- Forrester Councils
- Councils Overview
- log in
Posted by Rick Holland on July 24, 2014
During the past 18 months or so, we have seen the emergence of innovative endpoint security solutions. The list is long; it is hard to keep track of all the solutions in the space. In no particular order, here is a sampling: Bromium, Invincea, IBM Trusteer, Cylance, Palo Alto Networks Next-Gen Endpoint Protection (Cyvera), Microsoft Enhanced Mitigation Experience Toolkit (EMET), Bit9 + Carbon Black, Confer, CounterTack Sentinel, Cybereason, CrowdStrike Falcon Host, Guidance Software Cybersecurity, Hexis HawkEye G, FireEye HX, Triumfant, Tanium, and Verdasys Digital Guardian.
I take many briefings from these types of vendors (primarily the ones I cover in Forrester’s Endpoint Visibility and Control category) and within the first 5 minutes of the conversation, the vendor mentions that their solution has a “small footprint.” The use of this phrase is the equivalent of nails scratching their way across a chalkboard for me. When was the last time you heard anyone say that they have a “large footprint?” Please provide more information: Do you run in user or kernel land? What are the impacts to utilization? Even if a vendor truly has a “small footprint,” when that new agent is deployed to a host that already has four or five agents running, the collective footprint is far from small.
I am a recovering endpoint security administrator; I am very familiar with the challenges and nuances of operationalizing endpoint security. At various points in my practitioner career I managed: McAfee VirusScan, McAfee Host DLP, SafeBoot encryption (now McAfee), Guidance Software EnCase servlets, Configuresoft (now EMC) agents, as well as Identity Finder DLP agents. My experiences managing these types of solutions are the reason the comment "small footprint" causes me so much angst. It casually minimizes the struggles of endpoint security.
Digging a bit deeper:
Chris Sherman and I have written several pieces of research designed to help Forrester clients navigate the new endpoint security landscape. There is more to come in the future.
Forrester's definition of EVC: Endpoint visibility and control (EVC) seeks to provide detailed visibility into activity occurring on the endpoint. EVC solutions can provide details on endpoint process executions, application/file/registry modifications, network activity, active memory, as well as kernel-driver activity. Some EVC solutions provide visibility only, while others also provide the ability to contain malicious endpoint behavior.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »