As I mentioned in my previous posts (Endpoint Visibility Tool Use Cases and On Endpoint Sensing), the tools that I am researching now need a category name. This space/segment has really no accepted name: vendors call them “endpoint visibility”, “endpoint intelligence”, “endpoint analytics”, “host investigations”,”compromise assessment”, etc. The name “endpoint forensics” is typically reserved to a much more in-depth analysis of an individual system and likely won’t be used for this.
Other choices suggested are “endpoint malware and attack investigation tools”, “endpoint investigation and assessment tools”, “endpoint reconnaissance”, “endpoint security Inspection”, “endpoint compromise assessment”, “endpoint incident triage”, etc.
My current favorite is “Endpoint Threat Indication & Response” – what do you think?
Vendors, you MUST comment on this one (either here or via email or other means). After all, you need a good name for your segment more than I do for my research 🙂
P.S. The waters are muddier since some vendors offer a degree of action, prevention, mitigation or management, not just detection and collection/investigation. Assuming this is a secondary capability for the tool, we can probably ignore it for now…
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.