In a recent ESG research project, 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) where asked to identify their organizations\u2019 endpoint security monitoring weaknesses. Thirty percent said they were unsure about, \u201capplications installed on each device,\u201d 19% had difficulty monitoring \u201cdownloads\/execution of suspicious code,\u201d 12% struggled when tracking, \u201csuspicious\/malicious network activity,\u201d and 11% had a hard time tracking \u201ccurrent patch levels.\u201dWhy is it so difficult to monitor endpoint activities? An old saying comes to mind: \u201cWater, water, everywhere but not a drop to drink.\u201d There are records about endpoints all over the place \u2013 asset databases, CMDBs, network monitoring tools, vulnerability scanners, patch management tools, etc. \u2013 but when security analysts need up-to-the-minute information for critical remediation activities, they have to scramble around through a myriad of management systems to retrieve it. In a recent Market Landscape Report, ESG defined a new network security category called Endpoint Visibility, Access, and Security (EVAS). EVAS is actually a superset and evolution of Network Access Control (NAC) with greater functionality and intelligence. The \u201cV\u201d in EVAS is one of the reasons why the EVAS market is on the rise. EVAS doesn\u2019t replace any of the management tools cited above. What it does however is provide a security-centric view of endpoints. EVAS knows which mobile and PC endpoints are on the network at all times. EVAS knows the state of these assets (i.e. configurations, patches, ownership, applications, etc.). EVAS even knows about other types of assets like SCADA systems, health care devices, printers, etc. When security and IT operations want to know how many Windows XP systems are still running IE8, EVAS can provide the answer quickly. Otherwise the answer is out there with a whole lot of digging.Bradford Networks, Forescout, Great Bay Software, and Promisec provide these EVAS capabilities. McAfee customers betting on multiple tools and ePO can probably gather this data quickly as well. Okay, so EVAS can help CISOs track what\u2019s out there on the network for risk management but how do you know if an asset has actually been compromised? This information isn\u2019t nearly as accessible as security analysts have always relied on network monitoring tools for incident detection. Given the threat landscape however, many security-conscious organizations are supplementing network monitoring with endpoint analytics. Note that this is also another driver for big data security analytics. Why endpoint analytics? Regardless of the malware, it has to make alterations to the endpoint configuration to succeed. For example, malware often modifies registry keys, opens TCP ports, or creates a new directory in the file system. You can\u2019t see many of these activities from the network alone, but you can if you collect and analyze them using specific algorithms built to detect system anomalies.This category is often referred to as endpoint forensics, but I prefer endpoint security analytics as it is a bit less geeky. Vendors in this space include Guidance software, Mandiant, RSA Security, and Triumphant. Many of the new endpoint anti-malware solutions such as Bromium, Invincea and Sourcefire also collect this type of data.I\u2019m convinced that EVAS and endpoint security analytics tools or services will go from \u201cnice-to-have\u201d to \u201cgotta-have\u201d over the next few years. Smart CISOs will plan accordingly.