Gartner Research

Next Steps in Endpoint Malware Protection

Published: 07 July 2014

ID: G00262346

Analyst(s): Mario de Boer

Summary

Malware protection on endpoints is alive and well, but security professionals must understand the various technologies to protect against advanced threats. Architects must balance the efficacy of new technologies against user impact. This assessment compares endpoint malware protection technologies.

Table Of Contents

Comparison

  • Technologies in Scope
  • A Comparison of Endpoint Malware Protection Technologies
  • Assessment Criteria Used in the Comparison

Analysis

  • Scope
  • The Importance of Malware Protection on the Endpoint
    • Protection Is Not Futile, Even If Detection Becomes More Important
    • Focus on Endpoint, but the Network Remains an Important Ally
  • From Broad Campaigns to Targeted Attacks: Developments in Modern Malware
    • Advanced Attacks and Zero Days
  • Effective Blocking Is Blocking Close to the Exploit
  • Malware Protection in Modern Operating Systems
    • Operating System and Client Application Security Features and Functionality
  • Exploit Technique Mitigation at the OS and Application Layers
  • Successes and Failures of Signatures and Heuristics
  • Handling Suspicious Files
  • Feature Extraction Based on Machine Learning
  • Application Control
  • Malware Behavior Analysis
  • Malware Containment on the Endpoint
  • Market and Trends

Guidance

  • Don't Give Up on EPP, Rather Look for Complements
  • Optimize and Integrate Before Expanding
  • Choose Endpoint Solutions Only If You Understand Their Efficacy
  • Categorize Your Endpoints
  • Select and Test for Interoperability

The Details

  • Hardware Assistance for Even Deeper Control
  • If and How Technologies Protect Against Common Threats
    • A New Java Zero Day Through Internet Explorer
    • A New Kernel Zero Day
    • A User Installing a Malicious Program

Notes

Gartner Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.