Research firm Gartner, in their 2018 Magic Quadrant for Endpoint Protection Platform, stated that they consider the endpoint protection market mature; vendors know what their customers expect and what their products need to do to meet those expectations. At the same time, Gartner acknowledges that this can translate into a new layer of challenge for enterprises seeking a solution. The differences from one endpoint protection platform to another can be hard to distinguish.
Compounding this problem is a quiet but mounting backlash against endpoint protection by cybersecurity experts and IT professionals. According to Centrify, a majority of CEOs inaccurately believe that malware is the biggest threat to their digital security, and therefore overinvest their limited cybersecurity budget in endpoint protection platforms over security analytics, SIEM, and identity management solutions.
So the question becomes: does my enterprise still need an endpoint protection solution?
Endpoint Protection Still Matters
The answer, perhaps unsurprisingly, is yes. Endpoint security is as vital now as ever before. It’s still the best protection against malware and ransomware—which while perhaps not as dangerous as stolen credentials or insider threats are still incredibly damaging. Further, these solutions are a major component to threat prevention rather than threat detection.
However, what is essential to remember is that endpoint security cannot serve as the end-all and be-all of your cybersecurity platform. It needs to be a component of a comprehensive cybersecurity apparatus. Furthermore, much like other digital security tools, it needs to be selected, deployed, and maintained properly. There is no out-of-the-box solution that will fulfill your enterprises’ needs.
How to Select the Right Endpoint Security
If you are looking to find the right endpoint protection platform, don’t allow yourself to get too caught in the vocabulary of vendors. Despite being a mature market, EEP solutions jargon hasn’t yet been fully codified. But that isn’t what’s important; what is important is knowing what your enterprise actually needs and their capabilities. If you want to prioritize threat mitigation, then you shouldn’t get distracted by other features.
Another oft-forgotten aspect of selecting an endpoint security platform is to think outside of anti-virus software. For years these were one in the same, hence their widespread conflation, but endpoint protection is far more comprehensive than anti-virus alone. Anti-virus is an important part of it—it is crucial to protecting against older versions of malware—but a good endpoint protection solution will also be able to combat newer versions of malware as well. Speak to your IT security experts to determine what other capabilities your enterprise truly needs: threat recognition, exploit mitigation, fileless malware prevention, etc.
On a related note, you should consider the capabilities of endpoint detection and response (EDR) in your selection. A major reason so many cybersecurity professionals seem cooled down to endpoint security is because the solutions seem geared to the prevention of threats. But since no solution is ever 100% effective, endpoint security can allow threats into an enterprise’s network without detection—allowing plenty of dwell time for threats. EDR refocuses endpoint protection to improving visibility, alerting IT professionals to suspicious activity, allowing experts to see a security event in full detail.
This is a double-edged sword though. EDR only works only after a hack or breach has occured…and therefore after the damage has been. Prevention is still necessary to keeping a good number of threats at bay.
Above all, approaching selecting an endpoint security solution should be done holistically, comprehensively, and carefully.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021