Endpoint/Device Security, Security Program Controls/Technologies

Endpoint Security Suites Must Detect, Prevent Threats AND Ease Operations

Author: Jon Oltsik
Author: Jon Oltsik

Next-generation endpoint security tools may not be the stars of this year’s RSA Security conference but they were still bound to get a lot of attention. Why? Many organizations continue to move from traditional AV controls to new types of endpoint security suites built for prevention, detection, and response.

Now, common wisdom suggests that endpoint security decisions are driven by a need to improve threat prevention. About 80% to 90% of today’s malware is designed to attack a single system and these unique malware variants are designed to bypass traditional security controls—most of the time, they accomplish this goal.

CISOs are responding to this cat and mouse game by upgrading to newer types of endpoint security tools that use machine learning, behavioral analytics, and threat intelligence integration to vastly improve threat detection/prevention rates.

This is where discussions about next-generation endpoint security usually begin and end, but recent ESG research uncovers other important requirements. When asked to identify their biggest endpoint security challenges, 385 cybersecurity and IT professionals responded as follows:

  • 25% of survey respondents said that their security teams spend too much time responding to and investigating alerts, many of which are false alarms. There is and will always be a balancing act between true threat detection and false positives, and the bad guys know how to exploit this dichotomy. Next -generation endpoint security technology needs to be fine-tuned to detect/prevent a high percentage of threats while limiting noise associated with false positives.  So, even the best threat detection/prevention engines need to be backed up by EDR capabilities that can spot anomalous system behavior when malware sneaks through.
  • 23% of survey respondents said that they regularly reimage infected endpoint devices, creating work for the help desk and impeding worker productivity. This is a common problem. Reimaging tasks cost between $400 and $1,000 per system and it’s not unusual for large organizations to reimage around 30 systems per month. Endpoint security tools need remediation capabilities like terminating processes, deleting files, and rolling back system images that can help ease the reimaging burden.
  • 19% of survey respondents said that the lack of integration and automation between endpoint security tools leads to a lot of manual processes. This lack of security technology integration is exactly why so many organizations are building an integrated security operations and analytics platform architecture (SOAPA). Endpoint security suites must be tightly integrated, share information, and provide for automated workflow. Oh, and the best tools will also integrate with network security analytics systems, malware analysis sandboxes, threat intelligence, etc.

So, the data suggest that while threat detection/prevention is critical, the best next-generation endpoint security suites will also help organizations automate and streamline endpoint security operations. To do this, next-generation endpoint security vendors must understand the daily routines of cybersecurity professionals, not just malware research or machine learning algorithms.

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. Read more ESG blogs here.