Recently, our team sponsored research conducted by Enterprise Management Associates (EMA) that examines the perceptions of NGES, providing a guide for endpoint security consumers and vendors. For this survey, the organizations focused their activities primarily in North America, with 42 percent conducting business in Europe, the Middle East and Africa. Additionally, 28 percent of vendors surveyed were a technical decision maker for selection and/or purchase of the solution, with 21 percent holding the position of businessman, management or financial decision maker for selection and/or purchase of the solution.
Before we present the results, we should first dive deeper into what NGES is, the components that make up a strong NGES solution and the market’s current understanding/use of the solution. NGES is a class of technology made for protecting endpoints from a compromise and/or notifying system managers of a compromise. Specifically, an endpoint is anywhere data is stored or processed, which creates a large field for solutions. It can include not only end-user stations, such as PCs and laptops, but also smartphones, tablets, servers and even credit card processing terminals. There are several qualities that make up a strong NGES solution. These include comprehensive protection services in the form of prevention and detection, hunting capabilities to locate and identify adversary activities, as well as the ability to provide the people managing the endpoint with endpoint search and status information.
Now that you understand NGES and its essential components, it is important to know how do vendors use the solutions in the market: The survey found that 28 percent of vendors do not currently use an NGES solution. This a surprising figure given that the NGES market is the most crowded and competitive space in security. 39 percent of the vendors who use NGES solutions believe that the solution is technologically different from a traditional antivirus, with only 12 percent citing that they have no significant similarities. Unlike traditional AV, NGES can evaluate unknown threats, a benefit for vendors.
Below are interesting takeaways from vendors on specific NGES capabilities:
1. Two-thirds of respondent’s rated the protection and prevention of zero-day attacks and APTs as critical or very important.
2. Virtual machines and mobile devices rank highest in the category of devices that organizations want to see protected as part of their NGES solution, with containers ranking as the least important.
3. 53 percent of surveyors see the value in using a vendor-hosted, cloud-based data analysis function that collects metadata or otherwise anonymized data from their organization’s environment to provide early threat warning managements services
4. However interestingly enough, 35 percent of respondents see value in this same type of solution but factors such as their current compliance requirements, internal policies, contracts or culture restrict their ability to take full advantage of it.
What Customers Want
Below are key insights on the issues most important to vendors using NGES solutions:
1. Regarding detection, 40 percent of customers believe that detection of unauthorized system changes is most important and 37 percent chose real-time or near real-time detection.
2. Regarding prevention, 39 percent of customers believe that prevention of unauthorized system changes is most important and 37 percent selected prevention of zero-day attacks, APTs or ATAs.
3. Interestingly, 37 percent of customers think endpoint forensics data dating back to 4-6 month is required for a strong forensic capability.
As the market continues to mature and companies move beyond traditional AV technologies, it will be interesting to see how next-generation endpoint security solutions evolve and leverage the security needs of organizations.
Check out our infographics with additional key information from the report: :