It is hard to imagine a PC these days without a taskbar filled with various agents, tools, and monitors. There was a time in the history of PCs when the idea of even running anti-virus was ridiculous. Those days are long since gone.
In the early 2000s, there was the first battle for the endpoint. IT departments everyhere were completely unprepared for the rapid spread of malware such as SQL Slammer and Code Red. This lead to an explosion of antivirus and personal firewall products.
Ultimately, the winners were those that outlasted their competitors. Symantec, McAfee, and TrendMicro all rose to prominence during this time. Microsoft even managed to field an endpoint security product to surprising success (and unsurprising implosion.)
Endpoint IDS/IPS also became a viable product at this time as well. All the big players rapidly acquired innovative companies. McAfee acquired Entercept, Symantec acquired Sygate, Cisco acquired Okena, and my beloved BlackICE agent would find home at ISS (ultimately IBM). These acquisitions were spun into endpoint security suites that sold like crazy. New companies rushed into the space as well, such as Eset, Sophos, and Kaspersky. Everybody had an endpoint security suite with new features, such as encryption, application control, and data-loss prevention getting added constantly.
However, the fall out was coming. By 2008 pundits were saying “anti-virus” is dead, and really meaning it. However, the fall of the endpoint was not a failure of performance, capability, or accuracy as many believe. Rather, it was more mundane.
The troubles with endpoint security is rooted in a single fact: managing endpoint agents is an epic headache. For a large enterprise, managing tens of thousands of endpoint agents is not merely difficult, it is a miserable time suck of non-stop support tickets and tinkering. Endpoint agents are demanding monsters. They require perpetual care and feeding, and the the slightest misstep can crash desktops and bring the entire enterprise to its knees.
Old technologies never die, they are just given an HTML5 interface and have the word “next generation” prefixed to the name. The endpoint security market is coming back and this time, there may be no stopping it. This time, there is more at stake and the vendors have significantly more clever marketing. In 2005, hacking was something that happened to somebody else. Now hacking is an equal-opportunity annoyance.
However, endpoint security analytics is only one part of this story. Security Analytics is the future of information security. NGFW, SWG, DLP, and anti-virus all have their places now. They are settling into commoditization. But security analytics has nowhere to go but up. This partially explains why companies like Intel paid $7.7 billion for McAfee and Bain paid $2.4 billion for Blue Coat. The future of security is bright.