As organizations deal with the confluence of shrinking IT budgets and scaling malware threats, they're becoming even more dependent on endpoint security providers and the vendors' ability to integrate important management features into their products, according Steve Munford, CEO of Sophos, one of the fastest growing companies in the space.
Industry analysts may be pushing organizations to get more involved in proactive vulnerability management, and market leaders Symantec and McAfee have created extremely sophisticated solutions that the largest enterprises will continue to embrace, but most companies in the world are looking for endpoint security technologies that balance feature integration with ease of use, Munford said.
With Symantec still mired down in the business of swallowing systems management giant Altiris, and McAfee busy expanding its complex Enterprise Policy Orchestrator, Sophos has been able to increase its market share by pulling together those truly necessary pieces of endpoint security, while still keeping its products simple enough for non-specialized IT staffers to operate them, the CEO claims.
Having recorded its best financial quarter ever during Q4 2008, Sophos' strategy of integrating simplified network access control and encryption features into its endpoint package is playing to the strengths of both the economy and the threat environment, he said.
"Conficker is the perfect example of why you need some NAC system or patch enforcement in your product, but it has to be something that works simply, it can't be about adopting an entirely new systems management architecture," said Munford. "Symantec was really smart to go after systems management, but outside of the largest enterprises, it's going to be hard to convince customers to commit to one management platform."
IT departments feeling the squeeze of the economic downturn are looking for something that merely works, versus those technologies that represent the bleeding edge of innovation, said the executive. By adding NAC to its endpoint package, Sophos' products have the ability to ensure that endpoint systems have been patched with necessary updates such as the Microsoft patch that would have prevented systems from being infected by Conficker, he contends.
What Symantec is doing with Altiris will likely produce impressive results someday, but in today's environment Sophos is providing clear ROI in some other important areas as well, including via the integration of onboard data encryption capabilities, which the company added through its acquisition of Utimaco Safeware last July, Munford said.
And while the vast majority of Sophos' customers exist well below the enterprise water line, and that fact plays a major role in how its strategy is working, the company is inking deals that cover thousands of seats, proving that even some small enterprises are seeing the simplified value of what the vendor is trying to offer, he said.
"It's not our primary focus, but we're going into some fairly large accounts and hearing from CSOs that what they really need is an endpoint security client that works and isn't so noisy that a lot of their workers attempt to turn it off, or that doesn't eat up so much bandwidth with updates that it proves problematic," said Munford. "Observers say that AV is commoditized, and honestly the AV engines themselves are fairly commoditized, but it's not about that, it's about what you put around the AV that helps address all these relevant problems with attacks like Conficker, or for data protection."
One of the next features that Sophos will look to add to its endpoint package will be stripped down data leakage protection (DLP) capabilities that help address the issue of data filtering, without the necessity of hiring specialists just to create involved data flows, as some standalone DLP solutions require.
Once again, pure play DLP that involves deeper data fingerprinting and policy enforcement will remain the domain of large enterprise organizations, while most companies are just looking for something to stop accidental data loss events, such as the accidental distribution of unencrypted e-mails or customer records.
"DLP is another example of a security point system where we see separation between the leading edge and the mainstream," said Munford. "People who buy McAfee EPO may want to buy a standalone DLP platform, but we're aiming for the customers that don't have large management teams; those customers really want simplification, especially as they're being told to reduce staff and expenses, and really that is the mainstream, and there's a lot of opportunities for a company like ours to meet that demand."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.