10 Endpoint Security Trends That Translate Into Opportunity For Solution Providers

An Evolving Security Landscape

The endpoint security market is seeing a resurgence in recent months, brought on by a wave of new technologies looking to solve problems network security offerings clearly haven't fixed alone. For solution providers, that new market and customer confusion about where to place bets means a huge opportunity, said Trace3 Vice President of Research Mark Campbell. Trace3 released an extensive study on the evolution of the endpoint market, as well as the key players and trends that solution providers need to know. Take a look at some of the study's key takeaways.

Need More Than Just Antivirus

One fact that is immediately clear in the endpoint security space is that antivirus simply isn't enough anymore, Trace3's Campbell said. The call for antivirus to be declared dead has been around for some time, but Campbell said the market is about to "leave that phase" around antivirus and "enter the platforming phase," which includes integrated, next-generation endpoint security technologies.

Perimeter Defenses Aren't Enough

The other major mind-set shift in security that is pushing companies to embrace next-generation endpoint security technologies is an acceptance that perimeter technologies are not enough to protect an organization, Campbell said. That's a shift that has been echoed by other industry leaders, including RSA President Amit Yoran in his annual keynote at the most recent RSA Conference. While most customers historically spent about half of their security budgets on perimeter defenses, Campbell said that is starting to change as customers recognize those technologies aren't effective enough on their own to protect an organization.

"There's a disconnect there between funding and threats. We're seeing that change," Campbell said. "That's one of the biggest sea changes we're seeing in our customer base."

There Are A Lot Of Options

The good news for companies looking to invest in endpoint security is there are plenty of options to solve a variety of problems, Campbell said. Trace3 identified the primary use cases within endpoint security, which include endpoint protection platforms, endpoint detection and response, threat isolation, exploit technique mitigation, data loss prevention, data encryption, sandboxing, patch management, deception, intrusion detection systems, intrusion prevention systems, remote application access, threat intelligence, threat forensics and user behavior analytics. For solution providers, Campbell said there is a significant opportunity to take a consultative, trusted adviser approach with customers to help them navigate all these options and find the right fit for their budgets.

Protection Side Of The Market

Trace3 particularly singled out endpoint protection platforms and endpoint detection and response in its report. Endpoint protection platforms bring together multiple security functionalities into a single offering, including firewall, anti-virus, application security, IPS, anti-spyware and more, as well as integrating that with vulnerability, patch and configuration management. Campbell said there are a mix of incumbent players, such as Symantec and McAfee, in this space, as well as up-and-coming companies such as Cylance, Webroot, SentinelOne and Kaspersky Lab. Other players include Sophos and Trend Micro, he said. While an EPP platform still falls in many ways into some of the more traditional areas of endpoint security, Campbell said it should be considered as a complement to offerings focused on detection and response.

Detection Side Of The Market

Campbell also highlighted the rise of endpoint detection and response companies, which have offerings for monitoring endpoints for detection, containment, investigation and remediation. Players in that space include Cisco Systems, Carbon Black, Tanium, CounterTack, FireEye, Cybereason and Crowdstrike, he said.

"[Endpoint detection and response companies] are really catching a lot of attention with our customers right now because they're taking a slightly different approach to things," Campbell said.

The report said these offerings should be evaluated based on their capabilities around managed hunting, real-time agent scoring, centralized data, real-time search, incident containment, event feeding into SIEM and built-in sandboxing.

Platform Players Getting Into The Game

Campbell said that in an ideal world a single platform could solve all the customer needs around endpoint security, including from both EPP and EDR solutions. He predicted that by this time next year there would start to be more companies offering both sides of the equation, a push this industry is already starting to see from incumbent vendors, as well as standa-lone endpoint security vendors such as Carbon Black. It remains to be seen which vendors will emerge as the leading platform players, he said, with mergers and acquisitions likely playing a large role in which company pulls ahead.

Building A Layered Approach

Campbell said his No. 1 recommendation when it comes to endpoint security is for clients to take a layered approach, with the two mandatory layers being EPP and EDR. From there, he said clients can layer on additional endpoint security technologies that make the most sense for their business. Another important layer is network security, Campbell said, because endpoint security offerings need strong networking policies and solutions to back them up.

Take Advantage Of What You Already Have

While it's not as "sexy" as a new offering, Campbell said another top recommendation for clients is to maximize the use of the products they already have in place. For example, he said he has seen many clients who have disabled OS patching and updating because of a problem in the past or because it takes too much time. He said that is a "terrific start" and one way to "raise your level of performance right off the bat," without having to purchase any new technology. Another area a company can invest is around employee training, Campbell said, particularly around phishing and spearphishing.

What Not To Do

There are some cautions when implementing endpoint security solutions, Campbell said. Primarily, he said it is important for solution providers and customers to keep in mind that many endpoint security technologies require an agent, which becomes a problem when too many agents are installed on an endpoint and cause performance problems or "agent bloat."

Evolution To Come

The evolution of the endpoint security market is far from over, Campbell said. He said customers are starting to ask for more automation to be built around endpoint security offferings to help handle a growing talent shortage and leverage machine-learning technologies. Campbell said he also expects to see user behavior analytics taking a bigger role in security, as well as artificial intelligence.