Endpoint Security Market InsightsAbsolute Software Advisory
Chris Sherman, Analyst
May 19th, 2016
© 2016 Forrester Research, Inc. Reproduction Prohibited 2
Agenda
›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research
© 2016 Forrester Research, Inc. Reproduction Prohibited 3
Agenda
›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research
© 2016 Forrester Research, Inc. Reproduction Prohibited 4
Targeted attacks are on the risePublicly reported cyber incidents and breaches in the US
Source: Cyberfactors, LLC
0
50
100
150
200
250
300
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
TargetedAttacks
BroadAttacks
© 2016 Forrester Research, Inc. Reproduction Prohibited 5
Source: Forrester’s Business Technographics Global Telecom And Mobility Workforce Survey, 2014 & 2015
“How often do you work in your job from the following locations?”2014 2015
Today’s workforce reality complicates matters
6
Must do a better job of endpoint protection.
Managed endpoints
Unmanagedendpoints
Your customer’s challenges are twofold
Protect their data and operations without owning the assets!
7© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 2320/3543 business and technology decision-makersSource:Forrester Research Business Technographics Security Survey, 2015
Most of the top security concerns relate to protecting un-managed or lightly managed devices/applications
45%46%46%47%47%47%48%49%49%
51%51%51%53%54%55%56%
0% 20% 40% 60%
PaaSBig data analytics for business decision-making
IT and business process outsourcingMachine-to-machine or internet of things solutions
Software defined networkingIaas
Deployment of real-time communications over IPThe businesses need for innovation
Desktop/Application VirtualizationSaaS
Virtualization in the data centerGreater IT connectivity with business partners
Consumer-oriented communication toolsEmployee-provisioned applications
BYOD InitiativesEmployee-provisioned devices for business use
Now we’d like to ask you about how certain technologies or business initiatives might affect your security or IT risk exposure?
Very concerned [4, 5]
© 2016 Forrester Research, Inc. Reproduction Prohibited 8
Lack of skills and staffing pose major challenges for orgs
Base: 3543 global security decision makersSource: Forrester’s Business Technographics Global Security Survey, 2015
53% find unavailability of security employees with the
right skills a moderate to major challenge
60% of business and technology decision-makers rate lack of
staff as a moderate to major challenge.
45% of business and technology decision-makers plan to
increase security skills training in 2016.
© 2016 Forrester Research, Inc. Reproduction Prohibited 9
CISO reporting is still heavily IT focused…
…But changes are happening
Base: 2154-2168 Global security technology decision-makers (20+ employees)Source: Forrsights Security Survey, Q2 2012Forrester’s Business Technographics Global Security Survey, 2015
10© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 2320/3543 business and technology decision-makersSource: Forrester Research Business Technographics Security Survey, 2015
Security orgs are still focused heavily on tactical initiatives
35%33%
37%38%37%38%38%39%38%
36%39%39%40%40%40%42%
39%41%43%
40%43%
18%21%
18%17%18%18%18%18%19%
23%19%20%22%23%23%22%
25%24%
23%26%
27%
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8
Establishing and/or enhancing SCADA or ICS securitySecuring the IoT within the enterprise
Establishing/Enhancing eDiscovery practicesIncident response and forensics capabilities
Converging physical and logical securityStreamlining employee IAM
Presenting the business value of security to executivesEmbedding security in the software dev lifecycle
Establishing a formal IT Risk Management FrameworkCloud-based or managed security services
Adopting a data-centric approach to securitySecurity training and awareness
Achieving/maintaining regulatory complianceImproving mobile security
Improving threat tntelligence capabilitiesBusiness continuity
Improving security of customer-facing services/appsEnsuring business partner security compliance
Improving app security capabilities and servicesComplying with business partners' security reqs
Existing threats and vulnerabilities
Which of the following initiatives are likely to be your firm’s/organization’s top IT security priorities over the next 12 months?
High Priority
Critical Priority
© 2016 Forrester Research, Inc. Reproduction Prohibited 11
Source: Forrester’s Business Technographics Global Security Survey 2015 and Forrester’s Forrsignts Security Survey, Q2 2012
The good news: security budgets are on the rise
12© 2016 Forrester Research, Inc. Reproduction Prohibited
Endpoint security budgets have stabilized since 2014
© 2016 Forrester Research, Inc. Reproduction Prohibited 13
Agenda
›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research
14© 2016 Forrester Research, Inc. Reproduction Prohibited
Those who have been breached take action
© 2016 Forrester Research, Inc. Reproduction Prohibited 15
Frustration With Endpoint AV Has Led To Increased Adoption Of “AV Alternatives”
Source: Forrester Research, Inc. Unauthorized reproduction, citation, or distribution prohibited.118644
Source: Forrester’s Global Business Technographics® Security Survey, 2015
Base: 609 global client security decision-makers
Already implemented
Planning toimplementin the next12 months
“What are your firm’s plans to adopt the following client security (desktop/laptop)and data security technologies?”
