Frost & Sullivan: 2016 Global Endpoint Security Platforms … · 2016 Global Endpoint Security...
Transcript of Frost & Sullivan: 2016 Global Endpoint Security Platforms … · 2016 Global Endpoint Security...
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 2 “We Accelerate Growth”
Contents
Background and Company Performance ........................................................................ 3
Industry Challenges .............................................................................................. 3
Application Convergence Impact and Customer Impact ............................................. 4
Conclusion........................................................................................................... 9
Significance of Growth Excellence through Application Convergence ............................... 10
Understanding Growth Excellence through Application Convergence ............................... 10
Key Benchmarking Criteria .................................................................................. 11
Best Practice Award Analysis for Cylance ..................................................................... 11
Decision Support Scorecard ................................................................................. 11
Application Convergence Impact .......................................................................... 12
Customer Impact ............................................................................................... 12
Decision Support Matrix ...................................................................................... 13
The Intersection between 360-Degree Research and Best Practices Awards ..................... 14
Research Methodology ........................................................................................ 14
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 15
About Frost & Sullivan .............................................................................................. 16
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 3 “We Accelerate Growth”
Background and Company Performance
Industry Challenges
Over the next few years, device proliferation will result in billions of connected devices,
systems, people, and organizations across the globe. The data and information generated
from this growth add immense value; however, their exchange within the ecosystem also
means exposure to ubiquitous cyber-risks. The scale and cost of cybersecurity breaches is
constantly on the rise and unsurprisingly, organizations are finding it increasingly difficult
to prevent and deal with cyber-attacks. According to the World Economic Forum's 2016
Global Risks Report, the cost of cybercrimes in 2016 will be worth an estimated $445
billion.
Large organizations across verticals that include banking, retail, healthcare, government,
and telecoms have been exposed to a multitude of threats and many of these entities
have been compromised. Unfortunately, hackers are rarely identified and can range from
young, independent amateurs to nation/state-sponsored hacking groups with considerable
experience and seemingly limitless funding. A number of recent attacks have resulted in
compromising extremely sensitive consumer data across industries such as airlines, large
retail chains, insurance firms across countries clearly indicating that this is a global
phenomenon and that no system is truly safe.
Even a small gap or vulnerability can let hackers into a system, and most times,
companies are unaware of a hackers’ presence for months. Employee training to increase
awareness is effective only to an extent, and in many cases, employees continue to be
responsible for security breaches. For example, a sophisticated phishing email that
appears to come from a co-worker or manager known to the employee can persuade that
employee to click on a link that takes him or her to a website where malicious software is
set to download automatically.
The rate at which cyber threats mutate and increase is also a cause for concern. For
instance, zero-day vulnerability, as the name suggests, allows no time for security
departments to prepare for previously-unknown computer software vulnerabilities that can
be exploited by hackers. Multiple endpoints, such as smartphones, tablets, laptops, and
traditional desktops, increase overall vulnerability of an enterprise. Worse, zero-day
vulnerabilities are often custom built for individual organizations, which makes it
impossible for traditional endpoint security products to recognize a zero-day as malicious.
As cyberspace becomes an integral part of economies, communities, and businesses, the
need to create more secure environments increases exponentially. One area that the
cybersecurity industry is focusing on is the prevention of malware before it even enters
the system by making endpoint security more proactive and preventive. Frost & Sullivan’s
research in this industry has shown that a company called Cylance has used artificial
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 4 “We Accelerate Growth”
intelligence (AI) and machine learning (ML) to identify a threat before it even runs, to stop
it immediately. The company achieves this without the need for human intervention
making it a truly innovative and unique approach in a market awash with ineffective,
reactive solutions.
Application Convergence Impact and Customer Impact
Completeness of Vision
Once malware enters an IT system, it has the potential to cause damage even if it has
been identified. Additional post-execution analysis and clean-up required may result in
down-time, interrupting work and productivity. Given just how vulnerable today's
electronic devices are, ensuring effective endpoint security is critical.
As new threats emerge at an alarming rate, Cylance’s vision of proactive and preventive
cybersecurity resonates with C-level executives who need to deal with the business impact
of security risks. Cylance uses an innovative approach to approach to end point prevention
that does not rely on heuristics, signatures, and behavioral analysis. The company’s
technology uses a machine learning platform that can be easily integrated with other
third-party services and tools, making it the ideal solution to deal with both existing and
future threats.
Most competing systems analyze threats and then develop methods to deal with them.
