ESG Senior Principal Analyst Jon Oltsik and Senior Analyst Doug Cahill discuss some of their research insights from a soon-to-be-published Endpoint Security market landscape report. Jon will be presenting additional details at the RSA Conference on Thursday, March 3rd.
Announcer: The following is an ESG 360 video.
Doug: Hi everyone, Doug Cahill here with my colleague Jon Oltsik. And with RSA just a couple of weeks away, we wanted to share with everybody a really important presentation that Jon's going to be delivering on endpoint security. And Jon, we've been right in the middle of a endpoint security market landscape report, in which we've now interviewed dozens of customers, really about their journey to getting to a better endpoint security posture.
Jon: That's right.
Doug: But why don't we start why the current endpoint security model is broken?
Jon: Well it's a good point, Doug. Everyone runs antivirus software, so why do they need additional protection? What we're finding is that they're discovering malware on their systems, they're discovering malware on their networks and they're using a lot of times, and this was a surprise to me, they're using the advanced protection features in their antivirus software, but those are either too performance heavy or they're not finding this malware. And so they feel like they need to move on. Sometimes they're abandoning antivirus software, sometimes they're not. But they do feel like they need to move on from just AV alone.
Doug: Makes perfect sense. And the endpoint is still certainly the entry point that starts the cyber security kill train. So there's a huge imperative there to be able to proactively protect the endpoint.
Jon: That's right, and we're seeing that everywhere.
Doug: Yeah, no question. So a lot of confusion on the market because there are so many vendors with similar messenges. What are some of the high level findings that we've gotten out of the research we've conducted?
Jon: Well we've really discovered two different kind of customers. Customers either want to move on from AV and just get better protection. And typically those customers are very resource constrained, they're doing lots of different projects, they may have used the IT operations team to manage endpoint security in the past, and now they're passing it over security. So it's like they want a better mouse trap. They want better AV.
And then alternatively, the other customers, they don't really believe that prevention is possible, so they want better detection and response tools. So they want to know everything that's going on on those endpoints. They want to correlate that to what's going on in the network. These are the tip of the pyramid, the biggest companies who have the resources and they want to collect, process, analyze all the data, including what's going on in the endpoints.
Doug: Right, there's that feeling that hey, prevention will fail, so I'll use prevention to reduce my attack surface area, but I have to be prepared with detection and response.
Jon: That's correct. And in the middle, they want more controls, but those are hard. White listing, access controls, those are harder. So they want to do one or the other thing first.
Doug: And that really speaks to operational efficiencies. The customers I've spoken to have said, "I want a higher level of efficacy in my endpoint security control, but not at an increased operational tax.
Jon: They don't have the people.
Doug: They don't have the people...
Jon: They don't have the people.
Doug: ...or the time. So we're focused really on the buyer's journey. Customers that have successfully, as I've said, gotten to a better place in terms of endpoint security posture, what are some of things we've learned from that process, that journey that customers go through?
Jon: Well you mentioned before there are a lot of choices. So, the first thing they have to do is assess where they are, what their shortcomings are, and what their requirements are. But they also have to assess what their resources are. And so from there, they go through research and proof of concepts and pilot projects and then finally production. And that's a long journey. We're finding that there's a lot of evaluations to do, there's a lot of learning on the customer part to understand what they want. And given the landscape of all the products out there, it's tough. It's time consuming.
Doug: It is time consuming, but boy it seems like every organization we've talked to is really applying the time and the resources to go through that process.
Jon: Yeah, this is a real market. I mean the history of just AV is over. And whether people retain AV at all remains to be seen, but they're doing something. Now, they're taking their time, they're assessing their choices, but they're doing something and we're learning a ton about it.
Doug: Absolutely. And you'll be sharing more details about what we've learned Thursday morning at RSA?
Jon: Thursday morning, March the 3rd.
Jon: Yeah. Looking forward to it.
Doug: Looking forward to it. We look forward to seeing everybody at RSA this year.
Jon: Yeah. See you at RSA.