Security vendor Sophos has enhanced its offering in so-called next-gen endpoint protection (NGEP) with the acquisition of Invincea, which brings it a machine-learning capability. Ovum sees the “old guard” in endpoint security tooling up to outflank the NGEP newcomers.
NGEP should not be a standalone offering
Sophos is an established player in the security market. It is listed on the London Stock Exchange and has annual revenue in excess of $500m. Founded in 1985 as a developer of antivirus (AV) technology for business customers, it has expanded over the years to offer a broad portfolio that includes network security products and encryption.
Expansion and increased sophistication in the world of cybercrime over the last decade has led to AV signatures waning in their ability to protect endpoints, to the point where today they catch no more than 30% to 40% of malware. Invincea was founded 2009 and is one of a number of vendors created to address this situation with new approaches to endpoint security, as a result receiving the NGEP moniker.
In October 2016 Sophos launched an NGEP upgrade called Intercept X to its own and other vendors’ signatures-based endpoint security platforms, with capabilities such as root-cause analysis and signature-less threat and exploit detection. Now it has added machine learning to Intercept X with the acquisition of Invincea.
The NGEP vendors have grabbed mindshare by touting their capabilities as the sun sets on signatures, but over the last year the empire has struck back. Traditional players in endpoint from an AV background, from Trend Micro to Symantec and Intel Security/McAfee, have broadened their platforms to include NGEP functionality. They now champion signatures’ ability to block enough malware to reduce the “noise”, allowing the more compute-intensive NGEP to concentrate on advanced code. Sophos’s Invincea buy is the latest episode in this trend.
On the Radar: Sophos Intercept X adds NGEP to endpoint security, IT0022-000807 (October 2016)
On the Radar: Invincea offers next-generation endpoint security, IT0022-000651 (March 2016)
On the Radar: CylanceProtect provides a next-gen approach to endpoint security, IT0022-000617 (February 2016)
On the Radar: SentinelOne, IT0022-000523 (October 2015)
“VirusTotal sets old guard against newcomers in malware detection, but is it good for customers?” IT0022-000712 (June 2016)
Rik Turner, Senior Analyst, Infrastructure Solutions