Cylance’s approach enables all threats and risks to be completely blocked before they can
begin to execute. The system uses a highly sophisticated series of mathematical
algorithms for pre-execution malware blocking. Cylance’s artificial intelligence (AI) engine
analyzes the “DNA of threats,” which is powered by machine and algorithmic science, data
sourced from millions of endpoints and dozens of databases, skilled malware researchers,
and a massive computing laboratory. The entire process of understanding, analysis, and
identification of normal and abnormal, or what is “good” and “bad”, is carried out using AI
and machine learning (ML) to look deeper and faster than humanly possible, thus avoiding
the faults, errors and omissions caused by non-machine based security systems. Plus, this
solution does not require an Internet connection, scheduled scans or signature updates,
which have plagued end-user environments for over a decade. In an industry that is
currently struggling with the availability of skilled talent, the company has no problem
retaining a staff of highly-qualified data scientists and anti-malware experts that design
and update its algorithms.
During its analysis, Frost & Sullivan was impressed with Cylance’s unique approach
because it is forward-looking and capable of dealing with unknown threats with
unmatched accuracy and effectiveness. The company’s confidence in its capabilities and
products is quite evident; the company states that it consistently and successfully stops
over 99% of malware (competing cybersecurity firms come in at a distant second with
60% to 70% success rates). Also worth noting is that competitors’ performance drops to
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 5 “We Accelerate Growth”
almost 10% when dealing with mutated versions of threats while Cylance continues to
achieve a 99% success rate.
Growth Potential
Perimeter-based security technologies and antivirus solutions commonly use threat
protection methods that are overly-dependent on legacy technologies. However, as
continuous breaches suggest, these are not very effective, especially when more
sophisticated and/or targeted attacks occur. Poorly implemented security infrastructure,
untrained employees, and/or new threats have created an ecosystem that is almost set-up
for failure. Given the nature of IT infrastructure, cloud is a critical part of today’s systems,
plus employees are constantly accessing data and information. Thus, creating better
prevention capabilities for endpoints has become quite critical.
Endpoints are clearly the most vulnerable part across the entire IT system; hence, most
cyberattacks are initiated here. Cylance algorithms analyze all the objects, applications
and files coming from various endpoints to identify the good and bad files. Once Cylance’s
solution is deployed, both historical and real-time data are fed into the algorithm, which
self-learns and analyses potential threats and responses for endpoints to enable automatic
mitigation. At a juncture, where present-day solutions need to be patched and managed
for emerging threats, Cylance next-generation approach provides superior accuracy,
security, reliability and fidelity. Given its use of a math algorithm, it requires infrequent
updates averaging every six months, as opposed to most AV vendors that require daily
signature updates.
Another differentiator is that Cylance’s solutions can deal with mutations in the malware.
Traditional antivirus products cannot recognize and deflect malware that has mutated
from an earlier form, even if it is recorded in the antivirus database of signatures. Other
competitors offer a host of services; however, they tend to be based on blacklisting or
signature approaches, which must have seen, studied, and "fingerprinted" malware before
it can be recognized and stopped. The increasing numbers of zero-day and mutated
viruses requires traditional endpoint security tools to be updated on an almost daily basis,
and these updates are still unable to recognize many newly mutated threats.
CylancePROTECT, a non-signature based solution, is math-driven and enables pre-emptive
security protection without the need for constant updates. The solution’s ability to prevent
attacks before they actually start to execute is unique. This is particularly useful in critical
infrastructure applications, where availability is more important than confidentiality.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 6 “We Accelerate Growth”
Impact of Applications over Legacy Approaches
Legacy security approaches are completely reliant on signatures and blacklists. While their
ease of installation and use helped to spur a large number of organizations to implement
cybersecurity measures in the past two decades, with today's highly targeted malware
increasing in volume and sophistication, traditional antivirus is no longer considered
effective given the increasing complexity of attacks and greater number of threats.
Consider this, most organizations’ existing antivirus and perimeter security measures are
able to stop or prevent only 50% of the threats that they encounter; often, many of these
threats have already entered the system. When also considering the time needed to lock-
down the system and address the issue as well as the loss of employee productivity due to
the shutdown, the thought of using traditional cybersecurity has become widely
unattractive.
Many competitors are now trying to offer slight improvements over legacy approaches and
additional service extensions, but their improvements in identifying and stopping new
threats have been marginal at best. At the same time, most of these competitors have not
been able to pull the signatures out of their products. Plus, human intervention and
monitoring is a critical part of these competing systems where preventive action is only
taken once malware is already in the process of running. They also rely heavily on an
organization’s IT department to implement and monitor the process, which adds cost and
hassle for the enterprise.
