As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.
Here’s another recent data point that supports this further. ESG recently published a new research report titled, Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e. more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat” (Note: I am an ESG employee).
To further analyze the data gathered in this survey, ESG built a scoring system to segment enterprises into three categories based upon their information security resources, skills, processes, etc.: Advanced organizations, progressing organizations, and basic organizations. Interestingly, 65% of advanced organizations are integrating endpoint and network anti-malware and analytics technologies “extensively” today. Based upon this, it is safe to conclude that endpoint/network security integration is rapidly becoming a cybersecurity best practice.
It is also worth noting that advanced organizations make up about 20% of the enterprise population while progressing organizations account for 60% and basic organizations compose the remaining 20%. Given the preponderance of endpoint/network security integration in the advanced organization population, it’s likely that this trend will proliferate across the enterprise spectrum to progressing and basic organizations over time.
The consolidation of network and endpoint security controls and analytics could carry a few repercussions:
- Vendors with the most experience dealing with security analytics, malware, and threat management teams are in the best position for success. Think Bit9/Carbon Black, FireEye, Guidance Software, IBM, Palo Alto, RSA Security, etc.
- Alternatively, traditional AV vendors have a bit of a challenge ahead. Many organizations think of AV in terms of compliance or endpoint operations. So when they need additional endpoint security protection, they will likely call in the security “cavalry” (i.e. malware and security analytics gurus) to make product decisions. AV vendors need to prepare for this with better market education and sales campaigns focused on the SOC.
- Network security vendors’ fall somewhere in the middle of this dichotomy. Those lacking their own endpoint security technology (Check Point, Fortinet, HP, Juniper) should partner with advanced endpoint security providers or acquire one of the many burgeoning firms in this space.
While advanced organizations are well along the way with endpoint/network security integration projects, progressing and basic organizations are just getting started. Security vendors with easy-to-use but tightly integrated solutions should prosper as the broad market jumps on the integration bandwidth. MSSPs and professional services players will be especially attractive as progressing and basic organizations are often understaffed and under-skilled when it comes to cybersecurity.