Blog

Rethinking the Endpoint: Consolidation, Augmentation or Rip-and-Replace?

Has digital security gotten worse in the last 12 months? Well, more than 550 vendors were packed in the RSA exhibit halls last week to tell you emphatically, YES. And the keynotes were not particularly optimistic. For example, the president of Microsoft used his keynote slot in part to promote a Digital Geneva Convention.

Attendance at RSA 2017 was reportedly north of 43,000. The exhibit halls were packed—but bigger is not necessarily better, and each year it gets more difficult to rise above the marketing noise. NSS attendees universally felt that the clatter was such this year that it was difficult to discern consistent themes from the show floor.

Early in the week, NSS released the results of our first Advanced Endpoint Protection (AEP) Group Test, no doubt coloring the topics that folks wanted to talk to us about. A recurring topic in our conversations with vendors, enterprises, and financial analysts was the maturity and effectiveness of advanced analytic techniques, particularly machine learning.

Discussed in the context of our current AEP testing, questions that began with a focus on techniques often led to more specific questions about products and deployment strategies—and eventually to the question of whether enterprises should consider a rip-and-replace strategy when deploying AEP products. It’s a reasonable question, particularly given the impressive security effectiveness scores of some of the newer endpoint vendors in our test. But there is no universal answer—enterprises must consider subjective measures as well as objective test results. For example, the answer could depend on an organization’s use cases, risk appetite, and its operational capabilities and operational pain threshold.

Such questions are typical of the conversations NSS Research has with enterprise customers. Our latest test data can be used as a starting point in a buyer’s journey, but it is just one of several factors to consider. Security is more than the latest technology, and any technology needs to work within a broader ecosystem of people, processes, and other products. Protection products are more than the techniques they employ. It’s discouraging to hear terms such as “machine learning” spoken as if they are some sort of incantation. Perhaps the best practical advice we heard last week came in the keynote by RSA’s CTO, Dr. Zulifikar Ramzan: “Treat risk as a science, not a dark art.”