Redefining Next-generation Endpoint Security Solutions - McAfee
Enterprise Strategy Group Getting to the bigger truth. Solution ShowcaseRedefining Next-generation Endpoint SecuritySolutionsDate: October 2016 Author: Jon Oltsik, Senior Principal AnalystAbstract: Enterprise organizations face a difficult situation. Many current endpoint security tools can’tprevent or detect sophisticated exploits or zero-day malware, forcing CISOs to implement an assortment ofnext-generation endpoint security tools. Unfortunately, this strategy can increase cost and complexity whileintroducing the potential for resource contention and performance issues on the endpoints themselves. Isthere any alternative to this Faustian compromise? Yes—next-generation endpoint security solutions builtfor centralization, consolidation, and integration that offer functionality for prevention, detection, andresponse. McAfee’s recently announced Dynamic Endpoint Threat Defense is a next-generation endpointsecurity solution that can improve security efficacy while streamlining security operations.OverviewWhen it comes to endpoint security, ESG research paints a disheartening picture. Last year, while more than two-thirds(67%) of cybersecurity professionals believed the threat landscape had grown worse than it was in the previous two years,180% of respondents to another ESG survey cited that endpoint security (processes and technology management) hadbecome more difficult than it was two years previously.2 Of course, enterprise organizations have endpoint securitytechnologies in place to help address some of these issues, but many report numerous challenges with current antivirusproducts, including performance requirements, upgrade processes, the number of false positive alerts, and overall productefficacy in preventing/detecting exploits and malware (see Figure 1).31Source: ESG Research Report, Cyber Supply Chain Security Revisited, September 2015.Source: ESG Research Report, The Endpoint Security Paradox, January 2015.3 ibid.This ESG Solution Showcase was commissioned by McAfee and is distributed under license from ESG. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.2
Solution Showcase: Redefining Next-generation Endpoint Security Solutions2Figure 1. Antivirus Product ChallengesWhat challenges – if any – has your organization experienced with the antivirus productsused as part of its endpoint security strategy? (Percent of respondents, N 340, multipleresponses accepted)Products impact overall performance of endpoint systems48%New product revisions tend to be extremely different fromprevious versions requiring a lot of time and resources fortraining and deployment35%Too many false positives that classify benign files/softwareas malware34%Products are not nearly as effective at blocking and/ordetecting malware as they should be33%AV management doesn’t integrate with other security andIT management systems29%Products are too complex to configure and manage to theirfull potential26%AV management systems don't scale to support enterpriseneeds24%We have not experienced any challenges with antivirusproducts13%0%10%20%30%40%50%60%Source: Enterprise Strategy Group, 2016Endpoint security challenges are also exacerbated by the global cybersecurity skills shortage. According to researchpublished earlier this year, 46% of organizations report a problematic shortage of cybersecurity skills.4 This cybersecurityshortage is compounded by the use of tools that work in isolation and require manual coordination. In many cases,organizations are understaffed and lack the right skills to employ strong endpoint security best practices. Instead, securityadministrators are relegated to “firefighting” an overwhelming amount of security alerts and using precious time toaddress risks and update protection through manual processes.The Endpoint Security ContinuumNew endpoint security requirements have created a flurry of technology innovation and industry buzz around “nextgeneration endpoint security (NGEPS)” products. This has only led to market confusion as infosec professionals try to sortthrough an avalanche of vendor marketing hype.ESG believes it shouldn’t be this difficult. In its 2016 market landscape report titled, Enterprise Adoption of Next-generationEndpoint Security, ESG defined endpoint security as:4Source: ESG Research Report, 2016 IT Spending Intentions Survey, February 2016. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Showcase: Redefining Next-generation Endpoint Security Solutions3The policies, processes, and technology controls used to protect the confidentiality, integrity, and availability of an endpointsystem.Furthermore, NGEPS was defined as:Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware.ESG believes that next-generation endpoint security should include capabilities across an overall endpoint securitycontinuum (see Figure 2). At one end, advanced prevention technologies should offer superior efficacy for malware andexploit prevention when compared with traditional AV products. This functionality should include the ability to “learn”from every attack for stronger response, faster performance, and improved efficacy. In this way, next-generation endpointsecurity can block all but the most sophisticated cyber-attacks, greatly reducing the amount of malicious traffic on thenetwork and system reimaging burden placed on IT operations.At the same time, however, CISOs must assume that sophisticated cyber-criminals and nation-states will discover andexploit advanced prevention technology vulnerabilities over time, so they will also need the right tools for efficientdetection and remediation of malicious endpoint activities.Figure 2. The Endpoint Security ContinuumSource: Enterprise Strategy Group, 2016As part of the continuum, next-generation endpoint security is supported with additional types of security controls (i.e.,port controls, application controls, DLP/eRM, etc.). These controls are intended to decrease the endpoint and networkattack surface, making network penetration and system compromises more difficult for cyber-adversaries. This canimprove security, but can also carry costs because of: Multiple products working in isolation. Security and IT operations teams may be forced to install and manage multiple,isolated products on their endpoints. This introduces an operational burden and can cause contention andperformance issues on the endpoint systems. