Gartner Blog Network


Endpoint Threat Indication & Response?

by Anton Chuvakin  |  July 18, 2013  |  12 Comments

As I mentioned in my previous posts (Endpoint Visibility Tool Use Cases and On Endpoint Sensing), the tools that I am researching now need a category name. This space/segment has really no accepted name: vendors call them “endpoint visibility”, “endpoint intelligence”, “endpoint analytics”, “host investigations”,”compromise assessment”, etc. The name “endpoint forensics” is typically reserved to a much more in-depth analysis of an individual system and likely won’t be used for this.

Other choices suggested are “endpoint malware and attack investigation tools”, “endpoint investigation and assessment tools”, “endpoint reconnaissance”, “endpoint security Inspection”, “endpoint compromise assessment”, “endpoint incident triage”, etc.

My current favorite is “Endpoint Threat Indication & Response” – what do you think?

Vendors, you MUST comment on this one (either here or via email or other means). After all, you need a good name for your segment more than I do for my research 🙂

P.S. The waters are muddier since some vendors offer a degree of action, prevention, mitigation or management, not just detection and collection/investigation. Assuming this is a secondary capability for the tool, we can probably ignore it for now…

Category: endpoint  incident-response  security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Endpoint Threat Indication & Response?


  1. Added:

    ENDPOINT INVESTIGATION AND ANALYSIS TOOLS

  2. Chad says:

    I’m partial to ‘endpoint compromise assessment’ because we have a tool … ECAT .. you get the idea.

    Endpoint Threat Indication & Response seems like a mouthful. Endpoint Analytics, while not as exact, seems catchier and get the spirit of it.

    Alternately, Endpoint Incident Reponse – EIR.

    – Chad

  3. @chad

    Thanks a lot for the ideas. I am extremely happy that you are not exclusively married to “endpoint compromise assessment” name (which I actually like)…

  4. Friv 10 says:

    Thank you, I’ve recently been looking for info about this subject for a while and yours is the best I’ve discovered till
    now. But, what about the conclusion? Are you positive concerning the supply?

  5. Deepayan Chanda says:

    Hello Anton,

    I Like the term “Endpoint Threat Response”, because this category deals with all different areas of security issues related to endpoint and then responding to it is the final goal. Let me know. you may respond to me via my email.

  6. End Point Inteligence Collection (EPIC)

  7. Dave, thanks for the epic idea 🙂

  8. Greg Pergament says:

    There are a number of these tools in the market. Some have protection capabilities while others are strictly for investigative purposes. Is the mission of these tools to identify IOCs and trace originator and root cause? I’m partial to host rather than endpoint.
    Host Compromise Analysis Tools
    “HCAT”

    Although, if you want to include remediation then…
    Host Incident & Response Tools
    “HIRT”

  9. Greg, thanks for the comment. Endpoint -> host sort of makes sense as some people think that endpoints = desktops/laptops

  10. Bob West says:

    I like endpoint analytics or endpoint visibility – the fewer words the better!!

  11. @bob Thanks – but these are too vague (short is good, but vague is bad)

  12. […] Endpoint Threat Indication & Response? […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.