The Drivers of Change in Endpoint Security

GettyImages-510305993.jpgI guess I still think like a product manager. In my last blog, the first of a few analyzing key findings from ESG’s recent endpoint security, I shared my take on the net-net design center for contemporary endpoint security solutions, one that serves two masters – efficacy and efficiency. The state of endpoint security can be characterized as one of constant change in which organizations are implementing compensating measures to improve both the efficacy and efficiency. But what factors are driving the “efficient efficacy” market requirement?

With respect to efficacy, ESG’s endpoint security research highlights that customers have experienced, and are concerned about, a diverse range of threats:

  • The top threat types experienced by research respondents were targeted malicious software followed closely by exploits of known, unpatched vulnerabilities, and commodity/mass malware. File-less and multi-stage attacks are the next types of attacks that have most commonly been experienced.
  • Looking forward, it’s telling that very few research participants cited a single threat type as their top concern with many selecting multiple threat types as putting their endpoints at most risk.
  • While targeted malware still earns top billing, it’s noteworthy that security pros are nearly equally concerned about the risk that multi-stage attacks pose to their endpoints, likely based on an appreciation of the relative difficulty in detecting and preventing such well engineered threats.

While much of the dialog in the endpoint security market has been focused on employing advanced detection techniques to thwart this potpourri of attacks, customers are clearly highly concerned about operational challenges. In fact, when asked about their most significant endpoint security challenges, the top 4 spots are occupied by operational efficiency issues with the inability to detect new and unknown threats checking in at fifth. Those operational speedbumps include:

  • Spending too much time responding to alerts to investigate a possible incident, many of which are false positives.
  • Regularly re-imaging infected endpoint devices impacting both the help desk and knowledge worker.
  • A lack of integration and automation between endpoint security tools that requires a significant level of manual processes.
  • Agents slowing down endpoint devices impeding end-user productivity.

So how are organizations responding to this set of efficacy and efficiency issues? They’re pulling multiple levers which I’ll cover in my next blog sharing more results from ESG’s endpoint security research.

Topics: Cybersecurity