Pt. 5: Cutting through the Next Generation Endpoint Noise

Summing it Up

In this blog series we have looked at a number of points around next-generation endpoint noise and how this emerging language has been heating up as the tools evolve over time, including detection, containment and remediation technologies.

 To sum it up, here are my concluding thoughts:

• The next generation endpoint market is clearly heating up but a noisy and crowded market of solutions is a challenge for buyers.
• Fortunately, leading technology industry analyst firms like 451 Research, Forrester, Gartner and others are providing more detailed research to help buyers cut through the noise.
• I think it’s also incumbent for vendors like us to provide thought leadership in this area.
• A key point of Gartner’s advice is doing something is better than doing nothing. As I mentioned in an earlier blog, attackers are not going to sit around and wait for the next generation endpoint market to shake out.? Reports like Gartner’s Market Guide for Endpoint Detection and Response and 451 Research’s Endpoint Security Market Map are useful resources to help security organizations get better educated on the array of approaches and solutions in the market.
• Before evaluating solutions, organizations need to clearly define the problem they’re looking to solve. As Gartner indicates, detection and investigation use cases are more suited for mature organizations whereas prevention and remediation is more suited for less mature security organizations. I would also keep in mind that the definition of prevention should not be viewed narrowly as being able to detect and block threats before infection. It’s very clear that while prevention is important it’s not 100% effective. Think of prevention as being able to detect and stop threats before breach.
• In evaluating next generation endpoint solutions look for multiple detection techniques and vectors and look for integrated capabilities across detection, verification (investigation), and response. While Gartner indicates that detection is the most critical capability of an EDR solution, I also believe that the ability to respond is equally important.

Why You Should Take a Look at our HawkEye G Solution

So I walk away from this analysis and blog series with even greater confidence in the capabilities and positioning of our HawkEye G solution. While admittedly self-serving, here’s why I think you should take a look at HawkEye G.

HawkEye G has:

• Integrated detection, verification, and automated response capabilities. The majority of competitive solutions are point products targeting one specific area.
• Robust integrated detection capabilities both in terms of techniques and vectors. Techniques include signature-based detection, behavior-based, threat intelligence feeds, and a community-based malware verification services. As far as multiple vectors, our solution has integrated endpoint and network capabilities. Want to leverage an existing network sensor? That works too. Via our ThreatSync(link is external) analytics capability we also incorporate third party network detection indicators currently from Palo Alto Networks and FireEye.
• Ability to do ad-hoc investigations and threat hunting.
• Comprehensive response capabilities. While this is an area where capabilities are nascent per Gartner it’s an area where our HawkEye G solution stands out. We have a full arsenal of countermeasures (responses) that can be flexibly deployed based on policy in fully-automated and/or machine-guided mode (including any combination).

- See more at: https://www.hexiscyber.com/news/hot-topics/pt-5-cutting-through-next-generation-endpoint-noise#sthash.7TxGt1IA.dpuf