endpoint security market insights - eschool news...improving mobile security improving threat...

Endpoint Security Market InsightsAbsolute Software Advisory

Chris Sherman, Analyst

May 19th, 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited 2

Agenda

›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research


Agenda



Targeted attacks are on the risePublicly reported cyber incidents and breaches in the US

Source: Cyberfactors, LLC

0

50

100

150

200

250

300

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

TargetedAttacks

BroadAttacks


Source: Forrester’s Business Technographics Global Telecom And Mobility Workforce Survey, 2014 & 2015

“How often do you work in your job from the following locations?”2014 2015

Today’s workforce reality complicates matters

6

Must do a better job of endpoint protection.

Managed endpoints

Unmanagedendpoints

Your customer’s challenges are twofold

Protect their data and operations without owning the assets!

7© 2016 Forrester Research, Inc. Reproduction Prohibited

Base: 2320/3543 business and technology decision-makersSource:Forrester Research Business Technographics Security Survey, 2015

Most of the top security concerns relate to protecting un-managed or lightly managed devices/applications

45%46%46%47%47%47%48%49%49%

51%51%51%53%54%55%56%

0% 20% 40% 60%

PaaSBig data analytics for business decision-making

IT and business process outsourcingMachine-to-machine or internet of things solutions

Software defined networkingIaas

Deployment of real-time communications over IPThe businesses need for innovation

Desktop/Application VirtualizationSaaS

Virtualization in the data centerGreater IT connectivity with business partners

Consumer-oriented communication toolsEmployee-provisioned applications

BYOD InitiativesEmployee-provisioned devices for business use

Now we’d like to ask you about how certain technologies or business initiatives might affect your security or IT risk exposure?

Very concerned [4, 5]


Lack of skills and staffing pose major challenges for orgs

Base: 3543 global security decision makersSource: Forrester’s Business Technographics Global Security Survey, 2015

53% find unavailability of security employees with the

right skills a moderate to major challenge

60% of business and technology decision-makers rate lack of

staff as a moderate to major challenge.

45% of business and technology decision-makers plan to

increase security skills training in 2016.


CISO reporting is still heavily IT focused…

…But changes are happening

Base: 2154-2168 Global security technology decision-makers (20+ employees)Source: Forrsights Security Survey, Q2 2012Forrester’s Business Technographics Global Security Survey, 2015


Base: 2320/3543 business and technology decision-makersSource: Forrester Research Business Technographics Security Survey, 2015

Security orgs are still focused heavily on tactical initiatives

35%33%

37%38%37%38%38%39%38%

36%39%39%40%40%40%42%

39%41%43%

40%43%

18%21%

18%17%18%18%18%18%19%

23%19%20%22%23%23%22%

25%24%

23%26%

27%

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8

Establishing and/or enhancing SCADA or ICS securitySecuring the IoT within the enterprise

Establishing/Enhancing eDiscovery practicesIncident response and forensics capabilities

Converging physical and logical securityStreamlining employee IAM

Presenting the business value of security to executivesEmbedding security in the software dev lifecycle

Establishing a formal IT Risk Management FrameworkCloud-based or managed security services

Adopting a data-centric approach to securitySecurity training and awareness

Achieving/maintaining regulatory complianceImproving mobile security

Improving threat tntelligence capabilitiesBusiness continuity

Improving security of customer-facing services/appsEnsuring business partner security compliance

Improving app security capabilities and servicesComplying with business partners' security reqs

Existing threats and vulnerabilities

Which of the following initiatives are likely to be your firm’s/organization’s top IT security priorities over the next 12 months?

High Priority

Critical Priority


Source: Forrester’s Business Technographics Global Security Survey 2015 and Forrester’s Forrsignts Security Survey, Q2 2012

The good news: security budgets are on the rise


Endpoint security budgets have stabilized since 2014


Agenda



Those who have been breached take action


Frustration With Endpoint AV Has Led To Increased Adoption Of “AV Alternatives”

Source: Forrester Research, Inc. Unauthorized reproduction, citation, or distribution prohibited.118644

Source: Forrester’s Global Business Technographics® Security Survey, 2015

Base: 609 global client security decision-makers

Already implemented

Planning toimplementin the next12 months

“What are your firm’s plans to adopt the following client security (desktop/laptop)and data security technologies?”

