Dan Larson (CrowdStrike VP Product Marketing) and Doug Cahill (ESG Senior Analyst) discuss the constantly changing state of endpoint security. The discussion will include the latest perspectives from both the end-user community, as well as recommendations and key insights from our panelists.
Trends in Endpoint Security: A State Of Constant Change
I'm here with Dan Larson, vice president of product marketing at CrowdStrike. Welcome, Dan.
Thanks for having me, Doug.
Dan, I'm looking forward to our conversation today around end point security, a topic that is very much top of mind for cybersecurity professionals. One that has really risen to prominence over the last couple of years. And there's other reason for that, not the least of which of course is the central role that the endpoint plays in cybersecurity attacks.
And also, according to the research we're going to be discussing today, the range of threats that organizations are concerned about-- and what I found interesting from the research was not only the diversity of threats that organizations have actually experienced in the last 12 months, but the types of threats they're worried about moving forward, including multistage and multi-component attacks. Are you seeing that level of concern of those types of attacks with your customers as well?
Yeah, absolutely. The most predominant trend is the fact that the endpoint is the target. And especially at the age of mobility, the endpoints are moving all over the place, and there's this ever-changing perimeter.
So the ability to depend on a secure network to always defend your end points is decreasing over time. So the end point is the target, and at that target, there's a variety of new threats, as you mentioned-- the increase in polymorphic malware, especially ransomware strains that are unique. They haven't been seen before, so they're difficult to stop.
And also the attackers have adapted. They know what kind of defenses are in place so they specifically build new attacks that are either file lists or multistage, like you say. They're specifically crafted to bypass legacy solutions. So there's harder to protect end points, and they're facing new kinds of attacks.
It's really as if the end point has become the perimeter.
Sure. So let's talk about how organizations are responding to protect themselves against this range of threats.
So the research tells us that organizations are increasing spend, some of them as many as 32% are actually increasing their end point security spend significantly, and the same percentage are also looking at creating a dedicated end point security group over the next two years.
The research also tells us that organizations are training both their end users and their IT staff, but being smarter about these types of cybersecurity threats. But they're also layering controls. Over 40% of organizations are layering additional preventative and or detection and response controls across all the end points.
I think it was about a 1/3 of organizations are also doing so on high value targets. Why are companies doing that, and what are some of the key use cases that those additional controls enable?
Yeah, I think what it all boils down to is people have experienced incidents, outbreaks, or the worst case scenario is experiencing a breach. And the unifying goal is to catch what other solutions have missed in the past.
So key use cases there are catching new, unknown polymorphic malware-- that's a key driver. But in addition to that, you have to look beyond malware.
As the attackers have adapted, we now have to think about detecting attacker behavior with solutions like end point detection and response or even for the most sophisticated type of threats, proactive managed threat hunting is a new use case to many of these customers, but adds a lot of value.
And it doesn't have to be hard, right? If it's implemented properly, it can be efficient as well.
Yeah, I think that's one of the great misconceptions about EDR-- it is actually possible to automate detections inside an EDR process.
You bet. So that reminds me of another take away from the research, which is the number of operational challenges that customers are grappling with. And then we ask what's important moving forward in terms of end point security, what was also interesting that both efficiency and efficacy were of equal importance to those organizations.
And I think part of that is some of the complexity and challenges of upgrading to the latest version of their current AV product, less than 1/2% upgrade right away-- I think was a 41%, 42% upgrade right away. So there's a lag time there, and that's part and parcel of this complexity and operational efficiency issue that we're in--
Yeah, one of the key truisms in our industry is that complexity is the enemy of security. And what people want is the ability to have a solution that does what it says it's going to do, it needs to be more effective, but you also need to be able to execute that plan.
It has to be simple enough. You can't be riddled with complex integrations, multiple upgrade points. It has to be easy for them to do because if it's not, they'll never get that new capability deployed.
You bet. And that reminds me of another aspect of operational efficiency that came through clearly in the research, which is the delivery model of an end point security suite. And organizations are really interested in the delivery model being as a service. What do you see from your customers in terms of their adoption of security as a service, and what are some of the key benefits we should be thinking about?
Yeah, the beauty of a SaaS delivery model is that it eliminates a lot of that complexity. It makes sure that you automatically and without any effort get the latest security features deployed, make sure you're always current on your version, and you get all these benefits of additional protection without having to do any extra work.
And a lot of organizations have a cloud-first orientation, right? It's like all new projects are evaluated through the lens of, hey can we consume this vis-a-vis cloud service. It's a strategic alignment with the cloud orientation as well.
Absolutely. Cloud delivery is the new normal. It's what people expect because it is both easier and more effective.
Absolutely, absolutely. Well, Dan, I really enjoyed the conversation, and given the rising prominence of end point security these days, the research has been very clear on the need to detect and prevent a range of threats but in operationally efficient manner.
Yeah, absolutely. And our company, CrowdStrike, was built from the ground up to give you better protection in a more simple way with one agent and cloud delivery, we do next-gen AV, endpoint detection and response, and managed hunting all in an easy to consumer package. Great. Well thanks, Dan. And thanks for listening.