Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Éric Leblond, Chief Technology Officer, Stamus
Networks
The agentless attack surface poses an escalating challenge for
organization defenders, and this issue is set to intensify in 2025 as network
environments with agentless technologies will continue to expand. These include
a growing array of connected devices and cloud infrastructure, with the global cloud market
projected to grow from approximately $262 billion in 2024 to over $837 billion
by 2034, according to Precedence Research. For example, a hospital client of ours has told us
they cannot install an endpoint detection agent on 52% of the devices on their
network.
To confront this critical cyber defense gap, 2025 should be
the year security teams proactively fortify networks, protect sensitive data,
and counteract the advanced tactics of today's cybercriminals.
Dangers of the
Agentless Attack Surface
Endpoint Detection and Response (EDR) has been a mainstay in
detecting threats before they infiltrate critical IT infrastructure. However,
as environments increasingly expand to the cloud, IoT, operational technology
(OT), and more, endpoint agents often can't be deployed or are less effective
in these scenarios.
Imagine a university where thousands of students and faculty
bring their own devices onto campus or a hospital with thousands of connected
medical devices alongside traditional IT infrastructure. Such environments
present rich targets for cybercriminals precisely because endpoint protection
is limited or nonexistent, making it easier for attackers to evade detection.
In these cases, visibility into network activity becomes
crucial. When threat actors bypass endpoints and begin navigating within the
network, how can security teams identify this behavior? Even when detected,
they may lack the critical insights and threat intelligence necessary for swift
remediation before the damage escalates.
The challenges don't end with agent limitations. Attackers
are also developing methods to disable endpoint protections entirely. For
instance, Sophos recently uncovered a tool called
"EDRKillShifter," designed to terminate endpoint detection software, paving the
way for ransomware attacks. This reinforces the need for a second line of
defense-one that can step in when endpoints are compromised or rendered
ineffective.
Taking a Layered
Approach to Network Security
As agentless attack surfaces expand, understanding the
threats these bring to organization security is essential. While EDR remains a
valuable tool, it's no longer sufficient on its own. In the year ahead,
organizations should adopt a layered security approach by integrating Network
Detection and Response (NDR) alongside EDR. By extending visibility beyond
traditional network segments, NDR analyzes traffic patterns and detects
anomalies across agentless environments, providing the broad visibility security
teams need.
NDR doesn't merely act as a backup if EDR fails-it enhances
overall security posture by uncovering lateral movement, insider threats,
supply chain attacks, misconfigurations, and more, all of which can be
remediated before escalating into major incidents. This added visibility can
make the difference between quickly isolating an endpoint or falling victim to
a full-scale ransomware attack.
With cybercriminals continually innovating their tactics,
it's vital for organizations, from small businesses to large enterprises, to
prioritize comprehensive threat detection and response. Expanding agentless
surfaces need not equate to unprotected ones. By adopting a layered approach,
security teams gain critical network visibility and threat intelligence,
enabling faster, more effective action. As agentless attack surfaces grow in
2025, now is the time for organizations to address this significant security
gap.
##
ABOUT THE AUTHOR
Éric Leblond has more
than 15 years of experience as co-founder and CTO of cybersecurity software
companies and is an active member of the security and open-source communities.
He has worked on the development of Suricata - the open-source network threat
detection engine - since 2009, is a board member of OISF, and is an emeritus
member of the Netfilter Core Team for the Linux kernel's firewall layer.