For the past 15 to 20 years, the vast majority of organizations install commercial antivirus software on just about every PC residing on their networks. This resulted in a multi-billion dollar industry dominated by five vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. AV security efficacy has come into question over the past few years however, as cyber-criminals and State-sponsored hackers regularly used customized malware and zero-day attacks to circumvent AV and compromise PCs.
Given the limitations of traditional AV, some organizations are adding new endpoint anti-malware tools from vendors such as Bit9, Bromium, Cisco, Confer, Cylance, CrowdStrike, FireEye, IBM, Malwarebytes, Palo Alto Networks and Triumfant. Others are implementing endpoint forensic capture/analysis tools (i.e. Guidance Software, RSA, SentinelOne, Viewfinity) to gain a better understanding of endpoint activity and anomalous behavior.
Now here’s the rub. As CISOs spend incremental money on endpoint security, they are starting to ask questions about their AV investments. While most organizations have no plans to abandon AV, some are considering replacing commercial AV with a freeware alternative like Avira, AVG, Bitdefender, or Microsoft Security Essentials.
Hmm, are enterprise organizations really replacing commercial AV with freeware, dipping their toes in the free AV waters, or sticking with commercial AV through thick-and-thin? ESG explored this issue in an endpoint security research project and the recent publication of a research report titled, The Endpoint Security Paradox (note: I am an ESG employee). As part of this, 340 security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked the following question: “How likely is it that your organization would replace its commercial antivirus software with a free antivirus alternative?” The results are as follows:
- 19% of organizations say it is “extremely likely” as they are already evaluating/implementing free antivirus offerings.
- 38% of organizations say it is “likely” as they are interested in learning more about free AV but have not taken any active steps yet.
- 20% of organizations say they are “neutral” as they are happy with their commercial AV today but may be open to replacing it with freeware alternatives in the future.
So according to ESG research, 57% of enterprises are apt to replace some commercial AV with freeware in the short- and/or near-term. As this happens:
- Alternative endpoint security marketing will gain a hard edge. Endpoint anti-malware and forensics vendors have steered clear of a “you don’t need AV” message thus far but this market détente isn’t likely to last. Look for alternative endpoint security vendors to bundle free AV with their products or at least point customers in this direction.
- Microsoft benefits. Microsoft has been offering AV as part of its Enterprise Client Access License (ECAL) for years but most organizations stuck with old guard vendors. This ESG data may foreshadow a change in strategy where free AV from Microsoft sounds too good to pass up.
- Endpoint security may move away from AV altogether. Replacing commercial AV with freeware may be a detour on the road to eliminating AV completely down the line. As a leading indicator for this trend, some regulations no longer mandate AV specifically but rather require generic endpoint security controls. As organizations implement advanced endpoint anti-malware and forensic software, they may decide that AV is no longer needed for compliance or security protection.
To be clear, AV is likely to be around for a while and so AV vendors have plenty of opportunity to reposition product, bundle new functionality within core AV, or supplement AV software with improved support and managed services. Independent of AV vendor strategy however, the ESG data points to a segment in transition. This will certainly create a $ multi-billion opportunity for some new-age endpoint security vendors and a huge threat to existing AV leaders.