60% 70% 80% 90%0%
10%
15%
20%
25%
Applicationsandboxing
HIPS
DLP
Full disk encryption (software-based)
Full disk encryption (hardware-based)
File-levelencryption
Applicationwhitelisting
Device/port control
Application privilege management
Patch managementURL filtering on the clientDevice kill
Endpoint visibilityand control Anti-malware
Personal firewall
16© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 1033 (2010), 1282 (2011), 1293 (2012), 963 (2013), 881 (2014), and 1168 (2015) business and technology decision-makersSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015
Whitelisting has shown the fastest adoption among all client threat protection technologies across all org sizes
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2010 2011 2012 2013 2014 2015
VSB, SMB, and Enterprise
Anti-malware
Whitelisting
Sandboxing
Application Privilege Management
Patch Management Adoption
Endpoint Visibility & Control
Column1
“What are your firm’s plans to adopt the following client security technologies?”
17© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 513 (2010), 642 (2011), 538 (2012), 379 (2013), 420 (2014), 609 (2015) business and technology decision-makers at enterprisesSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015
Enterprises are more likely to adopt advanced technologies…
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2010 2011 2012 2013 2014 2015
Enterprise
Anti-malwareWhitelistingSandboxingApplication Privilege ManagementPatch Management AdoptionEndpoint Visibility & Control
“What are your firm’s plans to adopt the following client security technologies?”
18© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 520 (2010), 410 (2011), 526 (2012), 313(2013), 381 (2014), 484 (2015) business and technology decision-makers at SMBsSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2010-2015
…Although SMBs are quickly catching up
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2010 2011 2012 2013 2014 2015
SMB
Anti-malwareWhitelistingSandboxingApplication Privilege ManagementPatch Management AdoptionEndpoint Visibility & Control
“What are your firm’s plans to adopt the following client security technologies?”
19© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 88 (2012), 38 (2013), 29 (2014), 26(2105) business and technology decision-makers in healthcareSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2012-2015
Healthcare orgs are rapidly adopting prevention technologies
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2012 2013 2014 2015
What are your firm's plans to adopt the following client security technologies?
Anti-malwareWhitelistingSandboxingApplication Privilege ManagementPatch Management AdoptionEndpoint Visibility & Control
Healthcare
20© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 52 (2012), 29 (2013), 32 (2014), 38 (2015) business and technology decision-makers in governmentSource:Forrester Research ForrSights/Business Technographics Security Surveys, 2012-2015
Government endpoint security adoption remains focused on traditional (AM/PM) controls in 2016
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2012 2013 2014 2015
What are your firm's plans to adopt the following client security technologies?
Anti-malwareWhitelistingSandboxingApplication Privilege ManagementPatch Management AdoptionEndpoint Visibility & Control
Government
21© 2016 Forrester Research, Inc. Reproduction Prohibited
Base: 2163 business and technology decision-makersSource:Forrester Research Business Technographics Security Survey, 2015
Orgs would seem to prefer best-of-breed point products over suite offerings…
62%
66%
67%
67%
68%
68%
71%
71%
71%
74%
76%
76%
77%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Vendor/provider ecosystem
Part of a suite or single-vendor portfolio
Certification to other security standards
Regulatory compliance capabilities
Integration across a single vendor's product portfolio
Price
Expected business outcome from implemention
Vendor's brand
Simplest manageability
Speed or ease of implementation
Integration with existing infrastructure
Vendor/provider expertise
Product/technology fit
How important were the following criteria in selecting security solutions?
Very important [4,5]
..although when looking specifically at endpoint security, only 38% and 43% of SMBs and Enterprises, respectively, prefer best-of-breed point products over suites
22© 2016 Forrester Research, Inc. Reproduction Prohibited
Endpoint Security Software-as-a-Service Adoption Has Begun To Cool Off
© 2016 Forrester Research, Inc. Reproduction Prohibited 23
Agenda
›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research
© 2016 Forrester Research, Inc. Reproduction Prohibited 24
Top 10 inquiry topics
1. Endpoint security vendor selection2. Antimalware augmentation3. Endpoint encryption strategy4. Mobile security 5. Application whitelisting/whitelisting capabilities6. Desktop security/encryption 7. Data security and privacy 8. BYOD concerns 9. Antimalware replacement10. Securing mobile devices within healthcare
© 2016 Forrester Research, Inc. Reproduction Prohibited 25
Endpoint Security inquiry breakdown
› Driven by: Targeted attacks/breach concerns, inadequate Antimalware solutions, lack of visibility/IR efficacy (and efficiency), data protection requirements, compliance requirements, intellectual property concerns› Vendors/solutions questions› How to, approaches› Expectations setting; what are others (in my industry) doing› Manual vs automated approaches› Best practices
26© 2016 Forrester Research, Inc. Reproduction Prohibited
Endpoint security market observations
1. Stronger emphasis being placed on advanced detection methods2. There is a greater focus on real time awareness, automation, and dynamic
protection (additional context required: intel, asset information, endpoint visibility) 3. Balanced prevention, detection, and response tablestakes for suite providers
(driven by single vendor value prop- good for suite vendors)4. Customers are beginning to look for network and endpoint integrations that
enable orchestration 5. Hardware-based encryption and native encryption will continue to gain
momentum6. Merger of DLP and file-level encryption (policy and management)7. BYOD driving renewed interest in NAC
Source: Forrester Research, Inc. Unauthorized reproduction or distribution prohibited.
