ESG Blogs

As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.

Finding the right metrics to measure the effectiveness of your security programs can be challenging and subjective. While most everyone can agree on the ultimate objective of preventing breaches, there is much discussion about how to objectively measure and report on the effectiveness of everything between your first dollar invested in security and your planned security investments for the coming year.

As organizations struggle with the complexity and number of security tools in use, the dream of an integrated platform seems convincingly like a good idea. Surely life would be less complex with fewer tools to manage, systems that were designed and built to work together, and fewer vendors to deal with. But there will be new challenges and tradeoffs to consider that will require some planning and effort.

I had a terrific week at RSA, meeting and talking with many of the world’s leading endpoint security and application security vendors. Every year, RSA provides a unique opportunity to take a fresh look at new and existing vendors, through in-person meetings with technical and marketing leaders, and checking out messaging through booths, signage, and materials.

As adversaries continue to be more aggressive and more targeted in their attack techniques, security teams are continuously challenged to implement more comprehensive endpoint protection strategies to keep up. Next-generation security vendors like Carbon Black, CrowdStrike, and Cylance have set the agenda, delivering integrated prevention, detection, and response platforms leveraging the cloud and a single agent. Established endpoint players like Symantec, Trend Micro, and Sophos have quickly responded, delivering integrated solutions leveraging both cloud and a common agent. ESG research shows that 77% of companies surveyed plan to move to an integrated security suite with a preference towards a single vendor, with an even split between companies who are looking to next-gen providers and those looking to the large, established security players.