In 2017, my colleague Doug Cahill conducted research on endpoint security. Back then, the research indicated that 87% of organizations were considering a comprehensive endpoint security suite rather than several disconnected endpoint security point tools.
Just a few months ago, I did a research project of my own on threat detection and response. When survey respondents were asked to identify the most attractive endpoint detection and response (EDR) option, 52% of organizations reported preferring EDR technology that is tightly-integrated into endpoint prevention software from a single vendor, while 29% would look for EDR technology that is bundled with endpoint prevention software from a single vendor.
These are just two ESG research examples indicating that many organizations will purchase new endpoint security suites over the next few years. We can also deduce that these endpoint security suites will feature endpoint prevention controls (i.e., next-generation antivirus software) and threat detection and response capabilities (i.e., EDR).
No wonder why there are 50+ endpoint security vendors these days! The data points to a redefined endpoint security market, and when markets are redefined, upstarts have an opportunity to become category creators and market leaders.
Now I’ve been around the technology industry for more years than I care to admit so this seems like a logical market transition, like many I’ve seen in the past. There is a remaining problem, however: Beyond AV and EDR, what else could these integrated endpoint security suites do? Here are a few possibilities:
- Endpoint security suites could include support for mobile devices and IoT. Let’s face it, endpoint security is synonymous with Windows PCs and even the most popular products have only recently ramped up commercial support for Macs and Linux systems. Okay, but aren’t smartphones, tablets, and IoT devices "endpoints" as well? At ESG, we’ve only recently started to see funded initiatives to secure non-PC devices, but these projects will likely gain steam over the next few years. So, before embarking on lengthy enterprise-wide endpoint security projects, CISOs should assess risks and develop risk mitigation strategies for other types of endpoints and then figure out how non-PC security aligns with endpoint suite deployments.
- Endpoint security suites could become a sub-segment of endpoint management. It’s always puzzled me why we use one set of tools to manage PCs (i.e., provision, configure, backup, support, patch, etc.) and another set to secure PCs. After all, as the old cybersecurity axiom states, "A well-managed system is a secure system." This seems to be somewhat of a religious war: Either you think endpoint management and security should come together or you think this type of integration is blasphemy. Given the acute shortage of skills, I believe it’s likely that endpoint management and security will have to come together at some point. If this happens, vendors like Citrix, Microsoft, and VMware will find themselves in the catbird seat.
- Endpoint security could become a component of an integrated threat defense architecture. In this case, endpoints become a sensor and enforcement point as part of a tightly-coupled distributed architecture that includes network traffic analysis (NTA), malware sandboxes, threat intelligence, and advanced analytics. In other words, endpoints, along with networks, sandboxes, and threat intelligence, supply telemetry to some type of analytics engine, blocking rules are based upon analysis of the whole enchilada, and then these rules are distributed to endpoint, network, and cloud-based security controls in real time. Lots of vendors (i.e., Cisco, Fidelis, FireEye, McAfee, Palo Alto Networks, Symantec, Trend Micro, etc.) are pursuing this strategy.
My point is simple: The next few chapters of the endpoint security tome have yet to be written. Market demand and/or technology innovation could push endpoint security suites in one or several different directions. Fortunately for me, my newish colleague Dave Gruber is busy watching endpoint security market developments. I hope he keeps me in the loop as to how it all plays out.
Based upon this uncertain future, I have two words of advice for CISOs: Caveat Emptor. Make sure you really think through future business initiatives and security requirements before moving forward, or the next new endpoint security tool you buy may be obsolete before you know it.