EMA recently published primary research on the topic of “Adopting Effective Solutions in Endpoint Detection and Response,” which included a detailed comparison of two of the most popular platforms on the market today: Tanium and 1E Tachyon. Put simply, Endpoint Detection and Response (EDR) solutions represent a classification of management tools designed to proactively provide the holistic visibility and rapid automation necessary to respond to endpoint security threats and administration requirements in real-time. The purpose of the evaluation was to provide an example of how to conduct a side-by-side comparison of EDR solutions in order to determine the optimal platform for meeting current endpoint management requirements.
One of the most enlightening conclusions to be revealed in our evaluation results is the importance of adopting solutions and best practices that address the existing problems of today as well as the emerging problems of tomorrow. While this may seem like an obvious assertion, market messaging from legacy solution providers has apparently been creating a good deal of confusion among prospective buyers. To help set the record straight, here are the top three most significant challenges to supporting endpoint devices today. Each of these have been consistently called out as business priorities in EMA’s various survey-based research and end user case studies:
- Workforce Mobility – EMA Research indicates that, on average, more than half of all business tasks occur outside the physical office, substantially increasing the risk of a security breaches. EDR solutions must address portable devices (such as laptops, smartphones, and tables) that may be used at any location at any time.
- Ransomware and Evasive Malware – Signature-based malware protection solutions (such as virus scanners) are no longer effective at preventing infections and perimeter breaches because today’s most insidious malware attached are designed to continuously “morph” into forms that have no constant characteristics. EDR solutions must employ real-time data collection and robust analytics to identify questionable states and activities on endpoints that indicate and then automatically block malware and ransomware infections.
- Hybrid Software Hosting Environments – Gone are the days of traditional client-server computing where administrators have been able to maintain complete control over the networks hosting IT services. Today’s IT resources are distributed across a vast ecosystem of on-premises and public cloud-hosted physical, virtual, and web environments. EDR solutions must have the extensible and dynamic automation capabilities to integrate and automated with these disparate services to ensure secure connections and consistent user experiences.
In EMA’s evaluation, Tanium was revealed to lack many of the key capabilities required to meet these modern requirements. This is not really a surprise considering that the platform’s introduction predates that of the iPhone and the subsequent mobile and cloud revolutions. As a consequence, Tanium’s fundamental P2P architecture was only designed to support static, immobile PCs and lacks key integration and orchestration functionality. By comparison, 1E Tachyon is a more recent edition to market that was purpose-built to address today’s more challenging enterprise endpoint management requirements. Detailed results of EMA’s independent and objective analysis can be found the research report or viewed in an online webinar I hosted on topic.