Cylance’s malware identification capability is primarily supported by an ML research
platform, called Infinity, which uses cloud computing, Big Data analytics, and AI as a ML
“brain” for refinement of the algorithm while leaving only a lightweight agent that does
not need to be updated on each endpoint. The platform enables almost real-time decisions
on whether an object is good or bad. Cylance’s AI-enabled solution uses a proactive and
preventive approach to inspect each file before it runs, thus stopping the threat before it
can even start. It allows users to continue with their functions, as it halts the threat from
executing or progressing. The solution stays ahead of the curve and quarantines all
malware before it causes any harm. Cylance also offers a variety of professional services,
including a compromise assessment, which is often done for new customers that have
traditionally relied on a legacy AV product. Due to the technology, some of the services
can be accomplished remotely, without needing to scan machines or download an entire
disk image data for analysis. With Cylance’s AI-enabled solution, key identifiers help
threat professionals conduct analysis. Cylance’s advanced threat protection goes beyond
detection; it prevents attacks using CylancePROTECT®. In comparison to traditional
security solutions, Frost & Sullivan sees Cylance’s solution to be superior.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 7 “We Accelerate Growth”
Business Value to Customers
Cybersecurity has emerged as one of the top challenges for CEOs today. Organizations
typically rely on more than one vendor to cater to different security layers and
requirements. Despite this, they still won’t receive a complete guarantee of security and
remain vulnerable. Once malware enters the system, the impact on business can be
enormous. Companies can take months to find it and recover from the set back; a lack of
visibility further confounds users.
The Cylance solution, however, offers greater efficiency for IT resources. With its Alert
Management Service (AMS), the security teams in an organization gain access to a threat
researcher and expert, an Activity Management Engineer (AME), who can guide the
actions to take on the CylancePROTECT alerts. AMEs augments the existing IT team with
knowledge on the potency of the threat. The solution is backed by strong support in terms
of monitoring, processing, analysis, reporting, and protection increasing the value for
customers. Most competing solutions only offer platforms that need to be monitored by
the customer’s IT personnel. Cylance also offers a ThreatZero service which will bring
immediate value by working with the IT department to eliminate all the threats found by
the CylancePROTECT agent.
Further to Cylance’s efficiency, the solution uses less than 1% of users’ CPU (central
processing unit) capacity, limiting its impact on customers’ memory and processor. In
addition, the solution works without the need for Internet connectivity. This makes the
solution easy to deploy and prevention benefits can be realized without any network or
device interruptions. The solution works across an organization’s infrastructure, enabling
flexibility as deployment is simple and seamless across Windows and Mac OS. It can also
be easily integrated into an existing security ecosystem through open APIs and
transferrable log files. All of this enhances the business value for customers as they are
assured of efficient security without incurring excessive costs.
Customer’s Perception of Value
Customers across industry verticals are reeling under the speed with which cybersecurity
threats have increased. Internet Protocols (IPs) are being compromised and not keeping
up with compliance requirements. Cybersecurity is not a core function for most companies
and the constant struggle and lack of efficiency of existing systems increase problems for
customers.
Cylance offers one solution for a number of security threats, which include memory-based
attacks, malicious documents, zero-day malware, privilege escalations, scripts, and
potentially unwanted programs, thus enabling customers to reduce their number of
security systems. In trial runs where previously unknown threats and mutated versions
are used to determine efficacy, the company consistently outperforms its competitors.
Therefore, customers are increasingly relying on CylancePROTECT. The list of Cylance’s
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 8 “We Accelerate Growth”
clients (across more than 22 industries, with specific expertise in the segments of critical
infrastructure, energy, healthcare, retail, finance and education) clearly indicates the
value-appeal that customers see in the future-proof solution compared to the reactive
security solutions.
As one customer, a university IT manager mentioned, the previous traditional antivirus
software completely missed more than 200 threats, which resulted in a Cryptolocker file
being executed on their system. The significant number of endpoints in an education
system with most students and faculty carrying their own devices makes it extremely
vulnerable. The university has now deployed Cylance, which managed to rectify the earlier
problem in addition to providing better security.
Customer Ownership Experience
Cybersecurity needs to be dynamic with new threats emerge with frightening frequency.
As new companies and solutions are launched to keep pace with the increase in threats,
customers find it extremely difficult to decide which solution is the best for them. Often,
they enter into contracts where companies are not able to deliver what they promise. To
deal with this challenge, many customers work with established cybersecurity layer on
additive solutions and dedicate a large IT team to deal with constant outbreaks.
This is where Cylance offers a fundamentally different value proposition, by positioning its
product directly against larger AV vendors that insist on adding more layers and products.
