Email security refers collectively to the prediction, prevention, detection and response framework used to provide attack protection and access protection for email. Email security spans gateways, email systems, user behavior, content security, and various supporting processes, services and adjacent security architecture. Effective email security requires not only the selection of the correct products, with the required capabilities and configurations, but also having the right operational procedures in place.
The Endpoint Detection and Response Solutions (EDR) market is defined as solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. EDR solutions must provide the following four primary capabilities: • Detect security incidents • Contain the incident at the endpoint • Investigate security incidents • Provide remediation guidance
Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed end-user endpoints — including desktop PCs, laptop PCs, and mobile devices — against known and unknown malicious attacks. Additionally, EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents deployed to endpoints and connected to centralized security analytics and management interfaces.
Managed detection and response (MDR) services provide customers with remotely delivered security operations center (SOC) functions. These functions allow organizations to rapidly detect, analyze, investigate and actively respond through threat disruption and containment. They offer a turnkey experience, using a predefined technology stack that commonly covers endpoint, network, logs and cloud. Telemetry is analyzed within the provider’s platform using a range of techniques. This process allows for investigation by experts skilled in threat hunting and incident management, who deliver outcomes that businesses can act upon.
TI products and services deliver knowledge, information and data about cybersecurity threats and other organization-specific threat exposures, including but not limited to indicators of compromise (IOCs), threat actor attribution and campaigns. The output of these products and services aim to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPs). The intent is to enable better decision making and improve security technology capabilities to reduce risk and the chance of being compromised.