Signature-based antimalware detection is increasingly ineffective against an explosion in the number of malware variants as well as an increase in the number of financially motivated targeted attacks.
Does this mean we get rid of antivirus technology altogether? Not at all.
What it means is that we can no longer protect endpoints using signature-based mechanisms alone. Endpoints must be protected using a combination of mechanisms – whitelisting, blacklisting and behavioral-based approaches — working together as a system.
That’s why we retired the antivirus magic quadrant at Gartner back in 2006. We combined separate research streams on personal firewalls antivirus, antispyware an host-based intrusion prevention systems into what Gartner research refers to as the “Endpoint Protection Platform” (EPP).
The EPP truly is a platform supporting multiple styles of protection for an endpoint. We’ve just updated our rating of the vendors in this market in this magic quadrant research note for clients.
EPPs have gone well beyond converged antimalware protection. Here are the types of capabilities we evaluated in this latest research:
- Data protection capabilities in the form of full drive, removable device and file/folder encryption as well as basic data loss prevention capabilities.
- Behavioral heuristics based host intrusion prevention capabilities
- Buffer overflow protection
- Application control capabilities (aka whitelisting)
- Device and network access control capabilities
- Security configuration management
- Ability to optimize scanning in virtualized environments
- Vulnerability management (some have patching capabilities, others report on vulnerabilities).
- Integration with cloud-based community systems for faster access to emerging threats
The good news for enterprises is that the EPP market is extremely competitive and prices continue to drop. In many cases, encryption can be combined in the same contract without an increase in pricing as compared to prior contracts, especially in competitive bidding situations.
Using the migration to Windows 7 as a catalyst, EPP replacements offer a significant opportunity for cost reduction and vendor consolidation in 2011 and beyond.
Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure Virtualization Windows 7 Tags: Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Next-generation Security Infrastructure, Reducing Cost, Virtualization Security, Windows