Story image

Endpoint protection platforms need to become more proactive

07 Jun 2014

Over the last few years, there's been a significant increase in targeted attacks affecting connected devices.

In a study of endpoint protection platforms, or EPP, Gartner found 35% of customers have been compromised by malicious code.

It's clear that industry, with its adherence to reactive protection techniques, is failing to keep malicious code off end-user devices.

The sad reality is that any targeted attacker will code and test his or her payload to evade the target's anti-malware system.

If EPP solutions are to be successful, they need to become more proactive. They need to focus on the entire security life cycle of policy, prevention, detection and remediation.

Organisations need policy to proactively configure the endpoint to reduce the potential attack surface; prevention that provides real-time protection techniques to identify and filter malware; detection that indicates the presence of anomalies and threats; and remediation to repair any existing damage.

Gartner's research shows that, while proactive policies will defeat 85 to 90% of malware, EPP buyers actually put the highest value on prevention, hoping to avoid the additional work of proactively setting policy or tracking down anomalies that may turn out to be false positives.

Long dwell times - the number of days that malware is on an endpoint before it is detected and quarantined or deleted - are a hallmark of successful advanced attacks.

Gartner clients are searching for tools to reduce dwell times, as well as EPP products that can handle the full spectrum of servers and clients.

Today, large enterprise buyers are selecting best-of-breed mobile device management (MDM) tools to protect and manage endpoints for iOS and Android devices. However, Gartner expects the EPP market to absorb this function within the next two years.

There are also specialised features required for virtualised servers such as Exchange, SharePoint, Linux and Unix.

The large enterprise EPP market continues to be heavily dominated by Symantec, McAfee and Trend Micro – with these three companies accounting for around 65% of total EPP revenue. Sophos and Kaspersky Lab are also competitive across multiple functions and geographies.

These global leaders account for 82% of the EPP market share. While impressive, this figure is actually down 3% on the 2013 analysis. In the less demanding small and midsize market, niche players and visionary companies, with their dedicated focus on specific features and geographic regions, are having a bigger effect, slowly eroding the market share of the global leaders.

In the longer term, Gartner believes the biggest threat to market share will come from the increased displacement of Windows endpoints by applicationcontrolled operating systems.

By 2017, more than 50% of end-user devices will be restricted to running only apps that have been pre-inspected for security and privacy risks.

These solutions shift the value proposition from traditional antimalware to MDM, and data and privacy protection capabilities.

By Peter Firstbrook, research vice president, Gartner

Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure. 
How Dell EMC and NVIDIA aim to simplify the AI data centre
Businesses are realising they need AI at scale, and so enterprise IT teams are increasingly inserting themselves into their company’s AI agenda.