In the past, large organizations spent most if not all of their endpoint security dollars on a single product – antivirus software. This decision created a multi-billion dollar market dominated by 5 vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro.
Fast forward to 2015 and things are changing rapidly. Driven by targeted attacks and sophisticated malware, CISOs are supplementing AV with additional security tools for advanced anti-malware detection/prevention, endpoint forensic capture/analysis, data security, etc.
Does this mean that endpoint security now requires multiple products? Yes, that’s exactly what security professionals believe. ESG recently surveyed 340 security professionals working at mid-market (i.e. 500-999 employees) and enterprise (i.e. more than 1,000 employees) organizations, presented them with a multitude of statements about endpoint security, and asked them whether they agreed or disagreed with each (note: I am an ESG employee). As far as endpoint security goes:
- 63% of security professionals “strongly agree” or “agree” with the statement: There is no endpoint security vendor that delivers a product suite that could meet all of my organization’s endpoint security requirements.
- 41% of security professionals “strongly agree” or “agree” with the statement: We really can’t secure endpoints as we’d like to because endpoint security requires too many specialized products/agents.
So endpoint security now requires multiple products but is this a big deal? Yes. Multiple products mean multiple agents that must be deployed and maintained on each endpoint system. Security personnel need to trained on each product, configure endpoint systems, set up policies, monitor endpoint status, and troubleshoot problems. A mixture of endpoint security controls can disrupt user productivity – the ultimate infosec faux pas. Finally, more products mean bigger endpoint security budgets for capital and operating costs.
Of course, there is an alternative to multi-product endpoint security cost and complexity – a comprehensive endpoint security suite from a single vendor. While most security professionals don’t believe that this type of integrated suite exists today, they remain hopeful for a solution and clearly recognize the value here – 58% of infosec pros say that they would prefer to address their strategic endpoint security requirements with an integrated product suite from a single vendor.
Hmm, which vendor or vendors could deliver an integrated endpoint security suite that addresses endpoint security requirements and capitalize on this lucrative market opportunity? Here’s my view:
- The AV guys aren’t out of the race. Kaspersky, McAfee, Sophos, Symantec, and Trend already own endpoint security real estate and certainly have the technical chops to supplement their AV products with additional endpoint security functionality. To win the land grab, the AV crowd must convince hardcore security pros that they play beyond signature-based defenses. This won’t be easy however as the “AV is dead” misperception is fairly widespread. Newer AV vendors like AVG, Malwarebytes, and Webroot may have an easier road.
- The startup crowd. Over the past few years, endpoint security has become the belle of the ball on Sand Hill Rd. A number of new and experienced startups such as Bit 9, Confer, Crowdstrike, Cylance, Digital Guardian, Tanium, and Triumfant are intent on providing the whole endpoint security enchilada. Startups present different risks but CISOs may be more open-minded given the state of the threat landscape and pressure to address cyber-risk.
- The pivot players. Several vendors believe they can pivot from other strong security positions to endpoint security. Cisco, FireEye, IBM, and Palo Alto aim to bridge endpoint and network security – a good idea that will win them points in the enterprise while RSA Security positions its endpoint security as part of a greater security analytics effort. These vendors understand security but will have to break down traditional organizational and budget walls to succeed.
- Wildcards. Vendors like Blue Coat, Check Point, Dell, Fortinet, HP, and even Microsoft are toe-dipping in the endpoint security suite pool at this point. All of these players could establish endpoint security partnerships or acquire startups to fill product gaps.
The RSA security conference is now less than a month away. With the endpoint security suite market up for grabs, endpoint security is likely to play a starring role at this marquis industry event for this first time since the early 2000s.