Endpoint Security Suites Must Detect/Prevent Threats AND Ease Operations

Next-generation endpoint security tools may not be the stars of this year’s RSA Security conference but they are still bound to get a lot of attention. Why? Many organizations continue to move from traditional AV controls to new types of endpoint security suites built for prevention, detection, and response.

Topics: Cybersecurity endpoint security antivirus EDR

“Gotta Have” Endpoint Security Suite Functionality

The movement toward next-generation endpoint security has accelerated over the last few years for a simple reason – cybersecurity professionals aren’t happy with the efficacy of existing antivirus tools. This market demand has led to a wave of investment and innovation from vendors like Carbon Black, CrowdStrike, Cylance, Morphisec, SentinelOne, and many others.

Topics: Cybersecurity endpoint security antivirus EDR endpoint security suite next-generation endpoint security

Growth in Endpoint Security as a Service in 2018

endpoint-security.jpgThe global cybersecurity skills shortage won’t ease anytime soon. In fact, there’s ample evidence to suggest that things are getting worse (more on this point soon). So, what can organizations do to bridge the skills gap? Rely on service providers for help. 

Topics: Cybersecurity cybersecurity skills shortage endpoint security antivirus mssp threat hunting 2018 Predictions GDPR

2018: The Year of Advanced Threat Prevention

A few years ago, the cybersecurity industry adopted a new mindset that went something like this: 

Topics: Cybersecurity threat intelligence antivirus micro-segmentation next-generation endpoint security DNS

Endpoint Security Needs “Efficient Efficacy”

As we ease into 2018, endpoint security technology is in play. Next-generation players like Barkly, Cylance, and SentinelOne offer products based upon machine learning algorithms to block traditional and new types of threats. EDR experts like Carbon Black, CrowdStrike, and Cybereason monitor PC behavior looking for anomalous activity. Meanwhile, traditional vendors like McAfee, Sophos, Symantec, Trend Micro, and Webroot are buying companies and adding new functionality to their products to provide a one-stop endpoint security shop.

Topics: Cybersecurity endpoint security antivirus

Trend Micro’s Case as an Enterprise Security Vendor

ESG research points to a few growing trends in the enterprise security market:

Topics: Network Security Cybersecurity endpoint security trend micro antivirus SOAPA

Cybersecurity Technology: Everything is Transforming and in Play

As Bob Dylan sang, ‘the times they are a changing.’ This is certainly true when it comes to security technologies – just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:

  • Endpoint security is evolving from signature-based AV to next-generation endpoint security suites. ESG views endpoint security as a continuum with prevention on one side and detection/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles – Cylance jumped into threat prevention with solutions based upon artificial intelligence while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection/response with EDR tools. The most recent battle is for the whole enchilada – comprehensive endpoint security suites that span across ESG’s endpoint security continuum. While startups continue to act as new shiny objects, old guard players like McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention/detection/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings. 
Topics: Cybersecurity SIEM antivirus Firewall SOAPA

Endpoint Security in 2017


Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. 

Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.

Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. 

Topics: Network Security Cybersecurity endpoint security antivirus Anti-malware

Goodbye SIEM, Hello SOAPA

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. 

Topics: Network Security Cybersecurity endpoint security SIEM antivirus security analytics

Next-generation endpoint security market bifurcation

My colleagues Doug Cahill, Kyle Prigmore, and I just completed a research project on next-generation endpoint security (login required). But just what the heck is next-generation endpoint security? Cybersecurity professionals remain pretty confused around the answer to this question. For the purposes of its research project, ESG defined next-generation endpoint security as:

Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware.

Topics: Cybersecurity endpoint security antivirus