60% 70% 80% 90%0%

10%

15%

20%

25%

Applicationsandboxing

HIPS

DLP

Full disk encryption (software-based)

Full disk encryption (hardware-based)

File-levelencryption

Applicationwhitelisting

Device/port control

Application privilege management

Patch managementURL filtering on the clientDevice kill

Endpoint visibilityand control Anti-malware

Personal firewall


Base: 1033 (2010), 1282 (2011), 1293 (2012), 963 (2013), 881 (2014), and 1168 (2015) business and technology decision-makersSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015

Whitelisting has shown the fastest adoption among all client threat protection technologies across all org sizes

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2010 2011 2012 2013 2014 2015

VSB, SMB, and Enterprise

Anti-malware

Whitelisting

Sandboxing

Application Privilege Management

Patch Management Adoption

Endpoint Visibility & Control

Column1

“What are your firm’s plans to adopt the following client security technologies?”


Base: 513 (2010), 642 (2011), 538 (2012), 379 (2013), 420 (2014), 609 (2015) business and technology decision-makers at enterprisesSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015

Enterprises are more likely to adopt advanced technologies…

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2010 2011 2012 2013 2014 2015

Enterprise

Anti-malwareWhitelistingSandboxingApplication Privilege ManagementPatch Management AdoptionEndpoint Visibility & Control



Base: 520 (2010), 410 (2011), 526 (2012), 313(2013), 381 (2014), 484 (2015) business and technology decision-makers at SMBsSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015

…Although SMBs are quickly catching up

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2010 2011 2012 2013 2014 2015

SMB




Base: 88 (2012), 38 (2013), 29 (2014), 26(2105) business and technology decision-makers in healthcareSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2012-2015

Healthcare orgs are rapidly adopting prevention technologies

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2012 2013 2014 2015

What are your firm's plans to adopt the following client security technologies?


Healthcare


Base: 52 (2012), 29 (2013), 32 (2014), 38 (2015) business and technology decision-makers in governmentSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2012-2015

Government endpoint security adoption remains focused on traditional (AM/PM) controls in 2016

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2012 2013 2014 2015

What are your firm's plans to adopt the following client security technologies?


Government


Base: 2163 business and technology decision-makersSource:Forrester Research Business Technographics Security Survey, 2015

Orgs would seem to prefer best-of-breed point products over suite offerings…

62%

66%

67%

67%

68%

68%

71%

71%

71%

74%

76%

76%

77%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Vendor/provider ecosystem

Part of a suite or single-vendor portfolio

Certification to other security standards

Regulatory compliance capabilities

Integration across a single vendor's product portfolio

Price

Expected business outcome from implemention

Vendor's brand

Simplest manageability

Speed or ease of implementation

Integration with existing infrastructure

Vendor/provider expertise

Product/technology fit

How important were the following criteria in selecting security solutions?

Very important [4,5]

..although when looking specifically at endpoint security, only 38% and 43% of SMBs and Enterprises, respectively, prefer best-of-breed point products over suites


Endpoint Security Software-as-a-Service Adoption Has Begun To Cool Off


Agenda



Top 10 inquiry topics

1. Endpoint security vendor selection2. Antimalware augmentation3. Endpoint encryption strategy4. Mobile security 5. Application whitelisting/whitelisting capabilities6. Desktop security/encryption 7. Data security and privacy 8. BYOD concerns 9. Antimalware replacement10. Securing mobile devices within healthcare


Endpoint Security inquiry breakdown

› Driven by: Targeted attacks/breach concerns, inadequate Antimalware solutions, lack of visibility/IR efficacy (and efficiency), data protection requirements, compliance requirements, intellectual property concerns› Vendors/solutions questions› How to, approaches› Expectations setting; what are others (in my industry) doing› Manual vs automated approaches› Best practices


