Pity endpoint security software. Venerable antivirus has gotten a bad reputation for being an ineffective commodity product. This situation is illustrated by some recently published ESG research (note: I am an employee of ESG). Security professionals working at enterprise organizations (i.e. more than 1,000 employees) were given a series of statements and asked whether they agreed or disagreed with each. The research revealed that:
- 62% of respondents "strongly agreed" or "agreed" with the statement: "Endpoint security software is effective for detecting/blocking older types of malware but is not effective for detecting/blocking zero day and/or polymorphic malware commonly used for targeted attacks today."
- 52% of respondents "strongly agreed" or "agreed" with the statement: "Our continued use of traditional endpoint security software is driven by regulatory compliance requirements for the most part."
- 44% of respondents "strongly agreed" or "agreed" with the statement: "Endpoint security software is a commodity product with little measurable differences between brands."
Wow, it's no wonder why some have declared that endpoint security software is "dead." Negative opinions like these have put leading security firms like Kaspersky, McAfee, Sophos, Symantec, Trend Micro, and Webroot on the defensive and opened the door for endpoint antimalware upstarts like Bromium, Cisco/Sourcefire, Cylance, Crowdstrike, IBM, Invincea, Malwarebytes, and Triumfant.
No question that new threats and requirements are changing the endpoint market and this is sure to disrupt the status quo. That said, there is more to this story than technology alone. Allow me to elaborate.
Endpoint security software was considered somewhat of a security panacea in the past. Install AV on each PC, maintain a steady diet of vulnerability scanning, patch management, and signature updates and you were pretty well protected from the flood of pedestrian adware, spyware, viruses, and worms.
This formula worked pretty well for many years, leading to a "set it and forget it" mentality in many organizations. And since AV software was part of standard PC configurations, endpoint security management was delegated to junior IT operations personnel who owned PC provisioning and help desk support.
Alas, somewhere around 2007 the endpoint security landscape changed. Organized hackers got serious about attacks by using stealthy malware, evasion techniques, rootkits, and zero-day exploits. In response, endpoint security software vendors introduced countermeasures like static/dynamic payload analysis, file reputation services, and integrated cloud intelligence.
Yup, cybersecurity was going through a profound change as malware and endpoint security vendors engaged in an accelerating cat and mouse technology game. Unfortunately, many of the foot soldiers in this battle (i.e. the IT operations team) were caught in the "fog of war." In too many cases, they didn't know about advanced malware or the new antimalware capabilities baked into their traditional AV products. These folks simply continued to deploy endpoint security in a default configuration, rendering it less-and-less effective over time.
Sign up for CIO Asia eNewsletters.