What's the best way to trial endpoint protection solutions?

We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process. 

Do you have any advice for the community about the best way to conduct a trial or POC? How do you conduct a trial effectively? 

Are there any mistakes to avoid?

1212 Answers

author avatar
Real User

Consult with several VARs with any product being looked at. If possible work directly with the vendor of the product to avoid the VAR pressing you in any one direction. The product vendor can then point you to the proper/ best fit VAR offering the best price for the product as this will vary based on VAR choice.
Provide the VAR with a list of what things you need and then things you might want in a product.
Have a set of hardware and users that will be the test group for your product(s) being tested then have a proper plan in place to document every step all the way through to end result for each and every product being tested.
Apples to apples as close as possible for all products to make a decision. It's not always about price either, expensive solutions hurt one time, cheap ones will hurt for a long long time.
Don't be afraid to contact the vendor either if you're not happy with a price or a VARs service... that vendor will or should always be happy to accommodate your request as a customer/ possible lead to become one.
All other suggestions above here are all valid as well.

author avatar

Some suggestions:

1. Some products you can test for a restricted period with a trial license.
2. It is possible to test in a virtualized environment (VMware, VirtualBox)
3. Today I have tested myself a new version on a new server (nb: not live).
4. I made a mistake to install SQLEXPRESS 14 on a 2016 domain controller.
5. After trial and error, I solved it with an extra instance on a SQL Server 2017.
6. Kaspersky Support was very fast and helpful with clear tips and tricks.

author avatar

You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include:

* antivirus
* antivirus updates via automation
* antivirus updates via cloud or on premise automation
* antivirus reporting to central on premise management server
* do you want to rely upon static signatures?
* do you want to find the zero days?
* what about polymorphic / variants of previously known malware?
* will your antivirus mechanism share with other machines / computer their discoveries?
* do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise?
* DLP -data loss protection
* DLP reporting to central management server
* DLP - how easily configurable?
* DLP -what type of additional work will this entail for analyses, etc
* Host Intrusion Prevention (HIP)
* HIP - will it report to a central management server?
* How will all the central management servers communicate with each other / other computers?
* Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment?
* Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?)
* has Gartner developed some frameworks that are used for testing endpoint solutions?
* has Gartner at least testing the solution you are looking at?
* potentially check firecompass.com for endpoint solution comparisons?
* does endpoint protection support all operating systems you are using?
* does endpoint protection interface with other security products on the endpoint?
* logging ... is it detailed enough?
* do you want to automatically quarantine computer if malware is found?
* go through vendors data sheet and ensure you check all capabilities and test them
* what things did the vendor promise? test those.
* talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc.

A couple of ideas - certainly not exhaustive.


author avatar

Before you do end point evaluation, I think you should identify proper requirement and feathers that you required. Also you have to consider feature security implementation, if there, because sometimes we do focus only Antivirus and later may need some additional feathers such as DLP, Encryption, Web and App filtering.
1st step - Selected few antivirus Product and do feature comparison at technical point of view. And get an idea about the features currently available in market.
2nd step – Considering those features select which are more suitable for your environment, always need to consider the latest advance features rather than looking for a common traditional AV features.
3rd step- Select one or two best product that will suite for your environment and get proper evaluation licenses from expertise and do the evaluation.
Consider the
1. PC Performance
2. How easy to use
3. Product rating
4. Malware detection rates (NSS labs, IDC, Gartner and etc.)
5. Implementation Structure and architecture.
6. Protection for malware and non-malware attacks
Recommended products
Next Generation AV
• Carbon black
• CrowdStrike
Common AV solution
• MacAfee
• Kaspersky
• TrendMicro
• Symantec

author avatar

I always prefer giving trial on endpoint protection by seeking into the customer environment

Step 1: we must think of giving trail based on cloud solution or enterprise solution

Step 2: user-friendly products are some kind of idea for enterprise-level customers.

Step 3: installing the best product also explaining all the features of that product which we had installed.

Step 4: the product is which does all the task of the product console itself is the best.

Step 5: Deploying client from remote and updates from the console which make easy for the customer .

author avatar

Before you proceed with poc make sure you compare the features between the latest Endpoint and consult with the Experts and decide which one is suitable for your environment. Because right now End-points are having built with Advance features which may not be compatible and it may be not useful to your infrastructure.

There are different ways we can do the trail but the purpose have to be matched. The best way is to first plan the Process, Design a architecture and implement it in non-prod where you have Test environment either in On-premises or cloud. Make sure you deploy in the few targeted App servers
in order to learn the initial issues and to modify the firewall, Device and Application rules accordingly. Then it have to be deployed site wise, Region or country wise.

author avatar

avoid installing the console in AD Server. also if there is any ERP or Critical server avoid installing the console in those servers as well.
it is recommended to install the Av in the real enviroment rather than installing in the test bed.
so the customer will be able to identify the real-time issues etc..
note- should not install in all the endpoints.

author avatar

Do you have any advice for the community about the best way to conduct a trial or POC? How do you conduct a trial effectively?

We fully recommend test three aspects to conduit a PoC about endpoint protection:
1. Effective, the rate of malware detection
2. Use of resources (CPU, MEM, Bandwith)
3. Complexity

For the 1st point There are a lot of web pages who store malware for the test used it, even you should mutate the malware with VMProtect.
Select 100 samples mutated
Run the sample in every Endpoint protection you want to try, the observe: Effective, Resources, and complexity of the operation

Are there any mistakes to avoid?
Yes, always disconnect your PC or test PC from the Internet, Traditional AV use cloud lookup to improve their efficiency, without Internet you can test the real performance of the engine

author avatar

The expectations of the PoC according to the capabilities of the Dell Data Security solutions.
All sections marker with a should be completed by the customer before starting the PoC.
The contents and scope of this document will never be shared in any form (digital, in print, writing or any other form) without explicit written permission from the customer.
The Dell ESSE solution contains multiple modules that can be tested during the PoC.
Please select the modules to be evaluated during the PoC.
Explain the Key Advantages to customer about our product. A) Effectiveness B) Simplicity C) Performance.
It’s important to identify the improvements you seek for the business / organization as well as the top-level security and operational drivers.
Clearly explain to customer what are requirements to POC/Implementation of product. "Because first impression is the last impression".
Show the demo's /Testing once setup done. explain to the customer How we are strong compared with other product.
Create the checklist and share with customer.
Create the final documents POC and put all contact detail of customer and Dell team.

author avatar
Real User

Wait until next year and there will be less legacy endpoint protection solutions on the market. In spite you'll get next generation artificial intelligence endpoint protection solutions like palo alto/traps, sentinelone, sophos/interceptx, cylance, carbon black etc. And for POC, try ransomware attacks on them, click the links on the phishing mails and try running the malware programs.

author avatar
Top 10Real User

try to bluid a POC for diferent needs and usid depending on the client you are bringind the show, you can built a ransomeware POC ar a phishing scenario, some time i do 2 screens one with kali, revers tcp and othe station opening a word file with a script that gives conection to kali, so clients can see both sides, the attacker side and the client protected side, build your own scenarion and try yo make it in a way you fell more comfortable.

author avatar




Guide to Enterprise Telework, Remote Access, and Bring ...
NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya

Guide to storage encryption technologies for end user devices
Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone


Find out what your peers are saying about CrowdStrike, SentinelOne, Broadcom and others in Endpoint Protection (EPP) for Business. Updated: February 2021.
465,339 professionals have used our research since 2012.