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Showcase: Redefining Next-generation Endpoint Security Solutions4 Multiple management planes. New endpoint software tools for prevention, detection, and response come with theirown management consoles for policy management, configuration management, and reporting. Once again, this addsmore work for an already overwhelmed security and IT operations staff.Toward Next-generation Endpoint Security SolutionsClearly, large organizations want to improve security efficacy without adding operational overhead or disrupting businessprocesses or user productivity. This is likely why the majority of cybersecurity professionals (58%) claim that theirorganization would prefer to buy a comprehensive endpoint security solution from a single vendor rather than cobbletogether a solution out of assorted endpoint security point tools (see Figure 3).5Figure 3. Most Attractive Choice of Endpoint Security Controls and Analytics DeliveryAs new endpoint security requirements arise and your organization considers newendpoint security controls and analytics, which of the following choices do you thinkwould be most attractive to your organization? (Percent of respondents, N 340)A portfolio of endpointsecurity products fromDon’t know, 1%various vendors thatestablish technicalpartnerships tointegrate theirproducts together intoa heterogeneousendpoint securityAn assortment ofsuite, 8%endpoint securitytechnologies fromvarious vendors,enabling myorganization to choosebest-of-breed productsin each category, 33%A comprehensiveendpoint securitysoftware suite from asingle vendor, 58%Source: Enterprise Strategy Group, 2016A comprehensive endpoint security software solution from a single vendor would need to have all of the elements of theESG endpoint security continuum, spanning from advanced prevention to advanced detection and response. This wouldinclude: A defense-in-depth architecture for threat and exploit prevention. Strong network security is built using layeredsecurity with each security control supporting and complementing others. In this way, packets must pass through anassortment of filters (i.e., firewalls, web threat gateways, AV gateways, etc.) before they reach their ultimatedestination. Similarly, next-generation endpoint security tools should contain several pre- and post-execution filters inorder to prevent and detect exploits and malware. These filters will range from tried-and-true AV signatures to anassortment of other technologies including behavioral heuristics, machine learning algorithms, threat intelligence5Source: ESG Research Report, The Endpoint Security Paradox, January 2015. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Showcase: Redefining Next-generation Endpoint Security Solutions5correlation engines, and isolation technologies that execute files in virtual containers blocking access to real systemresources. Competitive EDR capabilities. In addition to a defense-in-depth endpoint security architecture, next-generationendpoint security tools must be able to monitor and capture system behavior as well as standalone EDR solutions dotoday. To fulfill this requirement, NGEPS solutions must be able to collect, process, analyze, and present activeendpoint behavior data in ways that support organizations’ security analysis processes. The best tools will includetight integration with threat intelligence and offer closed-loop processes that take newly discovered exploits,malware, and vulnerabilities and translate them into remediation rules for blocking future similar attacks. An architecture designed for consolidation, centralization, and integration. NGEPS solutions can provide real value in afew of the most important areas for enterprise organizations. First, next-generation endpoint security solutions canbe built on an integrated infrastructure, creating a single coordinated system and minimizing management overhead.Second, NGEPS solutions offer a consolidated management plane with integrated functionality for policymanagement, configuration management, and reporting. These solutions should also feature role-based accesscontrol to support division of labor and separation of duties between security and IT operations personnel. Finally,enterprise organizations often integrate endpoint security solutions with network security tools, security analyticssystems, incident response platforms, and third-party threat intelligence feeds. NGEPS solutions should be designedaround industry standards, open APIs, a common language, and an ecosystem of partners that support theserequirements.Of course, NGEPS solutions must also be built for business and user productivity. To meet this requirement, these solutionsmust offer strong security while remaining transparent and non-disruptive to users.McAfee Dynamic Endpoint Threat DefenseNext-generation endpoint security is a security category highlighting signature-less defenses and dominated by startupvendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offeringthe first true next-generation endpoint security solutions. One example of this is the recently announced McAfee DynamicEndpoint Threat Defense featuring: Adaptive threat