Endpoint security is in many ways the direct descendent of the first forms of computer protection in the earliest days of IT. But it's a rapidly developing category, as organizations look to coordinate control of the PCs, servers and phones on their networks to keep out malware and intruders. Let's look at what the year ahead has in store for the industry, as multiple vendors scramble for your attention and money.
What is endpoint security?
Endpoint security is a security approach that focuses on locking down endpoints— individual computers, phones, tablets and other network-enabled devices — in order to keep networks safe. That might sound like a fancy name for putting a firewall and antivirus software on your PC, and indeed in the early days of the category there was some suspicion that it was a marketing buzzphrase to make antivirus offerings sound cutting edge.
But what distinguishes endpoint security offerings from simple home computer protection is that idea that the security tools on the endpoints are managed centrally by corporate IT. The security measures run on two tiers: there are software agentsthat run in the background on endpoints, and a centralized endpoint security management system that monitors and controls the agents. That management system can be a control panel monitored by IT staff or an automated system … or some combination of the two (more on that in a moment).
You'll sometimes hear the phrase endpoint protection used interchangeably with endpoint security.Gartner defines an endpoint protection platform as "a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single and cohesive solution." So, strictly speaking the term can include products that aren't centrally managed, though just about anything marketed to enterprise-class customers will be. And, yes, you do sometimes catch companies touting their antivirus products as "endpoint protection." Let the buyer beware.
Trends in endpoint security
Of course, as threats evolve, endpoint security suites must evolve as well. In 2018, expect endpoint security vendors to work to catch up with the following five trends:
- Machine learning and AI. As threats accelerate, they'll become too much, too fast for any human to keep up with in real time. Much of the moment-to-moment scutwork of endpoint security will be increasingly automated, with machine learning and artificial intelligence examining traffic and identifying threats, and only the most pressing needs being escalated to human attention. Machine learning capabilities are already being rolled out in Microsoft's endpoint security offerings, for instance.
- SaaS-based endpoint security. Traditionally, centralized endpoint security management systems run on a server or appliance that an organization deploys and cares for in-house. But with cloud- or SaaS-based services becoming increasingly trusted as part of IT's day-to-day operations, we're seeing endpoint security management being offered as a service, with vendors like FireEye, Webroot, Carbon Black, Cybereason and Morphick all moving into the space. In some ways, this is not unlike the move to machine learning — companies are offloading responsibility for managing endpoint security away from their own internal staffers — and of course many of these SaaS services are using machine learning behind the scenes as well. The upshot is the rise of the managed security provider as market segment.
- Layered protection against fileless attacks. Fileless attacks, which are perpetrated by malware that resides entirely in RAM and is never written to disk, is an attack vector growing at an alarming rate. Endpoint security vendors are rushing to provide the layered defense necessary against this type of attack. Often it's necessary to combine this with automation and machine learning, as current tools can generate a number of false positives, and chasing them down will devour precious IT resources. But it's a crucial feature that any endpoint security vendor will need to offer to worried customers.
- Putting IoT devices under the protective umbrella. One of the big stories of internet security over the past few years is that literally billions of internet-connected "things" — cameras, sensors, routers, what have you — are out there quietly doing jobs without the protection that a device with their computing and network capabilities ought to have. For an example, look no further than the Mirai botnet, which college students created by hijacking thousands of closed-circuit TV cameras to launch DDoS attacks against rival Minecraft server hosts, accidentally launching some of the biggest denial of service attacks ever recorded. While many IoT devices are running bespoke OSes that are difficult to manage, the majority are running Linux, iOS, Android, or even Windows variants, and endpoint management vendors are starting to develop software agents that can run on them and bring them in from the cold.
- Reducing complexity and consolidating agents. As the market segment has grown, many endpoint security vendors have offered a proliferating and bewildering array of tools, each targeting a specific kind of attack or vulnerability. The upshot is that companies have as many as seven different software agents running on each endpoint, each of which needs to be managed separately. Endpoint security companies are aiming to unify their offerings into consolidated suites; Symantec, for instance, has one that deploys a single common endpoint security agent.
What does the future hold? ESG research surveyed cybersecurity and IT pros about their biggest endpoint security challenges. In addition to false alarms and lack of automation, many cited a desire for built-in remediation capabilities, including terminating processes, deleting files, and rolling back system images, that will save IT staff from the work of repeatedly and manually reimaging compromised systems. Hopefully some smart vendors out there are listening.
Endpoint security software and tools
Gartner's Customer Choice Awards from 2017 give you a good introduction to who's who in the endpoint security vendor space. You'll find names you might recognize from the consumer realm, like Microsoft and Symantec, along with other more specialized companies, like Cylance, CrowdStrike, and Carbon Black. Gartner also offers links so you can make an endpoint security software comparison.
For more in-depth information on some of these products, see CSO's endpoint security software reviews.
- Digital Guardian: The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting.
- enSilo: The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate.
- Minerva: Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection.
- Promisec: Every organization can use a little help managing their detection and response of threats, and the many issues that crop up every day within their enterprise. Promisec can provide that help, wrestling endpoints into compliance, automatically if desired, and keeping a watchful eye over them to ensure they stay that way.