The Rise of Endpoint Forensics
Content
GUIDANCE SOFTWARE | Key Findings of the ESG Research Endpoint Security Survey
The Rise of Endpoint Forensics
Key Findings of the ESG Research Endpoint Security Survey
WHAT IS YOUR
ENDPOINT
SECURITY
85%
plan to spend
more on
ADVANCED
MALWARE
detection:
45%
ENDPOINT
SECURITY
POSTURE?
MOST COVETED
INFOSEC
FUNCTIONALITY:
66%
ENDPOINT
FORENSICS
software:
98
%
INFOSEC
SOFTWARE
DEPLOYMENT
TRENDS:
69
%
29%
Source: ESG Research Report:
The Endpoint Security Paradox,
January 2015
have deployed
ENDPOINT
FORENSICS
SOFTWARE...
plan to
DEPLOY it in
the near future
have a dedicated
ENDPOINT
SECURITY
GROUP
43%
believe that REMEDIATION and
RECOVERY are important capabilities
for their Endpoint Security suite
73%
are already
deploying
ADVANCED
MALWARE
DETECTION/
PREVENTION
software
Top 3 Reasons for
Deploying ENDPOINT
FORENSICS SOFTWARE:
It improves incident
detection: 29%
It improves incident
response: 29%
To mitigate risk from
targeted attacks: 24%
The 2014 Endpoint Security Survey developed and performed by ESG Research and sponsored by Guidance
Software produced significant findings on the buying behavior, deployment trends, and cybersecurity needs of
today’s Information Security (InfoSec) market. ESG surveyed information technology (IT) professionals (45 percent)
and InfoSec professionals (55 percent) inside 340 North American organizations with 500 or more employees.
Looking to understand today’s most prevalent endpoint security challenges, as well as to ascertain organizations’
depth of network endpoint visibility, the survey found that:
•
•
•
•
Twenty-nine percent (29%) of surveyed participants addressed inefficiencies in their endpoint security
process—all of which can be managed using an automated endpoint security solution
Eighty-five percent (85%) of respondents plan to spend more on endpoint security
Fifty-six percent (56%) had purchased new endpoint technologies in addition to those used in the past
Sixty-six percent (66%) have re-evaluated endpoint security policies, processes and tools to create a plan for
improving endpoint security
This paper provides highlights of the survey. For a thorough summary of the survey and the results, we strongly
recommend that you download ESG Research’s The Endpoint Security Paradox from the ESG website.
www.guidancesoftware.com
GUIDANCE SOFTWARE | Key Findings of the ESG Research Endpoint Security Survey
Endpoint Security is a Strategic Initiative
Understanding that no organization is immune to being cyber-attacked, InfoSec professionals are implementing
strategic initiatives to stay on top of their security posture, specifically through endpoint security solutions.
Consider the following:
•
•
•
Sixty-six percent (66%) of organizations have re-evaluated their endpoint security policies, processes and tools
to create a plan for improving endpoint security
Eighty-five percent (85%) plan to spend more on endpoint security
Fifty-seven percent (57%) have already increased the allocation of security budget earmarked for endpoint
security, analytics, and incident response
EnCase Can Help: EnCase® Analytics and EnCase® Cybersecurity deliver the leading endpoint detection and
response solution that empowers organizations to discover previously unknown threats, prioritize and validate alerts
from third-party detection technologies, assess the scope and impact of threats, locate sensitive data at risk, and
remediate incidents without disrupting productivity and business operations. With over 20 million servlets deployed on
endpoints around the world, our products are proven to capture the right data from the right places at the right time,
providing for the most effective security analytics, detection, and remediation solutions that leverage deep endpointbased inspection.
Endpoint Security Solutions are Key Investments in Today’s Threat Landscape
ESG Research found that 71 percent of the organizations surveyed are currently deploying an endpoint forensic/security
analytics solution, while 26 percent plan to deploy an endpoint forensic/security analytics solution in the future.
