have a set of hardware and users that will be the test group for your product(s) being tested then have a proper plan in place to document every step all the way through to end result for each and every product being tested.
Apples to apples as close as possible for all products to make a decision. It's not always about price either, expensive solutions hurt one time, cheap ones will hurt for a long long time.
Don't be afraid to contact the vendor either if you're not happy with a price or a VARs service... that vendor will or should always be happy to accommodate your request as a customer/ possible lead to become one.
All other suggestions above here are all valid as well.

Some suggestions:

1. Some products you can test for a restricted period with a trial license.
2. It is possible to test in a virtualized environment (VMware, VirtualBox)
3. Today I have tested myself a new version on a new server (nb: not live).
4. I made a mistake to install SQLEXPRESS 14 on a 2016 domain controller.
5. After trial and error, I solved it with an extra instance on a SQL Server 2017.
6. Kaspersky Support was very fast and helpful with clear tips and tricks.

You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include:

* antivirus
* antivirus updates via automation
* antivirus updates via cloud or on premise automation
* antivirus reporting to central on premise management server
* do you want to rely upon static signatures?
* do you want to find the zero days?
* what about polymorphic / variants of previously known malware?
* will your antivirus mechanism share with other machines / computer their discoveries?
* do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise?
* DLP -data loss protection
* DLP reporting to central management server
* DLP - how easily configurable?
* DLP -what type of additional work will this entail for analyses, etc
* Host Intrusion Prevention (HIP)
* HIP - will it report to a central management server?
* How will all the central management servers communicate with each other / other computers?
* Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment?
* Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?)
* has Gartner developed some frameworks that are used for testing endpoint solutions?
* has Gartner at least testing the solution you are looking at?
* potentially check firecompass.com for endpoint solution comparisons?
* does endpoint protection support all operating systems you are using?
* does endpoint protection interface with other security products on the endpoint?
* logging ... is it detailed enough?
* do you want to automatically quarantine computer if malware is found?
* go through vendors data sheet and ensure you check all capabilities and test them
* what things did the vendor promise? test those.
* talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc.

A couple of ideas - certainly not exhaustive.

___________________

I always prefer giving trial on endpoint protection by seeking into the customer environment

Step 1: we must think of giving trail based on cloud solution or enterprise solution

Step 2: user-friendly products are some kind of idea for enterprise-level customers.

Step 3: installing the best product also explaining all the features of that product which we had installed.

Step 4: the product is which does all the task of the product console itself is the best.

Step 5: Deploying client from remote and updates from the console which make easy for the customer .

Before you proceed with poc make sure you compare the features between the latest Endpoint and consult with the Experts and decide which one is suitable for your environment. Because right now End-points are having built with Advance features which may not be compatible and it may be not useful to your infrastructure.

There are different ways we can do the trail but the purpose have to be matched. The best way is to first plan the Process, Design a architecture and implement it in non-prod where you have Test environment either in On-premises or cloud. Make sure you deploy in the few targeted App servers
in order to learn the initial issues and to modify the firewall, Device and Application rules accordingly. Then it have to be deployed site wise, Region or country wise.

HI
avoid installing the console in AD Server. also if there is any ERP or Critical server avoid installing the console in those servers as well.
it is recommended to install the Av in the real enviroment rather than installing in the test bed.
so the customer will be able to identify the real-time issues etc..
note- should not install in all the endpoints.

Do you have any advice for the community about the best way to conduct a trial or POC? How do you conduct a trial effectively?

We fully recommend test three aspects to conduit a PoC about endpoint protection:
1. Effective, the rate of malware detection
2. Use of resources (CPU, MEM, Bandwith)
3. Complexity

For the 1st point There are a lot of web pages who store malware for the test used it, even you should mutate the malware with VMProtect.
Select 100 samples mutated
Run the sample in every Endpoint protection you want to try, the observe: Effective, Resources, and complexity of the operation

Are there any mistakes to avoid?
Yes, always disconnect your PC or test PC from the Internet, Traditional AV use cloud lookup to improve their efficiency, without Internet you can test the real performance of the engine

The expectations of the PoC according to the capabilities of the Dell Data Security solutions.
All sections marker with a should be completed by the customer before starting the PoC.
The contents and scope of this document will never be shared in any form (digital, in print, writing or any other form) without explicit written permission from the customer.
The Dell ESSE solution contains multiple modules that can be tested during the PoC.
Please select the modules to be evaluated during the PoC.
Explain the Key Advantages to customer about our product. A) Effectiveness B) Simplicity C) Performance.
It’s important to identify the improvements you seek for the business / organization as well as the top-level security and operational drivers.
Clearly explain to customer what are requirements to POC/Implementation of product. "Because first impression is the last impression".
Show the demo's /Testing once setup done. explain to the customer How we are strong compared with other product.
Create the checklist and share with customer.
Create the final documents POC and put all contact detail of customer and Dell team.

Wait until next year and there will be less legacy endpoint protection solutions on the market. In spite you'll get next generation artificial intelligence endpoint protection solutions like palo alto/traps, sentinelone, sophos/interceptx, cylance, carbon black etc. And for POC, try ransomware attacks on them, click the links on the phishing mails and try running the malware programs.

try to bluid a POC for diferent needs and usid depending on the client you are bringind the show, you can built a ransomeware POC ar a phishing scenario, some time i do 2 screens one with kali, revers tcp and othe station opening a word file with a script that gives conection to kali, so clients can see both sides, the attacker side and the client protected side, build your own scenarion and try yo make it in a way you fell more comfortable.

adding:

nvlpubs.nist.gov

nvlpubs.nist.gov

Guide to Enterprise Telework, Remote Access, and Bring ...
nvlpubs.nist.gov
NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya

Guide to storage encryption technologies for end user devices
nvlpubs.nist.gov
Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone

________________________________