Stats & Trends
The Barkly Team
Apr 2018

New Survey Reveals Endpoint Security Priorities


As advanced attacks become more commonplace, a demand for stronger protection and automated response capabilities is trickling down into the mid-market.

With the majority of today’s attacks actively evolving to become more evasive, security priorities are shifting. Advanced attack tools and techniques are increasingly finding their way downstream into the hands of average cyber criminals, and as a result, small and mid-market organizations are finding themselves overmatched and seeking to level-up their endpoint security accordingly.

To determine what additional endpoint security capabilities small and mid-market organizations are looking for, specifically, and how those capabilities map to their actual priorities and needs, we surveyed IT and security pros at companies ranging from 50 - 10,000 endpoints.

Here’s what we found.

The top priority for endpoint security is on improving protection

  • 60 percent of respondents say adding/improving protection is their current top priority
  • 40 percent of respondents say adding/improving investigation and response capabilities is their current top priority

88 percent of respondents believe there are types of attacks (ex: fileless) that their current endpoint security can’t block. As a result, 60 percent said adding/improving protection is their #1 priority, while 40 percent said their current top priority is adding/improving investigation and response capabilities.

The most essential endpoint security features, ranked

Getting more granular, small and mid-market organizations consider the following to be the most essential features they’re looking for in an endpoint security solution:

  1. Antivirus / anti-malware
  2. Incident containment (quarantining)
  3. Incident remediation
  4. Forensics / root cause analysis
  5. Threat hunting
  6. Device control
  7. Application whitelisting


Better protection is the top priority, followed by additional investigative capabilities. Small and mid-market organizations clearly what more actionable information and features from their endpoint security solution, and may be beginning to see basic antivirus (AV) capabilities as simply table stakes.

Lack of time and resources calls for easier investigation capabilities

  • 45 percent of respondents say they don’t have adequate time each week to investigate and respond to incidents
  • 71 percent aren’t sure they would be able to fully utilize new security capabilities in-house without additional staff/resources

Organizations may want additional response capabilities, but 45 percent also admit they currently don’t have enough time to investigate and respond to the incidents they’re already seeing now. Adding to that workload with complex endpoint detection and response (EDR) solutions without considering current limitations is obviously not a productive answer.

Top challenges with current endpoint security solutions

  1. Slows down user machines (27 percent)
  2. Lack of visibility into incidents (27 percent)
  3. Not blocking all threats (25 percent)
  4. Too many false positives (25 percent)
  5. Limited investigative/response features (25 percent)
  6. Difficult/time-consuming to manage (18 percent)
  7. Don’t have time/resources/expertise in-house to fully utilize (18 percent)
  8. Doesn’t sync with other tools (8 percent)

While lack of visibility into security incidents and limited investigative capabilities are top complaints, the other primary concerns that respondents have with their current endpoint security solutions center around their (lack of) effectiveness and practicality.  


In short, they wish their solution would simply block more attacks, not flood them with false positives, be quick and easy to manage, and not slow down machines.


Lack of confidence in current endpoint security solutions is driving small and mid-market organizations to invest in improved protection as well as supplemental response capabilities. Because IT teams (the group most commonly responsible for security at the organizations we surveyed) don’t have the time or resources necessary to conduct additional response and investigative work, however, the priority is on protection that reduces that workload in the first place.

Based on these survey responses, the ideal security solution for small and mid-market organizations meets the following criteria:

  • Blocks more attacks, reducing investigation and response workload
  • Produces fewer false positives, again reducing investigation and response workload
  • Provides automated investigative and response capabilities that are easy to use and shorten the workflow

Barkly combines stronger protection with easier investigation built for small teams

With the launch of Barkly 3.0, Barkly now provides organizations with the ability to quickly and easily respond to attacks with 1-click response and remediation, root cause identification, and attack visualization.

Simple 1-Click Response from any device:

  • Endpoint isolation: Empowers administrators to simply remove a device from the network to contain an attack when a malicious incident is identified. Once they have completed their investigation, administrators can easily bring the device back online using Barkly’s portal on their desktop or smartphone.
  • File quarantine & delete: When Barkly blocks an executable, it can be automatically quarantined to prevent the end user from accessing and making new attempts to execute it. This ensures containment, reduces noise, and enables administrators to access the file for further investigation or delete it permanently from the device.

Automated Root Cause Identification:

  • Automated end-user insights: An automated, interactive way for users to provide context for administrators on their activity when a malicious file or process was blocked. This automated feedback loop enables faster, simpler, and smarter incident and attack investigation. Through this automation, organizations can now increase productivity by reducing the time spent on incident investigation.  
  • Incident Path Visualization: Enables administrators to trace malicious processes detected by Barkly back to their origins in a simple, intuitive way. This allows organizations to understand what caused the incident and leverage the insights to improve their strategy moving forward.

These are features built to help time and resource-strapped teams better protect their organizations from today's modern threats. 

The Barkly Team

The Barkly Team

Providing the latest security alerts and updates with context that makes them useful.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.