An endpoint protection platform (EPP) is a comprehensive security solution deployed on endpoint devices to protect against threats.
Let’s Define an Endpoint Protection Platform
EPP solutions are typically cloud-managed and utilize cloud data to assist in advanced monitoring and remote remediation.
EPP solutions employ a broad range of security capabilities, but at a base level include:
Endpoint protection platforms are the latest evolution of endpoint security. They were developed to identify attackers who can bypass traditional endpoint security as well as to help consolidate complex security stacks. With consolidation comes improved data sharing—which improves the analytics available to detect suspicious behavior. It also significantly simplifies security operations.
Another important advantage of endpoint protection platforms is the move to the cloud. Cloud-native EPPs are able to use a single, lightweight agent to monitor all endpoints. Additionally, the data that can be collected and utilized goes well beyond the endpoints of a single company. Global shared data illustrating attacker tactics can be absorbed to improve the detection of attacker behaviors.
In studying the “Critical Capabilities for Endpoint Protection Platforms”, Gartner heralds the importance of cloud-based EPP stating that, “Cloud-based EPP solutions are delivering faster time to value, lower administration costs and more agile product improvements than traditional on-premise deployments.”
In Gartner’s latest Magic Quadrant for Endpoint Protection Platforms, Gartner sees EPPs evolving to provide “automated, orchestrated incident investigation and breach response.” And advises security and risk management leaders to “ensure that their EPP vendor evolves fast enough to keep up with modern threats.”
Going beyond IR, cloud-based endpoint protection platforms make real-time behavioral analytics possible. The most advanced EPP utilizes event stream processing, the same technology used in credit card fraud detection, to transform endpoint security. This allows for detection of behaviors that attackers exhibit where they intentionally try to “look normal” in order to hide their tactics. Today the VMware Carbon Black Cloud is the only endpoint protection platform that utilizes event stream processing and is already demonstrating superior results in detecting attackers before exfiltration can occur.
The key motivation behind endpoint protection platform development was the fact that attackers were more easily evading SecOps teams using traditional solutions. Fundamentally, attackers have advanced beyond the capabilities of traditional endpoint security and are now able to stay undetected in networks for long periods of time.
Analysts and security experts agree that EPPs are the best way forward for securing networks from advanced threats. Gartner and Forrester both cover this solution space with the Gartner Magic Quadrant for Endpoint Protection Platforms and the Forrester Wave for Endpoint Security Suites. The validation of EPPs comes from an ROI analysis done by Forrester. The Forrester Total Economic Impact of an Endpoint Protection Platform Study found the average ROI of seven companies that moved to an EPP was 204%. This equated to an average savings of $2.1M over three years.
Here’s what security experts that moved to an endpoint protection platform have to say about the value of EPPs:
Saving Significant Time
“I now have the ability for a 24/7 SOC to immediately identify and take action on any issues that come up without needing to reach out to my team at all hours of the day/night.”
– Cosy Lavalle, IT Infrastructure Manager, Progress Residential
Single Pane of Glass
“The IR and threat hunting functionality available empowers our team to move quickly and conclusively while benefiting from a cloud-based console under a single pane of glass. It’s a game changer for the team.”
– Eric Samuelson, Senior IT Manager, Lithium
Keeping Up With Threats
“[EPP] is exactly what enterprises need to maintain continuity in the face of today’s biggest cyber threats. With [EPP], we are able to quickly investigate, respond, and remove our outdated AV solutions.”
– Steven Lentz, CISO, Samsung Research Americas
Cybercriminals are very successful at using malware to achieve their goals for the simple reason that most traditional antivirus tools use static analysis as a primary security tactic. However, these tools only can identify known samples – and today, with the rapid development of new malware every day, the majority of it now appears as unknown files. Attackers use various techniques like packing, or compressing, to change aspects of the malware so it looks different than known threats. As such, the attacks easily slip through antivirus defenses.
This is where next-generation endpoint security – and behavior analytics – comes in. The good news about malware is that how it operates within a system or device will eventually appear different than normal user behavior. Therefore, with big data and machine learning zeroing in on anomalies, potential malware can be identified as out-of-the-norm and potentially malicious.