As adversaries continue to be more aggressive and more targeted in their attack techniques, security teams are continuously challenged to implement more comprehensive endpoint protection strategies to keep up. Next-generation security vendors like Carbon Black, CrowdStrike, and Cylance have set the agenda, delivering integrated prevention, detection, and response platforms leveraging the cloud and a single agent. Established endpoint players like Symantec, Trend Micro, and Sophos have quickly responded, delivering integrated solutions leveraging both cloud and a common agent. ESG research shows that 77% of companies surveyed plan to move to an integrated security suite with a preference towards a single vendor, with an even split between companies who are looking to next-gen providers and those looking to the large, established security players.
While security vendors continue to increase the efficacy of their prevention solutions, security users are demanding simplification in the security stack, wanting to work with fewer tools and vendors. This means that organizations will need to depend on today’s tools providers to bring together at least the core prevention, detection, and response capabilities, in addition to managed services to assist in the implementation and management of these functions. As this trend continues, these companies will amass large data sets of security events, furthering the need for more powerful analytics engines that lead to the rapid identification and tracking of emerging attack types. The only practical approach to analyzing all this data is to utilize the cloud.
While the convergence of prevention, detection, and response will surely continue, security teams will still be challenged with dealing with multiple platforms from multiple vendors providing solutions unique to endpoint, network, appsec, IoT, and more. Security vendors have an opportunity to work together to further simplify the complexity and, in my opinion, need to recognize the importance of this and begin to get behind open standards that enable these systems to work together more easily. As the market continues to mature, I’m optimistic that more focus will emerge here.
Security is as much a big data problem as anything else. The more eyes we have on what’s happening across the hundreds of millions of systems running in the world today, the better we can see and understand the adversary, ultimately protecting us from the next attack. Today’s security teams need help from automated security solutions. They need help in bringing security data together in a way that can filter and prioritize where they should be paying attention. They need help in understanding where and how attackers are going after their digital assets. I’m super excited to see how solutions evolve here over the coming year.
In my new role at ESG, I will be researching how users see today’s endpoint and application security offerings, what capabilities are most important, and how organizations are prioritizing their investments in these technologies. I will also be working together with the many endpoint and application security vendors to understand their capabilities and offerings to assist in helping align their GTM with what we find in our research.