From EPP to EDR, WFH to BYOD, there are many trends (and acronyms) that IT security professionals need to be aware of and cater to in order to ensure that their employer’s or customer’s endpoint security needs are met.
With network perimeters moving to individual user devices / endpoints, the security landscape becoming increasingly fragmented and complex, and business requirements shifting, we take a look at some key trends relevant to endpoint security and identify a significant opportunity that enhances endpoint security while also enabling firms to leverage the benefits of key business trends.
But first lets briefly look at EDR and EPP definitions.
What is EDR?
Endpoint Threat Detection and Response (ETDR), coined by Gartner in 2013 and later more commonly referred to as Endpoint Detection and Response (EDR), is a “name for the tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints…This name reflects the endpoint (as opposed to the network), threats (as opposed to just malware and officially declared incidents) and tools’ primary usage for both detection and incident response.”
What is EPP?
EPP, Endpoint Protection Platform, is a cybersecurity solution that traditionally detected and blocked threats to endpoint devices. However, due to their similar nature, EPP and EDR are now overlapping terms and solutions. Gartner defines EPP as “a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
EDR and EPP Trends
As mentioned, EDR and EPP are now overlapping terms. EDR and EPP tools are merging into holistic endpoint security solutions. Increasingly, detection and response capabilities are being integrated into endpoint protection systems. Advanced EPP / EDR solutions incorporate tools that detect known and unknown malware, provide real-time automated response capabilities, and add visibility to the causes and the impact of attacks / infections.
According to Stratistics MRC’s Endpoint Detection and Response – Global Market Outlook (2017-2026) report the EDR market is expected to reach over $7,273 million by 2026 (a compound annual growth rate of close to 26%). As a result of this growth and market value, we are seeing an increasing number of vendors entering the market.
Leading EPP / EDR vendors are successfully making strides towards simplifying (e.g. by providing a single platform with integrated tools) and enhancing endpoint security for their customers. However, there are other trends that will likely impact the next stages of a complete EPP / EDR solution, specifically the growing Work From Home (WFM), Remote Working (RW), Bring Your Own Device (BYOD) and Counterfeit Device trends. A key step, and differentiator, in the EPP / EDR industry will be to more effectively cater to these market trends.
EDR and EPP Trending Towards EADR
There is an opportunity within the EDR industry to better enable their customers to leverage the benefits from WFM, RW and BYOD in a more efficient and secure manner, while minimizing risk from the growing number of counterfeit devices. This can be done by adding an initial authentication layer to endpoint security solutions.
An initial real-time endpoint authentication step can augment EPP and EDR solutions by helping to ensure that devices are actually what they claim to be. This authentication step helps minimize risk from counterfeit devices, therefore, more securely enabling WFH, RW and BYOD trends.
This, however, could unfortunately add another letter to an acronym in an acronym-saturated industry, creating EADR (Endpoint Authentication, Detection and Response).
Why Endpoint Authentication, Detection and Response (EADR)?
– A Requirement
EPP / EDR platforms are obviously proving effective, however, there is a weakness: ignoring the provenance of devices. The European Union Intellectual Property Office (EUIPO) estimates that, in 2015, counterfeit devices accounted for 13% of global smartphone sales – a staggering 184 million units. This, combined with a trend in growth and the ever-increasing sophistication of counterfeit devices, is resulting in a requirement for EPP and EDR vendors to add endpoint authentication to their holistic EPP / EDR solutions – the result being EADR, a truly holistic endpoint security solution.
– Added Value
Increasingly, businesses are enabling WFH, RW and BYOD practices because of the many benefits including cost savings, greater efficiency, increased employee work-life balance, etc. EPP and EDR vendors have an opportunity to better equip their customers and prospects to leverage these benefits in a more secure and efficient manner.
Consequently, this added value to customers adds value to vendors – endpoint authentication also results in a market differentiator for vendors. EADR vendors, for example, can more confidently claim a truly holistic endpoint security solution. Additionally, EADR vendors can better demonstrate ROI as cost savings, from securely enabling BYOD within a business, can be easily calculated – compelling information for prospects.
Augment Your EDR Solution – Enable Real-Time Endpoint Authentication
Whether an EPP / EDR customer or vendor, your solution can easily be augmented with real-time endpoint authentication / device assurance. DeviceAssure offers a transparent way to validate the authenticity of devices used on enterprise networks and services to mitigate security risks from endpoints that are not what they claim to be – learn more about how DeviceAssure can enable you to accurately identify counterfeit devices in real-time, here, or contact us directly, here.