As I mentioned in my previous posts (Endpoint Visibility Tool Use Cases and On Endpoint Sensing), the tools that I am researching now need a category name. This space/segment has really no accepted name: vendors call them “endpoint visibility”, “endpoint intelligence”, “endpoint analytics”, “host investigations”,”compromise assessment”, etc. The name “endpoint forensics” is typically reserved to a much more in-depth analysis of an individual system and likely won’t be used for this.
Other choices suggested are “endpoint malware and attack investigation tools”, “endpoint investigation and assessment tools”, “endpoint reconnaissance”, “endpoint security Inspection”, “endpoint compromise assessment”, “endpoint incident triage”, etc.
My current favorite is “Endpoint Threat Indication & Response” – what do you think?
Vendors, you MUST comment on this one (either here or via email or other means). After all, you need a good name for your segment more than I do for my research 🙂
P.S. The waters are muddier since some vendors offer a degree of action, prevention, mitigation or management, not just detection and collection/investigation. Assuming this is a secondary capability for the tool, we can probably ignore it for now…