CISOs know that effective cyber security involves several layers, one of which is endpoint security. While the topic has been of concern since the advent of laptops, as the number and types of endpoints increase, so does the need for endpoint security.
The scope of endpoint security mechanisms has also evolved over time. When laptops were synonymous with mobility, antivirus software was considered enough to protect them, but not for long, since antivirus protection doesn’t protect data when a laptop is stolen. When BYOD hit the scene, mobile device management (MDM) became essential. Now, with IoT and IIoT added to the mix, there are many more attack vectors being used to launch malware campaigns or zero-day threats.
Anatomy of Modern Endpoint Security
Many vendors offer endpoint protection platforms (EPPs) that combine different kinds of functionality, including:
- A firewall
- Data, email and disk encryption (data at rest and in motion)
- Endpoint configuration and management (down to individual devices)
- Scanning incoming files for viruses and other malware (advanced antivirus)
- Endpoint threat protection
- Endpoint detection and response (EDR, which may be broken out separately)
- Threat forensics
- Data classification and loss prevention
- Insider threat protection
- Behavioral analysis
- Centralized administration
- Security policy enforcement
As the threat landscape has continued to get more complex, so have endpoint security products. One of the reasons vendors have taken a platform approach is so security organizations can have visibility across the different type of security tool types, unlike a collection of point solutions that weren’t designed to work together.
Another benefit of EPPs is their ability to support the different types of endpoints as opposed to just supporting PCs, mobile or IoT/IIoT, for example. That way, if a threat appears via one device, the platform aggregates the threat information so it applies to all endpoints, not just the type that was attacked.
Similarly, though EPPs are available as a cloud or on-premises solution, a cloud solution enables the most up-to-date threat information to be shared across all of a vendors’ customers. In fact, Gartner estimates that more than 95% of EPP purchases will be cloud-based by 2023.
In addition to offering security products, the vendors tend to offer services as well, such as an outsourced SOC and threat hunting.
Gartner said two things about EDR specifically in its latest Magic Quadrant report which is that 50% of organizations using EDR will used managed detection and response capabilities by 2025. Also by 2025, 60% of EDR solutions will include data from multiple security control sources including identity, CASB, and DLP.
Details That May Make a Vendor Less Attractive
Vendors and their platform offerings differ as a matter of strategy and execution. As always, technical and non-technical considerations can make a partner more or less attractive. Following are a few things to watch out for:
- The vendor’s strategy is weaker than competitors’ strategies.
- The platform’s features are not as comprehensive as other competitors’ products.
- The vendor’s SaaS offering is not competitive.
- The platform identifies too many false positives.
- The platform has been acquired by a large company and it no longer deals directly with some customers it historically sold to or supported directly.
- The vendor may rely on third parties for functionality that competitors provide directly.
- The vendor has chosen to offer the platform as a set of options that, taken together, cost more than competitors’ consolidated offering.
- The vendor is less responsive to customers and their requests.