In this scenario, Cylance has managed to exceed expectations and many customers have
chosen to replace all of their endpoint security layers with Cylance. Customer confidence
is climbing rapidly, which was also evident from the example of a major OEM we spoke to
that has equipped all of its systems with the Cylance solution indicating its complete belief
in the efficacy of the solution.
One of Cylance’s healthcare customers has 400 locations with 10,000 endpoints and it
covers 1.3 million patients. This entity had previously refocused its endpoint security
efforts on the time-consuming and reactive method of detection and response as its
prevention had continuously failed. Patient data is extremely sensitive and healthcare
companies have a high risk of being targeted. The customer replaced multiple layers of
endpoint security after discovering that these systems completely missed malware that
was custom designed to attack the organization. Cylance also discovered hundreds of
Potentially Unwanted Programs (PUPs) that could have allowed hackers into the system.
The customer expressed considerable satisfaction with the better security that it now
receives without any disruption to its work flow.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 9 “We Accelerate Growth”
Conclusion
Cylance’s innovative solution for cybersecurity has exceeded customers’ expectations. The
company has consistently outperformed other solutions (based on client data) in terms of
performance and in dealing effectively with unknown threats across endpoints. It has built
a strong base for the use of artificial intelligence (AI) in meeting the growing challenges
posed by hackers and cyber-attacks. Its independence from human intervention, Internet
connectivity, and regular updates to stop malicious malware, ensure its effectiveness and
has made the company a preferred solution provider for many customers. Because of this,
Cylance grown quickly and has developed various solutions for different industries.
Thereby, in recognition of its strong overall performance, Cylance is recognized with Frost
& Sullivan’s 2016 Award for Growth Excellence through Application Convergence.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 10 “We Accelerate Growth”
Significance of Growth Excellence through Application Convergence
Application convergence drives a spectrum of opportunities for value-enhancement as new
applications and ecosystems get created. Further, application convergence leads to
extension of customer value and unique points of differentiation. At its core, application
convergence or any other type of convergence can only be sustained with leadership in
three key areas: customer demand, business value, and competitive positioning.
Understanding Growth Excellence through Application Convergence
Application convergence leads to opportunities for new value creation in here to
undiscovered ways, resulting in new applications which outperform existing approaches
and drives superior performance by utilizing multiple system inputs.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 11 “We Accelerate Growth”
Key Benchmarking Criteria
For the Application Convergence Award, Frost & Sullivan analysts independently evaluated
two key factors— Application Convergence Impact and Customer Impact—according to the
criteria identified below.
Application Convergence Impact
Criterion 1: Completeness of vision
Criterion 2: Growth potential
Criterion 3: Ability to drive application ecosystem interest
Criterion 4: Disruptive capability of the application
Criterion 5: Impact of applications over legacy approaches
Customer Impact
Criterion 1: Business value to customers
Criterion 2: Customer's perception of value
Criterion 3: Customer ownership experience
Criterion 4: Customer service experience
Criterion 5: Brand Equity
Best Practice Award Analysis for Cylance
Decision Support Scorecard
To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool
allows our research and consulting teams to objectively analyze performance, according to
the key benchmarking criteria listed in the previous section, and to assign ratings on that
basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;
ratings guidelines are illustrated below.
RATINGS GUIDELINES
The Decision Support Scorecard is organized by application convergence attributes and
customer impact (i.e., the overarching categories for all 10 benchmarking criteria; the
definitions for each criteria are provided beneath the scorecard). The research team
confirms the veracity of this weighted scorecard through sensitivity analysis, which
confirms that small changes to the ratings for a specific criterion do not lead to a
significant change in the overall relative rankings of the companies.
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 12 “We Accelerate Growth”
The results of this analysis are shown below. To remain unbiased and to protect the
interests of all organizations reviewed, we have chosen to refer to the other key players
as Competitor 2 and Competitor 3.
Measurement of 1–10 (1 = poor; 10 = excellent)
Growth Excellence through Application
Convergence
Application
Convergence
Impact
Customer
Impact Average Rating
Cylance 9.0 9.0 9.0
Competitor 2 8.5 7.5 8.0
Competitor 3 7.1 6.9 7.0
Application Convergence Impact
Criterion 1: Completeness of Vision
Requirement: Ability to showcase a long-term vision and pioneer industry transformation.
Criterion 2: Growth Potential
Requirement: Ability to leverage the benefits of converging technologies and drive growth.
Criterion 3: Ability to Drive Application Ecosystem Interest
Success of application convergence depends on the ecosystem maturity, its partners and
strategy to build-out industry-specific solution
Criterion 4: Disruptive capability of the application
Requirement: The new application’s capability to replace existing market incumbents and
provide a path to long-term sustenance.
