2015 Predictions: Endpoint Security

As 2014 comes to a close, our subject matter experts check in on what they see as major topics and trends for the new year. (You can read all of our 2015 predictions content here.)

1. Customers will stop paying for failed technologies

It has become abundantly clear that traditional approaches to endpoint security are no longer effective. In this era of advanced threats, the endpoint is the critical line of defense that has not been adequately protected. Signature based anti-malware, behavior detection, or even whitelisting are not sufficient to protect against the most advanced malware and exploits.

Security professionals have taken note and have started to seek new endpoint protection technologies. The failure of traditional anti-malware also leaves security professionals wondering if they should continue to pay for expensive endpoint security suites that are no longer effective. According to Forrester’s Chris Sherman, “[security professionals] are now more than ever looking to augment or replace their failing antimalware tools with more effective solutions.” In a recent report, he also mentions that a “firm recently told Forrester that it’s looking to replace its third-party anti-malware tools with native OS-supplied anti-malware.”

I can tell you both from my own recent experience as a CISO and from speaking with customers that this is a very real trend. Evidence has already shown that customers’ willingness to pay for these failing technologies has eroded. According to Gartner, license revenue per seat was seen to be declining at the end of 2012.

We recently surveyed our customers and received 555 responses to this question: “Would you consider switching to 'free' enterprise Antivirus in order to fund more advanced endpoint protection for your company?” Forty-four percent responded either “Absolutely,” “Likely,” or “Already in progress.” What does this mean? It means that in 2015 we will see many organizations opt for free anti-malware products like Microsoft’s System Center Endpoint Protection (SCEP), which some customers will find they already own due to enterprise license bundling.

The significance of that 44 percent should not be understated. Many organizations are on a three year renewal cycle for anti-malware. So does that mean vendors of traditional endpoint anti-malware products should expect to lose approximately 14.67 percent of their renewals each year for the next three years? This depends on whether customers will be able to translate intentions into action by finding appropriate replacements for failing endpoint products.  Time will tell, but this will be a trend to watch in 2015.

2. Increased focus on the endpoint

In light of the many security breaches in the news these days, security professionals are re-examining strategies around advanced threats. In particular, two things have become clear: 1) strategies focused on network-based detection and response will continue to fail, and 2) advanced threat prevention is required on the endpoint.

Detection and response are necessary components of any security strategy but should not become primary objectives. The focus here is on finding breaches as quickly as possible and mitigating the damage. This has played out in companies detecting breaches months or years after they first occurred, leaving the company to deal with a massive and prolonged data breach that becomes a public nightmare for customers, executives, and investors. No software product can remediate that damage.

Network based controls, especially those that focus on prevention of advanced threats, are necessary but not sufficient. The last line of defense remains the endpoint itself and it is clear that network controls alone cannot block the most advanced threats. Furthermore, many organizations are faced with increasingly vulnerable endpoints because they still run Windows XP, which is no longer supported with security patches. The same will soon be true of Windows Server 2003. Now that many organizations have already adopted advanced threat prevention on the network, the endpoint will come into focus in 2015.

3. Consolidation of dynamic threat analysis onto Next-Generation Firewalls will make room in the security budget for Advanced Endpoint Protection

Many customers that I speak with are keen to reduce the number of disparate security vendors that comprise their security architecture. Organizations began this by eliminating separate IPS and URL filtering devices in favor of a Next-Generation Firewall. Then the need for network based dynamic analysis of files arose in order to detect advanced threats. Many customers added yet another set of devices onto the network.

Innovation has once again brought about a new opportunity for consolidation. Cloud based dynamic analysis on a Next-Generation Firewall not only reduces cost and administrative overhead, but also maximizes the ability to prevent, rather than just detect advanced threats. The next step is to integrate this with advanced protection on the endpoint via shared threat intelligence and the result is a platform that is far stronger than the sum of its parts. In 2015, I expect to see more customers eliminating point solutions for dynamic analysis that do on-device sandboxing in favor of integrated security platforms that leverage dynamic analysis in the cloud, enabling shared threat intelligence.

Endpoint security is among many industry-specific topics planned for Ignite 2015, where you will tackle your toughest security challenges, get your hands dirty in one of our workshops, and expand your threat IQ. Register now to join us March 30-April 1, 2015 in Las Vegas — the best security conference you’ll attend all year.