Users Weigh in on Rip-and-Replace, or Augment
Despite near-universal pessimism about the state of digital security today, many organizations are relying on the promise of a new crop of advanced endpoint protection (AEP) products for improving their odds against the bad guys. But the large field of contenders—at least three dozen by NSS Labs’ estimates—has brought confusion about which features are common in AEP products, and how vendors differentiate their products. An AEP product must be able to successfully detect and protect against threats, and it must provide sufficient context about malicious behavior to enable a security team to take action. By monitoring resource usage, communication activity, and system state, an AEP product provides contextual awareness and end-to-end visibility into threats for the end user/enterprise. Among enterprises that have placed their bets on these new products, many are now grappling with the decision to either rip-and-replace or augment existing endpoint security controls.
To get a better handle on users’ perceptions and expectations of AEP products, NSS surveyed cybersecurity officers at Global 2000 companies headquartered in North America that deploy endpoint security controls. As part of the survey, we asked respondents using legacy security controls (e.g., Symantec) what their immediate goals were regarding the purchase of AEP products. About two-thirds of respondents said they augmented their existing EPP deployments with AEP products, while less than one-third said that they replaced those controls. This is consistent with the approach that most newer AEP start-ups are taking: supplementing existing protection with faster and more lightweight defenses.
One factor that clearly contributes to an augmentation strategy is a new desire for detection and response tools on the endpoint. When we asked the AEP owners in our survey why their organizations bought these products, the majority (77%) said that it was due to a new organizational focus on detection and response tools. This finding supports a broader trend among leading enterprises to adopt a security architecture that supports protection, detection, and response capabilities.
Other key findings include:
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.