Systems of protection of endpoints Endpoint Protection Platform, EPP world market
EPP (Endpoint Protection Platform) is the class of solutions intended for prevention and blocking of the known threats, detection of harmful activity. The comprehensive protection of the workstation including a classical antivirus, expanded security technologies (the personal firewall, an intrusion prevention system, control of applications, control of removable carriers, etc.) and instruments of investigation and recovery. EDR (Endpoint Detection&Response) is the class of solutions intended for detection and response to advanced threats. Quickly reveals deviations in behavior of applications and objects with a possibility of their fast recovery in case of confirmation of an incident by the security officer. The EDR systems do not rely on signatures or black lists.
Content |
2016
Data of Gartner
According to "a magic quadrant" of Gartner for 2016, market leaders of the systems of protection of endpoints are the companies Symantec Sophos Intel Security, Trend Micro and Kaspersky Lab
At the beginning of February, 2016 analysts of Gartner published the new version of "a magic quadrant" in the field of platforms for protection of end devices (Endpoint Protection Platform, EPP). Among leading manufacturers of such solutions there was Kaspersky Lab.
For assessment of activity of the companies experts selected several criteria. Among them — the general financial resources of vendor, responses of partners (their satisfaction with technical training, stimulation of a sales channel, marketing and product quality), a share of solutions in the market, given about growth indicators from producers, assessment from the polled clients, efficiency of the management and R&D-ресурсы.
Based on a research Kaspersky Lab was among leaders of "a magic quadrant" in the field of platforms for protection of end devices along with Symantec, Sophos, Intel Security and Trend Micro. In the amount these companies control about 81% of revenue in the market of EPP among the producers which entered "a magic quadrant". The share of top three of Symantec, Intel Security and Trend Micro makes 65%.
Referred use of advanced functions of an intrusion prevention, a possibility of rollback of the system changes made by viruses through Kaspersky System Watcher to key advantages of Kaspersky Lab of analytics, a big set of the integrated management tools, support of different desktop and virtual platforms. According to specialists, the share of the Russian company in the world market of EPP continues to grow quickly, as well as recognition of its brand.
At the same time in Gartner warn that by the opportunities management tools which are in a product portfolio of Kaspersky Lab cannot replace larger corporate solutions. Besides, the vendor does not offer protection of the class EDR (Endpoint Protection & Response).[1]
2014
Data of Gartner
According to experts, in 2014 total revenue of vendors from sales of the systems of protection of endpoints made $3.2 billion, having increased by 2% in comparison with previous year. In the assessment analysts take revenues only of the largest producers entering "a magic quadrant" of Gartner in attention.
2013
IDC Data
By estimates of analysts of IDC, in 2013 the volume of the world market of the systems of protection of endpoints reached $8.8 billion. Experts predicted that during the period from 2013 to 2018 this market annually will grow for 5.1% annually.[2]
2012
Data of Gartner
In 2012, according to forecasts of Gartner, the size of the market of the systems of protection of endpoints will grow by 5-7% in comparison with 2011 when sales of these solutions were measured by $3.2 billion.
According to data of Gartner, by November, 2012 about a half of corporate cybersecurity budgets is spent for providing Information Security of endpoints. It is possible explain such distribution in expenses of the enterprises and organizations on cybersecurity with the fact that in a segment of the endpoints providing the user access to corporate IT resources there are significant changes.
2011
Data of Gartner
According to data of Gartner company, the size of the market of the systems of protection of endpoints was more than $3.2 billion in 2011. The most part of this volume is the share of anti-virus products which belong to fixed assets of protection of endpoints and now represent the end-to-end systems combining in themselves multilevel protection against malware, protection against spam, firewalling, protection against external invasions.
Endpoint Protection Platform components
Component of a system of protection of endpoints are the agency solutions set on endpoints and controlling execution of the information security policies (cybersecurity) admitted to the companies. Among them in independent group systems called by Network Access Protection (NAP) or Network Access Control (NAC) were selected.
Access control systems (Identity management, IDM) became an important link in protection of endpoints. IDM systems increase security of endpoints from unauthorized use due to control automation by access, implementations of multifactor authentication, automated management of accounts of users and also thanks to an opportunity to organize correct from a position the cybersecurity politician connection of mobile devices to corporate resources.
Even more often the systems of protection of endpoints began to join in a single system of providing corporate cybersecurity, providing to the means of the analysis and correlation of cybersecurity events which are contained in it information on a status of endpoints, including on actions of users and correlation of events of cybersecurity for the purpose of identification of the anomalies and combinations representing cybersecurity threats.
Perspective
Influencing factors
The changes happening in the organization of consumption of corporate IT resources among which first of all it should be noted a konsyyumerization of corporate IT tools expansion of a range of the access devices used at offices (including for the realization account of the program 'bring the own device', BYOD) and also an exit of users for traditional perimeter of protection (that is connected with growth of popularity of work out of office, mobility of personnel and distribution of the public cloud IT services intended for joint work support), cause need of review of approaches to creation of protection of the endpoints providing access for users to corporate IT resources, wrote the PC Week magazine in 2012.[3]
Changes in functional structure
It is necessary to remember, as in the conditions of the large-scale changes happening in modern IT, the main objectives of protection of the endpoints supporting the user access to corporate IT resources in essence remain the same. They turn on providing to each employee of uninterrupted access only to those resources which are ordered it by a business role, only at accomplishment of the conditions provided by the security policies (defining time and the place of connection, type of the device of connection and the set on it to the information security facility, permitted set and software updating, channels of access).
The solution of these tasks is directed to minimization of probability of such cybersecurity threats as unauthorized actions with data, attacks on a channel of communication between the centralized resources and an endpoint, authorization of other person under a name of the legitimate user. Used for these means of protecting are well-known. These are antiviruses, means of authentication (we will tell, the electronic signature), means of protecting of the channel (for example, VPN). For mobile access points in addition it will be required to set means of cryptographic data protection, located on information media (first of all on removable — for example, flash cards), and the personal firewall.
In process of more and more wide use by employees of smartphones and tablets in business processes of the cybersecurity companies services need to consider more attentively the possibility of implementation at themselves the Mobile Device Management (MDM) systems. Their functionality 'is ground' under solving of tasks of security at operation of mobile access points. The number of offers of such systems on roar is calculated by tens today. It is pleasant to note that along with foreign developments also competitive domestic appear. The efficiency of such systems is well affected that developers of operational mobile frameworks began to publish the interfaces used in their products for software applications (API) more willingly. It facilitates distribution of functionality of MDM systems on more and more broad spectrum of mobile devices of access.
Main problems
If for endpoints (notebooks, netbooks, ultrabooks) unified so far on hardware architecture and operating environment, there are no problems with the choice of means of protecting, one may say, then a variety and a propriyetarnost (some) platforms for smartphones and tablets demand from developers of means of protecting of special approaches practically for each type of these devices.