• United States



Contributing Writer

Endpoint security suites must detect/prevent threats AND ease operations

Mar 06, 20183 mins
Endpoint ProtectionSecurity

Organizations want better threat prevention/detection, but only if new endpoint security tools can help automate and simplify operations, too.

endpoint protection gears
Credit: Thinkstock

Next-generation endpoint security tools may not be the stars of this year’s RSA Security Conference, but they are still bound to get a lot of attention. Why? Many organizations continue to move from traditional antivirus (AV) controls to new types of endpoint security suites built for prevention, detection, and response.

Now, common wisdom suggests that endpoint security decisions are driven by a need to improve threat prevention. About 80 to 90 percent of today’s malware is designed to attack a single system, and these unique malware variants are designed to bypass traditional security controls — most of the time they accomplish this goal. 

CISOs are responding to this cat-and-mouse game by upgrading to newer types of endpoint security tools that use machine learning, behavioral analytics, and threat intelligence integration to vastly improve threat detection/prevention rates.

Biggest endpoint security challenges

This is where discussions about next-generation endpoint security usually begin and end, but recent ESG research uncovers other important requirements. (Note: I am an ESG analyst.) When asked to identify their biggest endpoint security challenges, 385 cybersecurity and IT professionals responded as follows:

  • 25 percent of survey respondents said their security teams spend too much time responding to and investigating alerts, many of which are false alarms. There is and will always be a balancing act between true threat detection and false positives, and the bad guys know how to exploit this dichotomy. Next -generation endpoint security technology needs to be fine-tuned to detect/prevent a high percentage of threats while limiting noise associated with false positives. So, even the best threat detection/prevention engines need to be backed up by endpoint detection and response (EDR) capabilities that can spot anomalous system behavior when malware sneaks through.
  • 23 percent said they regularly reimage infected endpoint devices, creating work for the help desk and impeding worker productivity. This is a common problem.  Reimaging tasks cost between $400 and $1,000 per system, and it’s not unusual for large organizations to reimage around 30 systems per month. Endpoint security tools need remediation capabilities, such as terminating processes, deleting files, and rolling back system images that can help ease the reimaging burden. 
  • 19 percent said the lack of integration and automation between endpoint security tools leads to a lot of manual processes. This lack of security technology integration is exactly why so many organizations are building an integrated security operations and analytics platform architecture (SOAPA). Endpoint security suites must be tightly integrated, share information, and provide for automated workflow. Oh, and the best tools will also integrate with network security analytics systems, malware analysis sandboxes, threat intelligence, etc.

So, the data suggest that while threat detection/prevention is critical, the best next-generation endpoint security suites will also help organizations automate and streamline endpoint security operations. To do this, next-generation endpoint security vendors must understand the daily routines of cybersecurity professionals, not just malware research or machine learning algorithms. 

My colleague Doug Cahill and I will be looking for endpoint security suites that deliver these capabilities at next month’s RSA Security Conference. See you there.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author