Outlook for Endpoint and

Mobile Security

Rob Smith
@Mastidon

© 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form
without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact. While the information contained in this
publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research
may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are
governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or
influence from any third party. For further information, see "Guiding Principles on Independence and Objectivity."
What Is an Endpoint, Exactly?

And Why Do You Need to Secure It?

2 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues

1. How is endpoint security evolving?

2. How should endpoints be protected in a cloud world?
3. How can data be protected if the device and connection can’t be?

3 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues

1. How is endpoint security evolving?

2. How should endpoints be protected in a cloud world?
3. How can data be protected if the device and connection can’t be?

4 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Endpoint OSs Provide Maturing Security Controls

EPP Console

App Store Curation Application Isolation

Platform Hardening
OS Restrictions
Inbuilt Protection Device
Structured Visibility Attestation

Built-In Antivirus

5 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The Evolution of Endpoint Protection Tools
Antivirus Advanced Antivirus EDR EDR + Automation
Definition Based With Machine Learning Detect and Respond Fully Featured

• File Scanning As per Antivirus plus: • Streaming of As per EDR plus:

• Allow List/Block List • Machine Learning or Endpoint Telemetry • Automated
Behavioral Detection to Server/Cloud Rollback/Remediation
• Memory Protection
• Recognition of • Lookup of “Unknowns” • Threat Intelligence
Add-ons: Remote Control and
Malware/System • SOAR/API Integration
• Device/Application Administrator Tools Device Intervention
Control Used as Exploits • Big Data Analytics • Real-Time Response
• Data Leakage • Pattern Detection and • Threat Hunting
Prevention Identification of Rogue
• Patching/Compliance Network Activity/C2
Call Home
Source: Gartner
ID: 380177
6 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
MDM Is Not the Same as Mobile Threat Defense

MTD Dashboard
Device information
Attack
Trends Remediation
MTD Server Analysis

Normal
Behavior Data Device information
MTD App MTD
(app inventory, OS,
Alerts UEM App
model, device UEM

Malicious status, …) (Privileged)

Behavior Data UEM Dashboard

Reputation Remediation
Feeds

7 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Evolution to a Single Unified Endpoint Security
(UES) Product

Client Management Enterprise Mobility Management Unified Endpoint Management

Tools Management
Security
Management
EPP MTD Unified Endpoint Security
Prevention EPP

Detection
EDR EDR MTD
Remediation

Today we use a mishmash In the long term, we will have

of different tools that leave gaps a single point of control for
in endpoint defense configurations and updates

8 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
 Why Protect
the Device?

Protect the
Connection Instead …

9 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Are You Still Doing Always-On VPN?

SaaS IaaS

CASB ZTNA

VPN VDI

On-
premises BYOD
CASB

• Primary use case for remote

access: SaaS (i.e., Microsoft
365, G Suite, Salesforce)
• CASBs are purpose-built for
protecting access and data
in SaaS applications
• Can provide faster
connectivity for remote users
– Eliminates the
“traffic trombone”

11 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
ZTNA
• For the use case of IaaS
applications, a ZTNA
product can be the
right choice
• Combines strong identity
and authentication controls
• Can also restrict access
based on device,
and network UES

• Can forcibly install UES

as part of authentication
• Ideal solution for
BYOPC/BYOD
12 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
When Security Matters Most — Virtualize
• For untrusted devices
or users, VDI can be
an option
• Prevents enterprise
data from making it
to the device, and
less portable
• Caution: End-user
bandwidth can be a
limiting factor here

13 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
 Forget About
the Rest …

14 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
 It’s All About Regulation and Data
the Data Compliance Residency

Data Accidental Data Destruction

Sovereignty Data Loss (Ransomware)

15 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Not All Data Is Equal

≠
16 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Myriad Solutions

Full Disk Encryption DLP DCAP

• Provided by OS • Prevent outbound data loss • Discover
• All about key management via email • Classify
• Basic protection against • Solve the Dropbox problem • Monitor and control
lost/stolen devices • Prevent against
Sneakernet “USB” IAM
• Identify the who as well
CASB as the what
• Protect data in the cloud
Cloud Data
Protection Gateway
• Encrypt or at least tokenize
data going into cloud

17 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Recommendations

Plan for the evolution to a UES console.

Protect endpoints to protect data.
Protect the data when it leaves the endpoint as well.
Use CASB and ZTNA to protect access in a cloud world.
Classify what data is important before trying to protect it all.
Pick the appropriate controls based on that classification.
Expect attackers to be smarter than you so evolve with
the technology!
18 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Recommended Gartner Research

Hype Cycle for Endpoint Security, 2020

Dionisio Zumerle and Rob Smith (G00450232)
Solving the Challenges of Modern Remote Access
Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne (G00722990)
The Long-Term Evolution of Endpoints Will Reshape Enterprise Security
Dionisio Zumerle (G00365511)
Market Guide for Endpoint Detection and Response Solutions
Paul Webber, Prateek Bhajanka, Mark Harris and Brad LaPorte (G00380177)
Endpoint Detection and Response Architecture and Operations Practices
Jon Amato, Anton Chuvakin and Augusto Barros (G00367740)
Market Guide for Mobile Threat Defense
Dionisio Zumerle and Rob Smith (G00376573)
For information, please contact your Gartner representative.
19 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.