The New Endpoint Security Market: Growing in Size and Scope

Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless. First, Cylance announced a round of $120 million led by Blackstone Tactical Opportunities. Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint. 

Topics: Cybersecurity endpoint security antivirus EDR

Endpoint Security Suites Must Detect/Prevent Threats AND Ease Operations

Next-generation endpoint security tools may not be the stars of this year’s RSA Security conference but they are still bound to get a lot of attention. Why? Many organizations continue to move from traditional AV controls to new types of endpoint security suites built for prevention, detection, and response.

Topics: Cybersecurity endpoint security antivirus EDR

“Gotta Have” Endpoint Security Suite Functionality

The movement toward next-generation endpoint security has accelerated over the last few years for a simple reason – cybersecurity professionals aren’t happy with the efficacy of existing antivirus tools. This market demand has led to a wave of investment and innovation from vendors like Carbon Black, CrowdStrike, Cylance, Morphisec, SentinelOne, and many others.

Topics: Cybersecurity endpoint security antivirus EDR

Endpoint Detection and Response (EDR) Is Coming – In One Form or Another

A few years ago (2016), my esteemed colleague Doug Cahill and I spoke with 30 enterprise organizations on their endpoint security requirements and strategies. Based upon these discussions, we came up with a concept called the endpoint security continuum. 

On one end of the continuum lies advanced threat prevention. This software is sometimes referred to as “next-generation AV” because it uses technologies like machine learning and threat intelligence integration to improve the threat prevention capabilities of traditional AV products. 

Topics: Cybersecurity antivirus software SOAPA EDR

SOAPA Chat with Vectra Networks (Video, Part 2)

Old friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Topics: Cybersecurity SIEM security analytics SOAPA EDR

Talking SOAPA with Vectra Networks (Video, Part 1)

Old friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Topics: Cybersecurity SIEM SOAPA EDR

An EDR Perspective on Security Ops and Analytics Architecture (Video)

In this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Topics: Cybersecurity SOAPA security operations and analytic platform EDR