What to ask of a prospective endpoint security vendor

Finding the most effective cybersecurity solutions is a demanding process, especially regarding endpoint security solutions, where there are many comparable options. To help you along your search, we’ve developed this questionnaire to ensure you find an endpoint security product that meets your unique needs. Here’s what to ask of a prospective endpoint security vendor after you’ve developed your shortlist.

Questions to ask when evaluating potential endpoint security providers

Beyond the standard new product due diligence, there are three key areas to hone into when looking into a new endpoint security solution. Ask yourself and the potential vendor these questions to ensure your needs are met.

Initial needs and goals

These baselines help you align your scope with the vendor’s offering to determine whether it’s worth considering.

  • How many endpoints are in your fleet?
  • What goals will this endpoint security solution accomplish?
  • What risks will it help address?
  • How will this solution fit into the existing security stack?
  • Does the solution combine EDR and NGAV, or will they be separate tools?

Detection rules and response capabilities

Having established your baseline needs and goals, you can start digging into actual product performance and how it differentiates from others.

  • Does the vendor manage and tune the detection logic, or will I need to do it to fit my environment?
  • Does the vendor release new detection rules globally in real time, or on a routine cycle?
  • How long does it take for new detection rules to become active on the endpoint?
  • Can I create custom rules for my environment? Is there a limit on the number I can create?
  • How does the solution address growing threats like ransomware and in-memory attacks?
  • Can the solution block shellcode injections?
  • Will the solution terminate potentially infected applications completely? Or will it just end suspicious processes and leave the rest of the app operable?
  • What type of response actions are available once an alert is triggered? Can I isolate infected hosts and kill/suspend processes from my admin portal?

Interoperability and ease-of-use

An endpoint security solution may have all the bells and whistles in the world, but if it’s a pain to manage and use, then it can be more of a hindrance than a help. And, if it can’t work well with the rest of the security stack, then it will drag down your ability to drive more efficient and effective security decisions. These questions will help you determine if the tool will work seamlessly in your environment.

  • What other parts of the security stack does your solution integrate with?
  • Does the solution have detection rules and tuning logic specific to those integrations?
  • Is the endpoint security solution managed?
  • How long does it take for new, requested, or custom integrations to enter the product?
  • Does the solution have a cloud-based portal I can use to work from anywhere?
  • How do customers get support through implementation and beyond?
  • Does it support multi-tenancy?

Additional reading

Using these questions can help you vet your endpoint security options and find the ideal solution for your organization. If you would like to learn more, read our eBook, the Definitive Endpoint Security Buyers’ Guide.

Download your free copy here.

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.