Our Customers
Guidance Software’s customers are corporations
and government agencies in a wide variety of
industries, such as financial and insurance services,
technology, defense contracting, pharmaceutical,
manufacturing and retail. Representative
customers include Allstate, Chevron, FBI, Ford,
General Electric, Honeywell, NATO, Northrop
Grumman, Pfizer, SEC, UnitedHealth Group and
Viacom.
About Guidance Software (NASDAQ: GUID)
Guidance Software is recognized worldwide
as the industry leader in digital investigative
solutions. Its EnCase® Enterprise platform is used
by numerous government agencies, more than
65 percent of the Fortune 100, and more than
40 percent of the Fortune 500, to conduct digital
investigations of servers, laptops, desktops and
mobile devices. Built on the EnCase Enterprise
platform are market-leading electronic discovery
and cyber security solutions, EnCase® eDiscovery,
EnCase® Cybersecurity, and EnCase® Analytics,
which empower organizations to respond to
litigation discovery requests, perform sensitive data
discovery for compliance purposes, conduct speedy
and thorough security incident response, and reveal
previously hidden advanced persistent threats or
malicious insider activity.
EnCase®, EnScript®, FastBloc®, EnCE®, EnCEP®, Guidance
Software™ and Tableau™ are registered trademarks or trademarks
owned by Guidance Software in the United States and other
jurisdictions and may not be used without prior written permission. All
other trademarks and copyrights referenced in this press release are
the property of their respective owners.
EnCase Can Help: First to market in digital forensics and still the standard around the world, EnCase enables
organizations to capture critical data from enterprise endpoints (servers, desktops, laptops, and other devices, such
as POS terminals) from which data is actually accessed or stolen and where malware most often resides. Such data
is then synthesized at scale from all endpoints and analyzed to create baselines that serve as the basis for proactive
detection of anomalies, provide for historical data analysis to go back in time and determine the full scope of an
event, and correlate data elements to spot account compromise, unauthorized connections, systems at risk, and
other vulnerabilities. All of this can be done without disrupting business operations.
Endpoint Security and Visibility are Critical Components of the Security Plan
While 56 percent of those surveyed believe they can now effectively and efficiently secure endpoints, 41 percent
express concern with their ability to do so, and another 23 percent of organizations cited monitoring endpoint status
as their biggest security weakness.
EnCase Can Help: EnCase products deploy a tiny, passive, yet powerful servlet to all devices on the network
and sits at kernel level—below the operating system—to provide deep, unobstructed visibility into endpoint data
artifacts from everywhere across your enterprise, including encrypted data, files hidden in unallocated or slack
space, registry data, RAM, and system data. The servlet performs all needed activities, can be disguised to prevent
deletion by malware or notice by malicious insiders, and works on a wide variety of operating systems for laptops,
desktops, file servers, email servers, and print servers. This gives you the most reliable access to endpoint data,
which provides for proactive endpoint threat hunting and real-time detection and response.
Endpoint Security Teams Don’t Have Time to Work on Process Improvements
This is because 38 percent of InfoSec professionals are busy firefighting high-priority incidents, 29 percent are losing
time because of manual processes, and 34 percent are overwhelmed with compliance issues, according to the survey.
EnCase Can Help: EnCase Analytics and EnCase Cybersecurity empower professionals to streamline key
endpoint detection and response activities. Through collaboration and integration, EnCase Cybersecurity helps
prioritize alerts from threat detection technologies, capturing volatile data about an incident the moment its alert
goes off. This accelerates the response process by reducing the time spent manually dealing with false positives—
letting you focus on the real threats first—and improving the efficiency of remediation, to return systems to a
trusted state promptly after an incident is detected.
Conclusion
As the threat landscape continues to evolve, so do the solutions being built to help prevent and mitigate their
damage. IT and InfoSec professionals have identified advanced malware detection and endpoint forensics
software as key investments in today’s security arsenal. Leveraging deep, trusted, kernel-level access into endpoint
data artifacts, EnCase products empower InfoSec professionals to take charge of their security posture and be
equipped to respond to incidents quickly. Our products can transform the security posture of the average enterprise
from reactive to proactive through endpoint visibility, security analytics, and incident-response automation.
www.guidancesoftware.com
The Rise of Endpoint Forensics
Key Findings of the ESG Research Endpoint Security Survey
WHAT IS YOUR
ENDPOINT
SECURITY
85%
plan to spend
more on
ADVANCED
MALWARE
detection:
45%
ENDPOINT
SECURITY
POSTURE?
