Signature-based antimalware detection is increasingly ineffective against an explosion in the number of malware variants as well as an increase in the number of financially motivated targeted attacks.
Does this mean we get rid of antivirus technology altogether? Not at all.
What it means is that we can no longer protect endpoints using signature-based mechanisms alone. Endpoints must be protected using a combination of mechanisms – whitelisting, blacklisting and behavioral-based approaches — working together as a system.
That’s why we retired the antivirus magic quadrant at Gartner back in 2006. We combined separate research streams on personal firewalls antivirus, antispyware an host-based intrusion prevention systems into what Gartner research refers to as the “Endpoint Protection Platform” (EPP).
The EPP truly is a platform supporting multiple styles of protection for an endpoint. We’ve just updated our rating of the vendors in this market in this magic quadrant research note for clients.
EPPs have gone well beyond converged antimalware protection. Here are the types of capabilities we evaluated in this latest research:
- Data protection capabilities in the form of full drive, removable device and file/folder encryption as well as basic data loss prevention capabilities.
- Behavioral heuristics based host intrusion prevention capabilities
- Buffer overflow protection
- Application control capabilities (aka whitelisting)
- Device and network access control capabilities
- Security configuration management
- Ability to optimize scanning in virtualized environments
- Vulnerability management (some have patching capabilities, others report on vulnerabilities).
- Integration with cloud-based community systems for faster access to emerging threats
The good news for enterprises is that the EPP market is extremely competitive and prices continue to drop. In many cases, encryption can be combined in the same contract without an increase in pricing as compared to prior contracts, especially in competitive bidding situations.
Using the migration to Windows 7 as a catalyst, EPP replacements offer a significant opportunity for cost reduction and vendor consolidation in 2011 and beyond.
Category: beyond-anti-virus endpoint-protection-platform next-generation-security-infrastructure virtualization windows-7
Tags: beyond-anti-virus defense-in-depth endpoint-protection-platform next-generation-security-infrastructure reducing-cost virtualization-security windows
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.