Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Logan Gilbert, vice president of products, Ziften Technologies
2019 Predictions for Endpoint Security from Edge to Cloud
If 2018 taught the industry anything, it is that endpoint
security isn't a fair fight. Companies have to protect each and every endpoint,
while attackers only need to breach one. That might explain why attackers love
your endpoints.
In 2019, a trio of key elements protects the enterprise, starting with
multi-factor authentication, end-user awareness training, and the deployment of
proper endpoint visibility tools with posture hardening and protection.
Here
are 4 trends in endpoint security for 2019:
1. Endpoint
Security for Servers, and Cloud
Endpoint security isn't just for endpoints. As EDR and endpoint security become
more synonymous, expect to hear more about endpoint security delivering on the
unique demands of cloud workload protection and virtualized resources (VMs).
Much of the focus of EDR has been on end-user client devices or what most think
of when they hear the term "endpoints". But the same need exists for
on-premises Windows and Linux servers, and for virtual and container workloads
in private or public cloud environments. Common endpoint security solutions
across all of these "endpoints" is starting to occur and will become more
universal.
2. Machine
Learning (ML) for Improved Endpoint Protection
Machine
learning, or what is often referred to in marketing materials as artificial
intelligence (AI), is all the rage in the cyber-security world and that is also
the case in endpoint security. But I don't mean to belittle the topic, as it's
a very important endpoint security trend that is not going away. Roark Pollock
addresses the topic well in the following excerpt from his blog titled "The Growing Role of Artificial Intelligence in Cybersecurity."
3. Endpoint
Agent Consolidation.
Endpoint security has been undergoing consolidation
from the very early days, and it continues today. In the early days anti-virus
and anti-malware and personal firewall products were being consolidated into a
single suite. Now we're seeing consolidation of siloed endpoint security tools
into a single agent that enables centralized management of these multiple
security functions. Regardless of the functions being incorporated into a
single agent, the emphasis is on simplifying the overall solutions for
customers.
There is a baffling number and type of tools today that profess to offer or
help with endpoint security each of which have their own individual agent
running on the endpoint. That explains why companies report to having ten or
more agents running on their endpoints for a wide array of security functions.
Thus, endpoint security vendors are responding by simplifying their offerings
and consolidating their functionalities into a single agent.
4. Rapid
Consolidation of EPP and EDR
Similar to the consolidation happening at
the endpoint agent level, there is also a massive move underway in the endpoint
security market with the consolidation of what Gartner refers to as endpoint
protection platforms (EPP) and endpoint detection and response (EDR).
Established EPP / tradition AV vendors are rapidly moving to add EDR
capabilities. While dedicated contemporary EDR vendors are adding prevention
capabilities. This is bringing about a rapid consolidation of these heretofore
massive individual markets.
Today, companies want endpoint security solutions that combine pre-execution
prevention, post-execution detection, and response / remediation capabilities
at a minimum into one, holistic solution. Currently, Gartner estimates that "approximately 40% of EDR deployments are using both EDR and EPP
from the same vendor." Assuming this trend continues, we can
probably expect to see this number increase in future years.
Conclusion:
When
it comes to EDR, the more you know and the wider you cast its net, the more
successful your enterprise will be in protecting from outside attacks. Do the
following three things to help protect all your endpoints:
1.
Deploy multi-factor authentication.
2. Conduct
regular end-user security awareness training.
3.
Deploy endpoint security providing visibility, posture hardening, and
protection.
##
About the Author
Logan Gilbert serves as vice president of products for Ziften Technologies of Austin TX, where he is responsible for leading the security solution vision from conceptualization to delivery to provide customers with unprecedented endpoint protection and visibility. Gilbert is a 20 year security industry veteran with direct experience as a technology solution architect and CISO, a product leader, business development executive and a network security analyst. Prior to joining Ziften, Gilbert worked at 21CT, leading several research and development efforts for Department of Defense (DOD) research organizations, including research related to cyber security, from which he earned his first patent (U.S. Patent 7,530,105: Tactical and Strategic Attack Detection and Prediction). Several of these efforts transitioned as operational solutions still in use by his former customers at the 25th Air Force and other intelligence agencies. Logan held a Top Secret clearance during his time at 21CT. Gilbert holds a Bachelor of Science, from the University of Texas, College of Computer Science.