IT security innovation aims to stay one step ahead of hackers, malware technology and other emerging digital threats.
While the cybersecurity technology market is booming, so is the lucrative practice of stealing data and holding victims for ransom. Cyber criminals are creating 1.4 million phishing sites a month, ransomware damages have increased 15x over the last two years and DDoS attacks have quadrupled in size, according to Cybersecurity Ventures. Spending on cybersecurity is predicted to grow from $86.4 billion in 2017 to well over $1 trillion by 2021.
The internet of things (IoT) security is only adding to the burden, especially with a talent shortage in the field. Every day new kinds of devices are connected to the internet, and each type poses a unique threat. They’re potentially vulnerable to hackers, malware and DDoS takeover.
Because cybersecurity is such an urgent concern, we aim to provide technology users with the most up-to-date and specific differentiations between security tools.
Earlier this year we created eight new categories, which included emerging technologies such as threat intelligence, cloud security and encryption tools. This month, we’ve broken out our general endpoint protection categories into three subcategories: Endpoint Antivirus, Endpoint Detection and Response (EDR) and Endpoint Management. Below, we’ve outlined some of the differences in the categories, how each type of tool can benefit a user or company and some products currently leading the way in each space. Please note: All review totals and data accurate as of December 1, 2017.
Endpoint antivirus software is the most basic of the three categories. These tools simply protect your endpoint devices — anything with an IP address connected to your network — from viruses and malware.
They provide tools to detect computer viruses and malware and prevent them from infecting devices. This is traditionally done with algorithms and heuristics that identify incoming files listed in a database of virus signatures. The tools block endpoint devices from downloading the file, or quarantine them in a secure environment.
Newer tools help identify malicious browser helper objects (BHOs), which often inject your device with malware or give control of your device to hackers. Endpoint antivirus vendors also have improved virus signature identification, signatureless identification and defense against other forms of malicious code execution.
Many antivirus solutions are marketed towards individual users, but a lot of them offer enterprise editions. Many of those let users perform ad-hoc scans or schedule routine scans across an entire company. Either way, these tools reduce the possibility of individual devices becoming infected with viruses and malware.
Key company benefits of endpoint antivirus software: — Improved device and data security — Improved endpoint health monitoring — Improved malware identification
To qualify for inclusion in the Endpoint Antivirus category, a product must: — Possess malware identification and/or removal features — Possess antivirus and/or antispyware features — Show health status of individual devices — Distribute updates as new virus signatures are detected
EDR software is the next generation of endpoint protection, combining components of antivirus software, network monitoring software and malware remediation tools. These products continually monitor individual devices and alert administrators of individual anomalies.
They store historic event data and information within a centralized database. The products contain analytics capabilities paired with monitoring features to compare information about the current state of a device with the historical data associated with it. When abnormal events are identified, administrators are alerted.
When security tools fail to deflect common forms of malware, many EDR tools can automatically isolate a device, encrypt its data and/or remove dangerous files. More complex penetrations will be detected but may require more advanced removal methods.
EDR tools also improve the investigation and reporting process. It can help identify which devices are impacted frequently, which helps improve vulnerabilities and determine best practices for device security.
Key company benefits of EDR software: — Improved system health visibility — Improved malware mitigation time — Reduced data theft and system failure — Simplifies security scaling
To qualify for inclusion in the EDR category, a product must: — Alert administrators when devices have been compromised — Search data and systems for the presence of malware — Possess analytics and anomaly detection features — Possess malware removal features
Endpoint management solutions help companies manage endpoint assets and ensure their security compliance. Common features include asset discovery, device governance and remote device updates.
They’ll connect to a network and identify each connected device. They often have the ability to require updates or update devices remotely, ensuring they are not vulnerable to malware or other security threats.
Updates may be anything from new operating systems, to individual application updates and server patches. Connectivity enforcement features will require certain standards to ensure a device is secure and up to date.
Some tools are capable of performing health assessments or compliance audits to identify endpoints in need of an update. These features are important because allowing just one single device to be compromised can put entire networks and databases at risk.
All of these features come in handy, especially in the bring-your-own-device (BYOD) world. It is often difficult to know who should be connected, what kinds of devices should be connected and when devices don’t meet security standards.
Key company benefits of endpoint management software: — Ensured security updates and patches — Improved visibility of a network's endpoints — Improved governance and access privilege administration — Reduced possibility of connecting vulnerable devices
To qualify for inclusion in the Endpoint Management category, a product must: — Manage endpoint assets connected to a network — Manage patch updated and ensure device compliance — Detect new or suspicious devices connected to a network — Have the ability to install new operating systems or applications to an endpoint device
While endpoint security as a whole is incredibly valuable, it’s also important to identify unique characteristics of products within the endpoint security ecosystem. Some are better suited for device management, while others are better suited for malware removal.
There is never going to be a silver bullet for cybersecurity, so a well-rounded approach is the safest. Consider historical threats, company size, device ranges and data sensitivity when evaluating products.
If you can’t afford multiple security solutions or you can’t staff experienced security professionals, consider outsourced cybersecurity services. For further product research, browse our IT security software categories to learn more.
As an analyst at G2, Aaron’s research is focused on cloud, application, and network security technologies. As the cybersecurity market continues to explode, Aaron maintains the growing market on G2.com, adding 90+ categories of security technology (and emerging technologies that are added regularly). His exposure to both security vendors and data from security buyers provides a unique perspective that fuels G2’s research reports and content, including pieces focused on trends, market analysis, and acquisitions. In his free time, Aaron enjoys film photography, graphic design, and lizards.