Did you see the Palo Alto Networks announcement yesterday? If not, here’s my synopsis. PAN introduced a new endpoint security technology named “Traps” that is the ultimate result of the company’s acquisition of Cyvera this past March. In simple terms, Traps provides three core security functions:
- Advanced malware prevention. Traps is designed to deal with the most important attack vectors such as memory corruption, changes in registry settings, and malware persistency, with no prior knowledge about the malware itself.
- Endpoint forensics. Traps captures system level activities to help security analysts understand what changes, if any, were made to compromised systems.
- Integration of network and endpoint security. Traps ties into PAN Wildfire and NGFW. This integration provides more holistic protection and gives analysts a vantage point across network and endpoint activities. The integration also ties Traps into Palo Alto threat intelligence.
A few years ago, the endpoint security market was a cozy little oligopoly that was dominated by five vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro. Others like CA, Check Point, and even mighty Microsoft couldn’t crack the code and either exited the market or minimized their product development, marketing, and sales.
Fast forward to 2014 and things have changed. Network security vendors like Cisco (Sourcefire), FireEye, and PAN are jumping into the endpoint security pool. An army of others like Bit9, Bromium, Cylance, Digital Guardian (Verdasys), Guidance Software, IBM, Invincea, Malwarebytes, Raytheon, RSA, and Trimufant are all offering some type of endpoint security technology.
Why the change? For one thing, enterprises are being breached right and left and have no confidence in the efficacy of AV software alone. In fact, 62% of enterprise security professionals strongly agree or agree that AV software is ineffective at blocking all types of advanced malware. From a vendor perspective, there are dollars available for new endpoint security technologies. ESG research also indicates that 51% of enterprise organizations plan to add new layers of endpoint security technology as part of their cybersecurity strategy over the next 2 years (Source: ESG Research Report, Advanced Malware Detection and Protection Trends, September 2013).
PAN is not the only game in town but it may have a market advantage (along with its network security competitors): ESG research indicates that 61% of enterprise organizations are currently rolling out or planning a project to integrate network and endpoint security technologies (Source: ESG Research Report, Network Security Trends in the Era of Cloud and Mobile Computing, August 2014). Since network security captures the majority of security brain power and resources at most enterprises, PAN and others are well positioned to flank the AV crowd with a full frontal assault from the network to the endpoint.
Like other “Endpoint Nuevo” vendors, PAN will not suggest that customers rip-and-replace traditional AV and substitute Traps – at least not for the time being. My guess is that this nice guy strategy won’t last however. In the next 18 months, regulators will eschew AV requirements, replacing these with broader mandates for endpoint security. As this transition plays out, PAN and others will change their collective tune, suggest full replacements, and support this market strategy with security efficacy reports and ROI studies trumpeting AV replacement benefits.
The endpoint security market is changing before our eyes, which puts a $10 billion market in play. PAN’s announcement represents a bold, intelligent move by the company and a sign of things to come in the marketplace.