MOST COVETED
INFOSEC
FUNCTIONALITY:
66%
ENDPOINT
FORENSICS
software:
98
%
INFOSEC
SOFTWARE
DEPLOYMENT
TRENDS:
69
%
29%
Source: ESG Research Report:
The Endpoint Security Paradox,
January 2015
have deployed
ENDPOINT
FORENSICS
SOFTWARE...
plan to
DEPLOY it in
the near future
have a dedicated
ENDPOINT
SECURITY
GROUP
43%
believe that REMEDIATION and
RECOVERY are important capabilities
for their Endpoint Security suite
73%
are already
deploying
ADVANCED
MALWARE
DETECTION/
PREVENTION
software
Top 3 Reasons for
Deploying ENDPOINT
FORENSICS SOFTWARE:
It improves incident
detection: 29%
It improves incident
response: 29%
To mitigate risk from
targeted attacks: 24%
The 2014 Endpoint Security Survey developed and performed by ESG Research and sponsored by Guidance
Software produced significant findings on the buying behavior, deployment trends, and cybersecurity needs of
today’s Information Security (InfoSec) market. ESG surveyed information technology (IT) professionals (45 percent)
and InfoSec professionals (55 percent) inside 340 North American organizations with 500 or more employees.
Looking to understand today’s most prevalent endpoint security challenges, as well as to ascertain organizations’
depth of network endpoint visibility, the survey found that:
•
•
•
•
Twenty-nine percent (29%) of surveyed participants addressed inefficiencies in their endpoint security
process—all of which can be managed using an automated endpoint security solution
Eighty-five percent (85%) of respondents plan to spend more on endpoint security
Fifty-six percent (56%) had purchased new endpoint technologies in addition to those used in the past
Sixty-six percent (66%) have re-evaluated endpoint security policies, processes and tools to create a plan for
improving endpoint security
This paper provides highlights of the survey. For a thorough summary of the survey and the results, we strongly
recommend that you download ESG Research’s The Endpoint Security Paradox from the ESG website.
www.guidancesoftware.com
GUIDANCE SOFTWARE | Key Findings of the ESG Research Endpoint Security Survey
Endpoint Security is a Strategic Initiative
Understanding that no organization is immune to being cyber-attacked, InfoSec professionals are implementing
strategic initiatives to stay on top of their security posture, specifically through endpoint security solutions.
Consider the following:
•
•
•
Sixty-six percent (66%) of organizations have re-evaluated their endpoint security policies, processes and tools
to create a plan for improving endpoint security
Eighty-five percent (85%) plan to spend more on endpoint security
Fifty-seven percent (57%) have already increased the allocation of security budget earmarked for endpoint
security, analytics, and incident response
EnCase Can Help: EnCase® Analytics and EnCase® Cybersecurity deliver the leading endpoint detection and
response solution that empowers organizations to discover previously unknown threats, prioritize and validate alerts
from third-party detection technologies, assess the scope and impact of threats, locate sensitive data at risk, and
remediate incidents without disrupting productivity and business operations. With over 20 million servlets deployed on
endpoints around the world, our products are proven to capture the right data from the right places at the right time,
providing for the most effective security analytics, detection, and remediation solutions that leverage deep endpointbased inspection.
Endpoint Security Solutions are Key Investments in Today’s Threat Landscape
ESG Research found that 71 percent of the organizations surveyed are currently deploying an endpoint forensic/security
analytics solution, while 26 percent plan to deploy an endpoint forensic/security analytics solution in the future.
