A recent report from IT research and analysis firm Gartner offers new insights and perspective on the current state of endpoint security. In its report, titled “Redefining Endpoint Protection for 2017 and 2018,” CrowdStrike asserts that Gartner’s revised definition of endpoint protection platforms (EPPs) offers a bold and detailed analysis of the challenges faced by today’s endpoint security vendors. The report also provides new and valuable recommendations for security and risk management leaders as they evaluate their options.
The introduction includes Gartner’s update of its EPP definition as follows: “A solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
The Drivers Behind The Report
It’s been over five years since Gartner defined endpoint protection and in the ensuing years — particularly over the past two years — CrowdStrike has observed major changes impacting all aspects of the 20-year-old endpoint security market. Some of the factors that CrowdStrike believes spurred the need for a new definition include the following:
- Legacy vendors have limited their agility by adding new features year after year that are no longer effective against modern threats, such as file-less attacks and ransomware.
- The same legacy vendors anchored their customers to costly on-premises, hardware-based solutions that are no longer necessary due to advancements in cloud computing and SaaS delivery models.
- Endpoint detection and response (EDR) and prevention solutions were historically seen as discrete products, but have since merged.
- Advancements in security technologies such as machine learning and behavioral analytics have lessened the need for legacy features like antivirus signatures.
- Numerous new vendors have entered the market with “point” solutions that solve a narrow piece of the problem but do not meet the broader criteria of a full endpoint protection platform.
- Combining services, like threat hunting, with technology solutions has proven effective in defending against sophisticated attacks that are becoming increasingly prevalent.
Major Changes and Recommendations From Gartner
The report acknowledges major changes in the EPP market and offers recommendations for security and risk management leaders as they evaluate an increasingly crowded vendor landscape. A summary of these are as follows:
- Legacy features have been dropped: Gartner has removed DLP, MDM and specialized protection for servers from the EPP definition.
- EDR is now part of the suite: Gartner concluded that EDR has seen increased adoption due to the realization that it’s not possible to block 100% of attacks. Gartner is now placing significant importance on the combination of behavioral and machine learning techniques for prevention, detection and response, both on-sensor and in the cloud.
- More emphasis on managed hunting: Gartner suggests organizations add a managed hunting service whenever possible. This can augment internal security efforts, regardless of an organization’s size, sophistication or staff resources.
- Less emphasis on mobile and virtual desktop infrastructure (VDI): Gartner recommends that customers look for solutions designed to protect both MacOS and Windows, however, they are no longer considering VDI, mobile and servers as key purchasing criteria for EPP.
- Moving to the cloud is crucial: Gartner cites numerous efficiencies around both threat efficacy and administrative overhead that can be achieved by choosing EPP vendors that offer cloud-native architectures.
From Analyst Recommendations to Market Reality
The CrowdStrike Falcon® platform aligns well with the recommendations outlined by Gartner for endpoint security. As the leader in cloud-delivered endpoint protection, CrowdStrike Falcon offers instant visibility and protection across the enterprise and prevents attacks on or off the network, extending protection across endpoints whether physical, virtual or in the cloud.
Falcon seamlessly unifies next-generation AV with best-in-class endpoint detection and response (EDR), backed by 24/7 managed hunting. The cloud infrastructure and single agent architecture eliminate complexity and add scalability, manageability, and speed. CrowdStrike protects customers against all cyberattack types using sophisticated signatureless artificial intelligence/machine learning and indicator-of-attack-based (IOA) threat prevention to stop known and unknown threats in real time. In summary, CrowdStrike believes that the future of endpoint security, as outlined in the Gartner EPP report, is manifest today in the Falcon endpoint protection platform.
Gartner [Redefining Endpoint Protection for 2017 and 2018], [Ian McShane, Peter Firstbrook, Eric Ouellet], [29 September 2017]
Suggested Next Steps
- Download the full report: Receive a complimentary copy of the full Gartner report, “Redefining Endpoint Protection for 2017 and 2018.”
- Talk to CrowdStrike: Learn how the CrowdStrike Falcon® platform aligns with Gartner’s vision of a more effective EPP offering. Contact CrowdStrike or call: 1.888.512.8906