For almost two decades, the world of endpoint security was business as usual. Early on, the products worked pretty well, but in the past two years, the market started to change.

As the bad guys found more interesting and effective ways to cause problems, existing products began failing on a regular basis. Multi-stage and multi-component attacks became the new normal — and nuisance malware became less of a priority. Then ransomware started to take off and the storm got worse. In a very short time, the entire industry was turned upside down. Everyone, from the lone IT administrator at a 30-person organization to the CISO of a Fortune 500 company, was forced to rethink their next steps. For many, these next steps are now in motion.

While this was occurring, the endpoint market implosion created a secondary problem — noise. The security industry has always been notorious for strong viewpoints and struggles with validation. Everyone has an opinion on how to fix the problem of porous security, including vendors, partners, peers, analysts, resellers, and testing houses.

In an effort to cut through the clutter, CrowdStrike® enlisted industry analyst Doug Cahill from ESG (Enterprise Strategy Group) to survey buyers and gain insight into what they’re actually doing. The survey was fielded to 385 endpoint security decision-makers across medium and large enterprises. The detailed results can be found here: State of the Endpoint

So, what are buyers doing right now? 

1. Buyers using legacy products are rapidly jumping ship:
   76 percent of buyers have either changed their AV provider or plan to change in the next 12 to 24 months. This number is an alarming testament — clearly indicating that even the most slow-moving IT departments are making changes as soon as their contracts reach the end of the term.
2. Buyers are giving efficacy and efficiency equal consideration:
   The survey revealed that efficiency and efficacy are of equal importance to most buyers. Only half of the respondents have been able to upgrade to the latest versions of their legacy AV products within six months of initial product availability. New features are worthless if they are too hard to get into the hands of end-users. This level of complexity is the enemy of security, and buyers are now sourcing solutions that make it easier to deploy newer capabilities. How are end-users bypassing the complexity associated with multiple products, multiple agents and impossible upgrades? See #3.
3. Buyers are now sourcing cloud deployments, as opposed to on-premises deployments:
   Cloud-first initiatives are real. The preferred delivery model is now cloud-based, according to the survey data — because it’s both easier and more effective. SaaS not only eliminates complexity, it also provides end-users with the latest features deployed in real time. Upgrading to the most current version can be accomplished without having to do any extra work.
4. Buyers are choosing endpoint detection and response (EDR) as the #1 new tool within an endpoint suite:
   More than half of the respondents have either started using or plan to purchase EDR in the next 12 to 24 months. The two big misconceptions that occurred during the early stages of EDR were: one, that it would only be served by a separate group of vendors; and two, that it was a replacement for prevention technologies. EDR and prevention tools aren’t only able to work side by side — they can create unique technical benefits by working together. EDR has finally started to settle into its home within the endpoint suite.
5. Buyers are embracing threat hunting services:
   The overwhelming majority of respondents indicated that they see a significant benefit in some type of managed endpoint services. Of the different types of managed services, the strongest response showed that users are gravitating towards a managed threat hunting service for endpoints. They are using this to help them improve incident prevention, incident detection and incident response.

These points represent a small subset of the survey. To get detailed results and gain more insights from the survey, download the report, The State of the Endpoint 2017, or listen to the webcast, State of the Endpoint: The Buyer Mindset.