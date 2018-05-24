Endpoint security is in many ways the direct descendent of the first forms of computer protection in the earliest days of IT. But it's a rapidly developing category, as organizations look to coordinate control of the PCs, servers and phones on their networks to keep out malware and intruders. Let's look at what the year ahead has in store for the industry, as multiple vendors scramble for your attention and money.

What is endpoint security?

Endpoint security is a security approach that focuses on locking down endpoints— individual computers, phones, tablets and other network-enabled devices — in order to keep networks safe. That might sound like a fancy name for putting a firewall and antivirus software on your PC, and indeed in the early days of the category there was some suspicion that it was a marketing buzzphrase to make antivirus offerings sound cutting edge.

But what distinguishes endpoint security offerings from simple home computer protection is that idea that the security tools on the endpoints are managed centrally by corporate IT. The security measures run on two tiers: there are software agentsthat run in the background on endpoints, and a centralized endpoint security management system that monitors and controls the agents. That management system can be a control panel monitored by IT staff or an automated system … or some combination of the two (more on that in a moment).

You'll sometimes hear the phrase endpoint protection used interchangeably with endpoint security.Gartner defines an endpoint protection platform as "a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single and cohesive solution." So, strictly speaking the term can include products that aren't centrally managed, though just about anything marketed to enterprise-class customers will be. And, yes, you do sometimes catch companies touting their antivirus products as "endpoint protection." Let the buyer beware.

Trends in endpoint security

Of course, as threats evolve, endpoint security suites must evolve as well. In 2018, expect endpoint security vendors to work to catch up with the following five trends:

Machine learning and AI. As threats accelerate, they'll become too much, too fast for any human to keep up with in real time. Much of the moment-to-moment scutwork of endpoint security will be increasingly automated, with machine learning and artificial intelligence examining traffic and identifying threats, and only the most pressing needs being escalated to human attention. Machine learning capabilities are already being rolled out in Microsoft's endpoint security offerings, for instance.

What does the future hold? ESG research surveyed cybersecurity and IT pros about their biggest endpoint security challenges. In addition to false alarms and lack of automation, many cited a desire for built-in remediation capabilities, including terminating processes, deleting files, and rolling back system images, that will save IT staff from the work of repeatedly and manually reimaging compromised systems. Hopefully some smart vendors out there are listening.

Endpoint security software and tools

Gartner's Customer Choice Awards from 2017 give you a good introduction to who's who in the endpoint security vendor space. You'll find names you might recognize from the consumer realm, like Microsoft and Symantec, along with other more specialized companies, like Cylance, CrowdStrike, and Carbon Black. Gartner also offers links so you can make an endpoint security software comparison.

For more in-depth information on some of these products, see CSO's endpoint security software reviews.

Digital Guardian : The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting.

: The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting. enSilo : The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate.

: The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate. Minerva : Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection.

: Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection. Promisec: Every organization can use a little help managing their detection and response of threats, and the many issues that crop up every day within their enterprise. Promisec can provide that help, wrestling endpoints into compliance, automatically if desired, and keeping a watchful eye over them to ensure they stay that way.

