Endpoint Security Needs “Efficient Efficacy”

As we ease into 2018, endpoint security technology is in play. Next-generation players like Barkly, Cylance, and SentinelOne offer products based upon machine learning algorithms to block traditional and new types of threats. EDR experts like Carbon Black, CrowdStrike, and Cybereason monitor PC behavior looking for anomalous activity. Meanwhile, traditional vendors like McAfee, Sophos, Symantec, Trend Micro, and Webroot are buying companies and adding new functionality to their products to provide a one-stop endpoint security shop.

Topics: Cybersecurity endpoint security antivirus

Trend Micro’s Case as an Enterprise Security Vendor

ESG research points to a few growing trends in the enterprise security market:

Topics: Network Security Cybersecurity endpoint security trend micro antivirus SOAPA

Cybersecurity Technology: Everything is Transforming and in Play

As Bob Dylan sang, ‘the times they are a changing.’ This is certainly true when it comes to security technologies – just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:

  • Endpoint security is evolving from signature-based AV to next-generation endpoint security suites. ESG views endpoint security as a continuum with prevention on one side and detection/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles – Cylance jumped into threat prevention with solutions based upon artificial intelligence while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection/response with EDR tools. The most recent battle is for the whole enchilada – comprehensive endpoint security suites that span across ESG’s endpoint security continuum. While startups continue to act as new shiny objects, old guard players like McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention/detection/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings. 
Topics: Cybersecurity SIEM antivirus Firewall SOAPA

Endpoint Security in 2017


Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. 

Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.

Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. 

Topics: Network Security Cybersecurity endpoint security antivirus Anti-malware

Goodbye SIEM, Hello SOAPA

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. 

Topics: Network Security Cybersecurity endpoint security SIEM antivirus security analytics

Next-generation endpoint security market bifurcation

My colleagues Doug Cahill, Kyle Prigmore, and I just completed a research project on next-generation endpoint security (login required). But just what the heck is next-generation endpoint security? Cybersecurity professionals remain pretty confused around the answer to this question. For the purposes of its research project, ESG defined next-generation endpoint security as:

Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware.

Topics: Cybersecurity endpoint security antivirus

AV software: “I’m not quite dead yet”

If you are a cybersecurity professional, you’ve probably read the quote, “AV is dead” hundreds or even thousands of times. The thought here is that antivirus software is no longer effective at blocking modern exploits and malware, thus its useful lifespan is effectively over. 

Topics: Cybersecurity endpoint security antivirus

Consumer Security and Consumer Privacy Are Two Separate Conversations

As the title of this blog post implies, there seems to be a blurred line in the general rhetoric between “privacy” and “security”. These topics are not the same, and yet I see them lumped together all too often (ahem, CNN & Co). It's tough, however, to weave a coherent single narrative on the subjects, so let me present a few disparate points to help distinguish the two:

Topics: Security and Privacy Security endpoint security antivirus privacy antivirus software consumer security

Network Security Sandboxes Driving Next-Generation Endpoint Security

Remember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006. In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010. This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.

Topics: Network Security Cybersecurity endpoint security antivirus APT

The Return of AV Leaders?

When I started covering the infosec market around 13 years ago, anti-spyware was the hot topic Du Jour. The market went through a common cycle – VCs funded companies and cranked up the hype machine. Some product companies were acquired (CA purchased PestPatrol, Microsoft acquired Giant Software, etc.), while others pivoted from anti-spyware alone to endpoint security (Webroot). Ultimately, however, the anti-spyware boom cycle went bust when incumbent endpoint security leaders like Intel Security (McAfee), Kaspersky, Sophos, Symantec, and Trend Micro added anti-spyware to their existing AV products, turning a product category into a product feature. 

Topics: Cybersecurity malware endpoint security antivirus