Endpoint security in 2016 and beyond
Like most things in security, endpoint protection is going through a generational shift as traditional endpoint players aka the Big 5 - Symantec, Intel Security (formerly McAfee), Trend Micro, Kaspersky and Sophos are being disrupted by newer technology startups such as Bromium, Cylance, Crowdstrike and Carbon Black. These new players tout advanced capabilities such as machine learning algorithms, forensics, IOC integration which at present is deployed in addition to the traditional players. All this adds up to a somewhat complex, confusing and expensive conundrum for customers as they select the appropriate controls for their environment.
To aid customers, Gartner provides an Endpoint Protection Platform Magic Quadrant as a guide. Whether you're pro or anti-Gartner, this year's guide makes for some interesting reading and I've summarised my interest points below;
- The appearance of Cylance and SentinelOne in the EPP Magic Quadrant. Cylance's detection engine is completely machine learning algorithms, negating the need for legacy blacklisting but also omits controls such as HIPS, DLP, EMM and application control. One can argue that it's advanced algorithms negate a lot of the additional layers but EMM and application control are useful. SentinelOne is traditionally an EDR tool and now appears in the MQ but like Cylance lacks some of the useful traditional controls.
- Alot of the MQ participants are beginning to offer EDR type controls. This should really be a no-brainer considering the main players already have an agent on the machine. The challenge I find is the agents are usually bloatware and need to be better modularised so you only consume footprint/resources that you need.
- The Leaders Quadrant has done a bit of a shuffle with Trend Micro's shift along the Visionary axis the most noticeable. The other Leaders have shifted left, sounds a little pedantic but in vendor land when you're looking to squeeze as much out of these reports as you can, it makes a difference.
- Virtualisation/containment players such as Invincea and Bromium didn't appear. Curious considering Cylance and SentinelOne appear in 2016
With the rationalisation and consolidation in the security area, don't be surprised to see less players in 2017 as the likes of Symantec throw the shackles off their M&A and the larger infrastructure vendors such as Cisco, HP and IBM look to acquire technology to compliment their offerings.
Nice commentary Lani. Gartner likes to organise vendors into well defined quadrants, because it suits their model, but when something comes along that doesn't quite conform, they don't really know what to do with it. It's exciting that a new breed of technologies and vendors is challenging the inertia and status quo of traditional endpoint security, but no mention of Tanium? That surprises me. But then, I am bias.
Adviser. Communicator. Enabler.
9yThe endpoint market has been dominated for far too long by companies selling the same list-based technologies, whether further bloating the size of agents, or making them access lists in the clouds. The alternative approach by Cylance Inc. etc is much needed, and even if they are likely to be swallowed up by larger firms (Cylance and Dell partnership news last November a sign of things to come?) disruptive technologies are exactly what we need to move security forwards. Not to say that the disruptives aren't without their limitations; Bromium was probably omitted because of some of these, whilst Cylance typically suggests that you use their Cylance Protect solution as part of your security strategy. For one, I believe Gartner is very useful at helping structure and provide a base of comparison for various vendor offerings - although we need to remember the solution choice has to come after the strategic risk analysis and not before.
Helping organisations make strategic use of digital technology.
9yNice article Lani Refiti.
Cyber Security Sales
9yPretty Insightful , with growing traction of SMACI , security is going to get even bigger .
Good insights and agreed that like all industries security is being disrupted by new players with better tech. It's good to see this much needed innovation. We have been too slow to get in front of those that wish to exploit vulnerabilities.