Criterion 5: Impact of applications over legacy approaches
Requirement: Capability of applications to deliver a set of superior solutions is key to win
support from customers.
Customer Impact
Criterion 1: Business Value to Customers
Requirement: Capability to deliver superior business value instead of simple substitution.
Criterion 2: Customer's Perception of Value
Requirement: Customer view-points on blurring of application and its potential to create
new revenue streams.
Criterion 3: Customer Ownership Experience
Requirement: Customers are proud to own the company’s product or service, and have a
positive experience throughout the life of the product or service
Criterion 4: Customer Service Experience
Requirement: Customer service is accessible, fast, stress-free, and of high quality
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 13 “We Accelerate Growth”
Criterion 5: Brand Equity
Requirement: New application enhances the company’s brand, creating and/or nurturing
brand loyalty
Decision Support Matrix
Once all companies have been evaluated according to the Decision Support Scorecard,
analysts can then position the candidates on the matrix shown below, enabling them to
visualize which companies are truly breakthrough and which ones are not yet operating at
best-in-class levels.
High
Low
Low High
Cu
sto
mer I
mp
act
Application Convergence Impact
Cylance
Competitor 2
Competitor 3
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 14 “We Accelerate Growth”
The Intersection between 360-Degree Research and Best
Practices Awards
Research Methodology
Frost & Sullivan’s 360-degree research
methodology represents the analytical
rigor of our research process. It offers a
360-degree-view of industry challenges,
trends, and issues by integrating all 7 of
Frost & Sullivan's research methodologies.
Too often, companies make important
growth decisions based on a narrow
understanding of their environment,
leading to errors of both omission and
commission. Successful growth strategies
are founded on a thorough understanding
of market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degree research methodology provides an evaluation platform for
benchmarking industry players and for identifying those performing at best-in-class levels.
360-DEGREE RESEARCH: SEEING ORDER IN
THE CHAOS
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 15 “We Accelerate Growth”
Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices
Frost & Sullivan Awards follow a 10-step process to evaluate award candidates and assess
their fit with select best practice criteria. The reputation and integrity of the Awards are
based on close adherence to this process.
STEP OBJECTIVE KEY ACTIVITIES OUTPUT
1 Monitor, target, and screen
Identify award recipient candidates from around the globe
Conduct in-depth industry research
Identify emerging sectors Scan multiple geographies
Pipeline of candidates who potentially meet all best-practice criteria
2 Perform 360-degree research
Perform comprehensive, 360-degree research on all candidates in the pipeline
Interview thought leaders and industry practitioners
Assess candidates’ fit with best-practice criteria
Rank all candidates
Matrix positioning all candidates’ performance relative to one another
3
Invite thought leadership in best practices
Perform in-depth examination of all candidates
Confirm best-practice criteria Examine eligibility of all
candidates Identify any information gaps
Detailed profiles of all ranked candidates
4
Initiate research director review
Conduct an unbiased evaluation of all candidate profiles
Brainstorm ranking options Invite multiple perspectives
on candidates’ performance Update candidate profiles
Final prioritization of all eligible candidates and companion best-practice positioning paper
5
Assemble panel of industry experts
Present findings to an expert panel of industry thought leaders
Share findings Strengthen cases for
candidate eligibility Prioritize candidates
Refined list of prioritized award candidates
6
Conduct global industry review
Build consensus on award candidates’ eligibility
Hold global team meeting to review all candidates
Pressure-test fit with criteria Confirm inclusion of all
eligible candidates
Final list of eligible award candidates, representing success stories worldwide
7 Perform quality check
Develop official award consideration materials
Perform final performance benchmarking activities
Write nominations Perform quality review
High-quality, accurate, and creative presentation of nominees’ successes
8
Reconnect with panel of industry experts
Finalize the selection of the best-practice award recipient
Review analysis with panel Build consensus Select winner
Decision on which company performs best against all best-practice criteria
9 Communicate recognition
Inform award recipient of award recognition
Present award to the CEO Inspire the organization for
continued success Celebrate the recipient’s
performance
Announcement of award and plan for how recipient can use the award to enhance the brand
10 Take strategic action
Upon licensing, company may share award news with stakeholders and customers
Coordinate media outreach Design a marketing plan Assess award’s role in future
strategic planning
Widespread awareness of recipient’s award status among investors, media personnel, and employees
BEST PRACTICES RESEARCH
© Frost & Sullivan 2016 16 “We Accelerate Growth”
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best in class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in
partnering with Global 1000 companies, emerging businesses and the investment
community from 31 offices on six continents. To join our Growth Partnership, please visit
http://www.frost.com.