Vendor Solution Pre
vent
ion
Det
ecti
onR
espo
nse/
Con
taim
ent
Category OSLargest
DeploymentThreat IntelIntegration
Kernelor user
Access Data ResolutionOneCybersecurity
vSentry
Bit9 SecurityPlatform &Carbon Black
Endpointvisibilityand control
Endpointvisibilityand control
Endpointvisibilityand control
Endpointvisibilityand control
Applicationwhitelisting& Endpointvisibilityand control
Endpointexecutionisolation
Windows,OS X,Linux,Solaris,Android,iOS
Windows,OS X,Linux
WindowsincludingXP,Android,OS XWindowsincludingXP,Android,OS X
WindowsincludingXP
Windows7 andhigher(4GBmemory)
150,000
100,000
30,000
30,000
Did notprovide
150,000(Forresterhas onlyheard of<5,000 hostdeployments)
User
Kernel
Kernel
Both
Kernel
N/A;micro-visor
YARA,OpenIOC,CollectiveIntelligenceFramework (CIF),STIX, CSV,JSON, XML
OpenIOC
STIX/TAXII
STIX, CybOX,OpenIOC, and asubset of YARAfunctionality
Open platform.Carbon Blackintegrates withOpenIOC andCybOX/STIX
X
X
X
X
X
X
X
X
X
X
X X
Bit9/CarbonBlack
Bromium
Cisco Cisco AMPfor Endpoints
Confer -
CounterTack CounterTackSentinel
Crowdstrike FalconEndpoint
Silent SensorCyberreason
X X
X
Endpointvisibilityand control
Endpointvisibilityand control
Windows7 andhigher;OS X
80,000 Threat indicatorsearches;ConsumesCrowdstrikeintelligencefeeds with STIX;CrowdstrikeIntel ExchangeProgram
Kernel
WindowsincludingXP
Did notprovide
User
“Next-Gen” Players
“Next-Gen” Players (Con’t)
Source: Forrester Research, Inc. Unauthorized reproduction or distribution prohibited.
Vendor Solution Pre
vent
ion
Det
ecti
onR
espo
nse/
Con
taim
ent
Category OSLargest
DeploymentThreat IntelIntegration
Kernelor user
Palo AltoNetworks
RSA
Tanium
Triumfant
TRAPS
EnterpriseCompromiseAssessmentTool (ECAT)
-
-
X
X
X
X
X
X
ApplicationintegrityprotectionEndpointvisibilityand control
Endpointvisibilityand control
Endpointvisibilityand control
Windows
Windowsand OS X
Windowsand OS X
Windows,OS X,Linux
10,000
60,000
36,000
450,000
YARA rules anduses InstantIOCsto hunt forsuspiciousactivity
Can detectOpenIOC,CybOX threatindicatorsthroughrecognitionfilters
Both
Both
Both
“Next-Gen” Players (Con’t)
© 2016 Forrester Research, Inc. Reproduction Prohibited 30
“Do I really need ANOTHER agent?!”
© 2016 Forrester Research, Inc. Reproduction Prohibited 31
Agenda
›Macro Trends Affecting Security Buyers› Technology Adoption Trends› Forrester Client Inquiries And Interests›Upcoming Research
© 2016 Forrester Research, Inc. Reproduction Prohibited 32
Upcoming research (2016)
› Medical Device Security Best Practices (Q2)› Endpoint Security Tech Radar (Q2)› Enabling BYOD in the Enterprise (Q2)› Endpoint Security Wave (Q2-Q3)› Data Privacy Heat Map (Q2-Q3)› Windows 10 Security Deep Dive (Q3)› Endpoint Security Adoption Trends (Q4)› Endpoint Encryption Wave (Q4)
TBD: Healthcare and mobile research (Q2-Q4)