Endpoint security needs ‘efficient efficacy’

As we ease into 2018, endpoint security technology is in play.

Next-generation players such as Barkly, Cylance and SentinelOne offer products based on machine learning algorithms to block traditional and new types of threats. EDR experts such as Carbon Black, CrowdStrike and Cybereason monitor PC behavior, looking for anomalous activity. Meanwhile, traditional vendors such as McAfee, Sophos, Symantec, Trend Micro and Webroot are buying companies and adding new functionality to their products to provide a one-stop endpoint security shop.

Yup, everyone is intent on providing the whole endpoint security enchilada, and based upon ESG research, large organizations are also moving in this direction — 87 percent of enterprises say they will buy a comprehensive endpoint security suite to address new requirements.

What cybersecurity professionals want in an endpoint security tool

Beyond the move to suites, what are organizations really looking for with new types of endpoint security technologies? ESG recently asked this question to 385 cybersecurity professionals. Here’s what they said:

• 26 percent say the most important consideration for endpoint security technology is to increase the efficacy when dealing with new types of threats. In other words, they want tools that can detect and block a higher percentage of overall known and unknown exploits and malware. 
• 26 percent say the most important consideration for endpoint security technology is to improve operational efficiency for end users, IT and the security team. That means endpoint security technology must be much easier to deploy, configure, operate, analyze and use on a day-to-day basis. 

Allow me to provide a bit of analysis to this data:

1. The move toward new technologies suggests that many endpoint security tools are not blocking enough exploits and malware. This not only leads to compromised systems, but it also creates a lot of security/IT operations work, such as detecting security incidents, quarantining devices and reimaging systems.
2. These endpoint security processes exacerbate a more fundamental problem — there’s more security work than there are people to do the work. Oh, and the skills shortage is making this situation progressively worse.
3. Yes, end users should be encouraged to participate in strong security hygiene, but we can’t expect them to put up with security tools that disrupt their productivity.
4. CISOs have had enough. They need new types of security tools (in this case, endpoint security suites) that increase the number of blocked threats and decrease the amount of work necessary to do so — for all involved parties. 

My colleague Doug Cahill has captured this analysis extremely succinctly. According to Doug, large organizations are looking for endpoint security suites that offer, “efficient efficacy.” In this way, they promote better security while streamlining operations, making security a bit less burdensome all around. 

I couldn’t say it better myself.