What makes a visionary solution provider in endpoint protection platforms (EPP)? What are the key capabilities that will help enterprises prevent and detect future digital threats, rather than just present ones?
According to the 2018 Gartner EPP Magic Quadrant (available here), a Visionary vendor offers “leading-edge features…that will be significant in the next generation of products, and will give buyers early access to improved security and management.” In other words, Gartner’s selection of Visionary vendors can prove a powerful tool in helping enterprises predict which tools they should value for their long-term cybersecurity. We can see what, in their professional opinion, Gartner values in EPP solutions.
So what tools and capabilities should enterprises value based on the 2018 Gartner EPP Magic Quadrant? And how do we sort through the staggering number of Visionary vendors to find the best practices inherent in their individual solutions?
The 12 Visionaries in the Gartner EPP Magic Quadrant are Carbon Black, Cisco, Crowdstrike, Cylance, Endgame, F-Secure, Kaspersky Lab, Malwarebytes, McAfee, Microsoft, Panda Security, and SentinelOne. Here are our takeaways based on Gartner’s assessments and the commonalities between the Visionaries:
To Be Visionary, EDR is Crucial
Endpoint Detection and Response (EDR) has become all the rage recently as endpoint security solution providers announce purchases and upgrades to improve this component. EDR offers a layer of threat detection not found in traditional endpoint security, which usually oriented to preventative measures. Gartner notes the EDR capabilities of every Visionary in the 2018 Gartner EPP Magic Quadrant and praises all 12 of them for including this feature.
We’ve stressed in previous articles how the cybersecurity paradigm is shifting from a prevention model to a detection one as experts come to terms with the inevitability of network threat penetration. Gartner clearly shares the same concerns. Enterprises should make sure to consider EDR as a vital part of any EPP selection; the security benefits of threat hunting and threat management can’t be overstated.
However, we here at Solutions Review do advise caution even in the face of Gartner’s apparent enthusiasm on EDR. Recent surveys have found that EDR is resource intensive and can generate false positives on the same scale as SIEM. It can prove a serious drain on your IT security team’s time and budget.
Managed Security Services for the Endpoint
The 2018 Gartner EPP Magic Quadrant also made sure to single out VIsionaries that offered some sort of managed security services (MSS). While not every Visionary functions as an MSSP (according to Gartner), the vast majority of them do; these services handle the deployment and day-to-day operations of EDR and EPP solutions (usually remotely). Gartner outright states that an MSSP option will appeal to enterprises lacking a security operations center (SOC) or enterprises with a smaller IT security team.
We agree with Gartner but would take the argument one step further. A managed endpoint security service can prove a huge boon to large and even global enterprises looking to bolster their EDR and threat detection capabilities. This will clear up the schedules and free up the resources IT security teams would require to investigate potential false positives that they could use to shore up their defenses and analyze more pressing matters. While a managed endpoint security service will certainly not appeal to every enterprise, it does prompt reflection on the resources your IT security team has at their disposal and consideration of what it could need.
A less common but still prevalent feature the 2018 Gartner EPP Magic Quadrant singles out is the ability to function on corporate endpoints even while disconnected from the Internet.
This may seem like an impossible scenario—where in the corporate world would someone be without internet access?—but it Gartner’s understanding of the decentralization of the enterprise in the modern age. Employees now expect and are often required to work from anywhere, including on the road working off their data or in areas with limited Wi-Fi access. Given that 70-90% of enterprise breaches begin on the endpoint, your enterprise will want to ensure their security even in extreme situations. This consideration applies doubly if you are thinking about embracing a digital transformation.
Speaking of which…
The 2018 Gartner EPP Magic Quadrant Embraces Cloud
Whether it be cloud-based architecture, cloud-based deployment options, cloud management options, or cloud threat intelligence capabilities, the 2018 Gartner EPP Magic Quadrant looks to the cloud for the future.
These features are crucial to the cloud-adoption oriented enterprise that still values its endpoint security—they will provide better visibility into individual endpoints, improve threat detection and threat protection capabilities, and allow for greater scalability. Furthermore, reorientation to the cloud allows for a much easier deployment and updating processes than traditional on-premises.
Do these visions align with yours for endpoint security? If not, it might be time to reconsider what the future of your enterprise’s cybersecurity looks like…and what you’re doing to prepare for it.
You can download the 2018 Gartner EPP Magic Quadrant here.