Our Customers
Guidance Software’s customers are corporations
and government agencies in a wide variety of
industries, such as financial and insurance services,
technology, defense contracting, pharmaceutical,
manufacturing and retail. Representative
customers include Allstate, Chevron, FBI, Ford,
General Electric, Honeywell, NATO, Northrop
Grumman, Pfizer, SEC, UnitedHealth Group and
Viacom.
About Guidance Software (NASDAQ: GUID)
Guidance Software is recognized worldwide
as the industry leader in digital investigative
solutions. Its EnCase® Enterprise platform is used
by numerous government agencies, more than
65 percent of the Fortune 100, and more than
40 percent of the Fortune 500, to conduct digital
investigations of servers, laptops, desktops and
mobile devices. Built on the EnCase Enterprise
platform are market-leading electronic discovery
and cyber security solutions, EnCase® eDiscovery,
EnCase® Cybersecurity, and EnCase® Analytics,
which empower organizations to respond to
litigation discovery requests, perform sensitive data
discovery for compliance purposes, conduct speedy
and thorough security incident response, and reveal
previously hidden advanced persistent threats or
malicious insider activity.
EnCase®, EnScript®, FastBloc®, EnCE®, EnCEP®, Guidance
Software™ and Tableau™ are registered trademarks or trademarks
owned by Guidance Software in the United States and other
jurisdictions and may not be used without prior written permission. All
other trademarks and copyrights referenced in this press release are
the property of their respective owners.
EnCase Can Help: First to market in digital forensics and still the standard around the world, EnCase enables
organizations to capture critical data from enterprise endpoints (servers, desktops, laptops, and other devices, such
as POS terminals) from which data is actually accessed or stolen and where malware most often resides. Such data
is then synthesized at scale from all endpoints and analyzed to create baselines that serve as the basis for proactive
detection of anomalies, provide for historical data analysis to go back in time and determine the full scope of an
event, and correlate data elements to spot account compromise, unauthorized connections, systems at risk, and
other vulnerabilities. All of this can be done without disrupting business operations.
Endpoint Security and Visibility are Critical Components of the Security Plan
While 56 percent of those surveyed believe they can now effectively and efficiently secure endpoints, 41 percent
express concern with their ability to do so, and another 23 percent of organizations cited monitoring endpoint status
as their biggest security weakness.
EnCase Can Help: EnCase products deploy a tiny, passive, yet powerful servlet to all devices on the network
and sits at kernel level—below the operating system—to provide deep, unobstructed visibility into endpoint data
artifacts from everywhere across your enterprise, including encrypted data, files hidden in unallocated or slack
space, registry data, RAM, and system data. The servlet performs all needed activities, can be disguised to prevent
deletion by malware or notice by malicious insiders, and works on a wide variety of operating systems for laptops,
desktops, file servers, email servers, and print servers. This gives you the most reliable access to endpoint data,
which provides for proactive endpoint threat hunting and real-time detection and response.
Endpoint Security Teams Don’t Have Time to Work on Process Improvements
This is because 38 percent of InfoSec professionals are busy firefighting high-priority incidents, 29 percent are losing
time because of manual processes, and 34 percent are overwhelmed with compliance issues, according to the survey.
EnCase Can Help: EnCase Analytics and EnCase Cybersecurity empower professionals to streamline key
endpoint detection and response activities. Through collaboration and integration, EnCase Cybersecurity helps
prioritize alerts from threat detection technologies, capturing volatile data about an incident the moment its alert
goes off. This accelerates the response process by reducing the time spent manually dealing with false positives—
letting you focus on the real threats first—and improving the efficiency of remediation, to return systems to a
trusted state promptly after an incident is detected.
Conclusion
As the threat landscape continues to evolve, so do the solutions being built to help prevent and mitigate their
damage. IT and InfoSec professionals have identified advanced malware detection and endpoint forensics
software as key investments in today’s security arsenal. Leveraging deep, trusted, kernel-level access into endpoint
data artifacts, EnCase products empower InfoSec professionals to take charge of their security posture and be
equipped to respond to incidents quickly. Our products can transform the security posture of the average enterprise
from reactive to proactive through endpoint visibility, security analytics, and incident-response automation.
www.guidancesoftware.com