defenses. McAfee’s solution is built on a shared ecosystem of other McAfee and third-party partnertechnologies. Shared threat intelligence and endpoint context can help solutions learn from every encounter toevolve security. This enables coordinated defenses that can share insights and work as a common system acrossmultiple layers of security filters to automatically adapt defenses across all components. Advanced prevention capabilities. McAfee’s solution takes the observations from different technologies and vantagepoints, which by themselves may not provide enough to convict malware, and combines them to offer enough insightto catch the latest threats. For example, McAfee has extended its existing endpoint security offerings with static anddynamic behavioral analysis informed by machine learning and dynamic reputation scoring with shared threatintelligence. In this way, McAfee has significantly improved its efficacy in preventing and detecting greyware and zeroday malware to secure “patient zero.” Integrated EDR. McAfee has also bolstered its endpoint security solution with EDR capabilities, providing unifiedvisibility for security investigations, hunting activities, and remediation actions—including an emphasis on efficiencywith single-click correction and setting triggers to automate responses against future attacks. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Showcase: Redefining Next-generation Endpoint Security Solutions6The Bigger TruthEndpoints are often used as a beachhead for sophisticated cyber-attacks like APTs. Cyber-adversaries compromiseWindows PCs and then use them as staging grounds for extended offensive campaigns that ultimately lead to costly databreaches. Given this, enterprise CISOs must do everything possible to improve endpoint security efficacy, but today’s nextgeneration endpoint security tools often come at the cost of operational overhead. Given the global cybersecurity skillsshortage, this is an unacceptable tradeoff.To enhance security without the excess operational baggage, many CISOs want integrated next-generation endpointsecurity solutions built for consolidation, centralization, and integration. Fortunately, next-generation endpoint securitysolutions, like McAfee Dynamic Endpoint Threat Defense, have the potential to improve security efficacy while streamliningsecurity operations.All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group(ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted byThe Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise topersons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to anaction for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides marketintelligence and actionable insight to the global IT community. 2016 by The Enterprise Strategy Group, Inc. All Rights Reserved.www.esg-global.com 2016 by The Enterprisecontact@esg-global.comStrategy Group, Inc. All Rights Reserved.P. 508.482.0188
McAfee Dynamic Endpoint Threat Defense Next-generation endpoint security is a security category highlighting signature-less defenses and dominated by startup vendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offering the first true next-generation endpoint security solutions.
ESET Endpoint Protection Standard v6.5.522.0 FireEye Endpoint Security v4 Fortinet FortiClient v5.6.2 G DATA EndPoint Protection Business v14.1.0.67 Kaspersky Lab Kaspersky Endpoint Security v10 Malwarebytes Endpoint Protection v1.1.1.0 McAfee Endpoint Security v10.5 Palo Alto Networks Traps v4.1 Panda Security Panda Adaptive Defense 360 v2.4.1
Symantec Endpoint Protection . Endpoint Protection Manager: v11.600.550 Symantec Endpoint Protection: v11.6000.550 . Sophos Endpoint Security and Data Protection . Enterprise Console: v4.0.0.2362 Endpoint Security and Control: v9.05 . Trend Micro Worry-Free Business Security: Standard Edition . Worry-Free Business Security: v6.0 SP2 build 3025
Vendor Product Version Endpoint Security 10.x Endpoint Security for Mac 10.x VirusScan 8.x VirusScan for Mac 9.x McAfee McAfee Security for Mi crosoft Exchange 8.5 Microsoft Windows Defender All known versions Symantec Endpoint Protection 12.1, 14 Endpoint Protection for Macintosh 12, 14 Sophos Endpoint Security 9.x, 10.x
only endpoint security solution to concurrently prioritize, predict, and prescribe actions. Trellix Endpoint Security (ENS) Purpose-built security for proactive threat management and proven security controls Endpoint security that aligns with your priorities The endpoint solution you depend on should align with the priorities that matter most .
Sophos Sophos Endpoint Protection Endpoint Security and Control 10.7 April 2017 Bitdefender Bitdefender GravityZone Business Security 6.2.18.884 April 2017 Symantec Corp Symantec Endpoint Protection Cloud 22.9.1.12 April 2017 ESET, spol. s r.o. ESET Endpoint Security 6.5.2094.0 April 2017 Mal
Licensed by Lumension Security, Inc. Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets . endpoint security management — the foundation of an endpoint security management suite— and its component parts, and ultimately how these technologies fit into an enterprise management .
Keywords: Symantec , antivirus, endpoint protection 1.2 Overview The TOE is Symantec Endpoint Protection Version 11.0, which delivers a comprehensive antivirus/endpoint security solution with a single agent and a single, centralized management console. Symantec Endpoint Protection
BIODIESEL FROM ALGAE: A POTENT ALTERNATE RENEWABLE SOURCE ⃰Dr Praveen Purohit1, 3Dr O.P.Jakhar2, and C.P.Sharma 1, 2, 3 Government Engineering College Bikaner Abstract With the ever increasing demand for energy and progressive depletion of fossil fuel, it has become necessary to find alternatives to conventional fossil fuels. Biodiesel is one such alternative to it and can be defined as a .
