A new survey by Enterprise Strategy Group found that improving incident response and detection are driving plans to invest in endpoint security technologies in 2015.
The research fielded answers from 340 IT and information security professionals working at organizations with 500 employees or more. Eighty-five percent said their organization plans to spend more on endpoint security, with improving incident response (29 percent) and detection (29 percent) cited as the two key reasons. Mitigating risk from targeted attacks was cited by 24 percent.
According to Enterprise Strategy Group (ESG), traditional endpoint security like antivirus and host-based firewalls that rely exact-match signatures and rules are struggling to keep up with the techniques used by today’s attackers.
“The ever-changing threat landscape, combined with rapidly expanding networks and a surge in the number of endpoints in an organization, are creating unique challenges for organizations,” said Jon Oltsik, senior principal analyst at ESG and the author of the research report, The Endpoint Security Paradox, in a statement. “As hackers develop new cyber-attack methods, it’s critical that organizations embrace a holistic, proactive approach to prevent, detect, and respond to endpoint security threats.”
That idea is reinforced by some of the other stats in the report. For instance, 38 percent said their security teams spend a lot of time “firefighting” incidents instead of conducting proactive process improvement or endpoint security strategy. Another 29 percent said endpoint security is based upon too many manual processes, and more than one-third of organizations see endpoint security as a task to achieve compliance requirements.
Sixty-six percent said they have reevaluated endpoint security policies, processes and tools to come up with a plan for improving endpoint security, and more than half (56 percent) have already purchased new endpoint technologies in addition to those used in the past.
In addition, one-third of respondents are integrating endpoint forensics solutions with network forensics and/or security analytic tools on a significant level, while another 39 percent are integrating endpoint and network forensics on a limited basis.
In an email to SecurityWeek, Oltsik said ESG is seeing investment in a few areas: advanced malware protection (companies like Bromium, Bit9 + Carbon Black and Invincea); advanced malware detection (Malwarebytes, Crowdstrike and Cylance) and endpoint forensics (vendors such as Hexis Cyber Solutions, Guidance Software, Bit9 + Carbon Black and EMC’s RSA security division).
“Some tools combine multiple elements of these features like Confer, Triumfant, Viewfinity, Digital Guardian,” he added. “These market trends are in response to the thought that AV alone is no longer enough.”
“Investments in endpoint are necessary as the endpoint is where valuable sensitive information such as customer personally identifiable information and corporate intellectual property is located, and where an attacker’s malware ultimately resides,” said Anthony DiBello, director of security at Guidance Software, which sponsored the survey. “Organizations are not looking for ways to identify known attacks, they are looking for ways to proactively root out evasive threats before they have a chance to disrupt the organization, and that cannot be achieved with anti-virus, host based IDS, authentication controls or other legacy endpoint technologies.”