Endpoint security market observations

1. Stronger emphasis being placed on advanced detection methods2. There is a greater focus on real time awareness, automation, and dynamic

protection (additional context required: intel, asset information, endpoint visibility) 3. Balanced prevention, detection, and response tablestakes for suite providers

(driven by single vendor value prop- good for suite vendors)4. Customers are beginning to look for network and endpoint integrations that

enable orchestration 5. Hardware-based encryption and native encryption will continue to gain

momentum6. Merger of DLP and file-level encryption (policy and management)7. BYOD driving renewed interest in NAC

Source: Forrester Research, Inc. Unauthorized reproduction or distribution prohibited.

Vendor Solution Pre

vent

ion

Det

ecti

onR

espo

nse/

Con

taim

ent

Category OSLargest

DeploymentThreat IntelIntegration

Kernelor user

Access Data ResolutionOneCybersecurity

vSentry

Bit9 SecurityPlatform &Carbon Black

Endpointvisibilityand control




Applicationwhitelisting& Endpointvisibilityand control

Endpointexecutionisolation

Windows,OS X,Linux,Solaris,Android,iOS

Windows,OS X,Linux

WindowsincludingXP,Android,OS XWindowsincludingXP,Android,OS X

WindowsincludingXP

Windows7 andhigher(4GBmemory)

150,000

100,000

30,000

30,000

Did notprovide

150,000(Forresterhas onlyheard of<5,000 hostdeployments)

User

Kernel

Kernel

Both

Kernel

N/A;micro-visor

YARA,OpenIOC,CollectiveIntelligenceFramework (CIF),STIX, CSV,JSON, XML

OpenIOC

STIX/TAXII

STIX, CybOX,OpenIOC, and asubset of YARAfunctionality

Open platform.Carbon Blackintegrates withOpenIOC andCybOX/STIX

X

X

X

X

X

X

X

X

X

X

X X

Bit9/CarbonBlack

Bromium

Cisco Cisco AMPfor Endpoints

Confer -

CounterTack CounterTackSentinel

Crowdstrike FalconEndpoint

Silent SensorCyberreason

X X

X



Windows7 andhigher;OS X

80,000 Threat indicatorsearches;ConsumesCrowdstrikeintelligencefeeds with STIX;CrowdstrikeIntel ExchangeProgram

Kernel

WindowsincludingXP

Did notprovide

User

“Next-Gen” Players

“Next-Gen” Players (Con’t)

Source: Forrester Research, Inc. Unauthorized reproduction or distribution prohibited.

Vendor Solution Pre

vent

ion

Det

ecti

onR

espo

nse/

Con

taim

ent

Category OSLargest

DeploymentThreat IntelIntegration

Kernelor user

Palo AltoNetworks

RSA

Tanium

Triumfant

TRAPS

EnterpriseCompromiseAssessmentTool (ECAT)

-

-

X

X

X

X

X

X

ApplicationintegrityprotectionEndpointvisibilityand control



Windows

Windowsand OS X

Windowsand OS X

Windows,OS X,Linux

10,000

60,000

36,000

450,000

YARA rules anduses InstantIOCsto hunt forsuspiciousactivity

Can detectOpenIOC,CybOX threatindicatorsthroughrecognitionfilters

Both

Both

Both

“Next-Gen” Players (Con’t)


“Do I really need ANOTHER agent?!”


Agenda



Upcoming research (2016)

› Medical Device Security Best Practices (Q2)› Endpoint Security Tech Radar (Q2)› Enabling BYOD in the Enterprise (Q2)› Endpoint Security Wave (Q2-Q3)› Data Privacy Heat Map (Q2-Q3)› Windows 10 Security Deep Dive (Q3)› Endpoint Security Adoption Trends (Q4)› Endpoint Encryption Wave (Q4)

TBD: Healthcare and mobile research (Q2-Q4)

forrester.com

Thank you

Chris [email protected]

@ChrisShermanFR

endpoint security market insights - eschool news...improving mobile security improving threat...

Documents