Endpoint protection software for desktops and servers is adding more and more functionality to respond to the challenging threat climate. Many endpoint protection suites also offer policy integration and data protection for the tablets and smartphones of an increasingly mobile workforce. But according to the North American readers we surveyed, the changes may not be enough.
TechTarget polled 700 IT and security professionals at medium-to-large enterprises, who told us that they had active endpoint security projects or technology purchases in the next 12 months. Nearly half of the respondents said their security investments are being driven by the need to protect against threats not detected by traditional endpoint security products; 24% are concerned about too many false alerts or endpoints that are compromised too frequently. For 22%, it's the all-too-common scenario -- they are reacting to a significant breach.
Many organizations are still in search of effective protection techniques against unknown threats and malware. Whether that requires layering network and endpoint security products, using existing technologies properly, integrating policies across multiple environments or switching endpoint protection software providers; almost half of those surveyed said, "There are probably better solutions out there." Desktop virtualization is part of the endpoint protection of 50% of the organizations surveyed. However, less than half (42%) have an endpoint strategy for employee-owned (BYOD) devices.
Enterprises can adopt proactive approaches, according to analyst firm Gartner, by using technologies that support application controls, vulnerability analysis and patching on endpoints. Tools that offer a range of protection techniques, whose "efficacy" is evidenced by independent test labs, may also help.
Traditional endpoint security products have moved well beyond antivirus and personal firewalls, and more products have focused on closing the gap between endpoint detection and response. This shift reflects the growing need to identify and remediate threats in less time.
Roughly half of survey respondents indicated that their organization is shifting away from static scanning as the primary protection for endpoints. When asked which approach was most effective for securing endpoints, one third said anomaly detection coupled with quick containment and response; 22% indicated traditional virus scanning tools; 20% said tighter account controls preventing admin-level use of systems; and 8% favored whitelisting applications.
Which criteria of an antivirus/antimalware product are most important? Price ranked first (53%), followed by efficiency of signature scanning with minimal performance degradation (51%); behavior blocking and monitoring of system calls made by unrecognized software (50%); ease of remediation, including removal and cleanup of detected attacks (48%); and inclusion of a personal firewall (20%).
Despite the calls for change, when we asked readers which enterprise endpoint protection software they were considering for their current project or purchase, traditional market leaders (with the highest usage among those surveyed) topped their short lists.
In spite of sweeping organizational changes in 2015, Symantec's Endpoint Protection software remains on the short list of 44% of readers. The company split its information management and security products into two businesses after announcing the strategy in October 2014. Version 12 of the company's antivirus and personal firewall software for desktops and servers running Windows, Mac OS X and Linux, was released in November. The software is tied to other technologies, namely Symantec Online Network Advanced Response, or SONAR, to monitor application behaviors to address unknown threats beyond antivirus signatures. Endpoint Protection 12 also supports the company's Security Technology and Response for scanning endpoints and Advanced Threat Protection for servers, but some technologies require separate management consoles.
Intel Security (McAfee), another heavy hitter in this category -- it has the second largest market share worldwide, according to Gartner -- was shortlisted by 35% of the readers surveyed. Sophos Endpoint Protection software, ranked third with 20%, is focused on prevention and faster detection and remediation. The company uses an evolving network-to-endpoint strategy based on heartbeat synchronization and context-aware security. Like other vendors, Sophos is building on its endpoint security with mobile, and shifting through sensor and threat information with help from its SophosLabs cloud. Webroot also landed on the shortlists of 10% of those surveyed. In a somewhat unique approach, the Webroot SecureAnywhere technology relies on behavioral analysis to detect anomalies and malware. Its back-end databases are stored in the cloud, which offers enterprise users a lightweight client.
Gartner expects enterprise protection platforms to continue to integrate more functionality such as enterprise mobility management and data loss prevention. "In the longer term, portions of these markets will be subsumed by the EPP market, just as the personal firewall, host intrusion prevention, device control and anti-spyware markets have been," according to Gartner research analysts Peter Firstbrook and Eric Ouellet, who published a report on endpoint protection software in February. Many companies already invest in endpoint and mobile data protection, their research shows. More endpoint protection suites are also integrating application controls and vulnerability analysis into their mobile offerings, which could satisfy the EMM requirements of smaller-size organizations.
Buyer's Guide: Key criteria for evaluating endpoint security products
Is it better to buy a standalone tool or endpoint security suite?
Choosing the right endpoint antimalware protection