Threat actors continue to exploit vulnerabilities across endpoints and cloud environments. The bad guys are ramping up their efforts.
Not only are they raising the volume of phishing emails and other strategies to penetrate the network. They are innovating on how they use identities and stolen credentials to bypass legacy defenses, in order to reach their goal of penetrating networks and stealing data.
As a result, there has been a big upsurge in ransomware attacks and data breaches. Organizations are struggling to defend themselves, as they are being faced with ever-evolving strategies organized by a cybercriminal fraternity that has grown in sophistication.
For example, there are many different echelons in play in the cybercrime world. From lone wolf hackers to whiz kid developers and all the way up to organized crime syndicates that buy services from the smaller players and provide them with resources to do more harm. When the little guys catch the big fish, they bring it to the major players who take it from there.
In such an environment, endpoints need more protection. Here are some of the top trends in the endpoint protection market:
1. Identity-based approach
Endpoint protection is thus expanding from traditional endpoints to all types of workloads: cloud, identity, data, etc., said Patrick McCormack, SVP of platform engineering, CrowdStrike.
As the quarantine protocols from the COVID-19 pandemic made clear, the traditional “castle-moat” approach no longer applies to the more common distributed workforces. Both work and personal endpoint devices are now on organizational networks.
“Organizations now need to adopt a more identity-based approach to protect their endpoints every step of the way through the network,” McCormack said.
2. Don’t Protect Endpoints in Isolation
Endpoint protection used to be a discrete technology. It was typically done in isolation. But those days are long gone. Nowadays, endpoints need protection on multiple fronts.
“Organizations must secure all critical areas of enterprise risk — endpoints and cloud workloads, identity and data — with solutions that deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritized observability of vulnerabilities,” said McCormack with CrowdStrike.
“Strong IT hygiene with an asset inventory and consistent vulnerability management is crucial as well in properly defending the modern-day endpoint.”
3. BYOD Security
Tom Bridge, principal product manager of Apple Technologies at JumpCloud, points to a big change in endpoint protection related to bring your own device (BYOD) policies.
“Better support for BYOD devices to lightly manage, or even just enable, personal devices is a big part of the current endpoint management world,” Bridge said.
Both Jamf and JumpCloud are now offering BYOD device support for Apple devices to deploy apps and accounts securely to personal devices and provide lightweight management and enablement for their end users. The whole idea is to get people working as securely as possible and that can mean work profile-style management for Apple devices.
4. Patch Management Incorporation
Patch management is a vital organizational function. It has been found that one of the biggest reasons for data breaches is unpatched systems.
But it usually isn’t very recent patches that are the problem. It isn’t patches that have been issued within the last few weeks and the organization hasn’t yet deployed but are fully intending to. No. It is often well-publicized patches that have been out for months and sometimes several years that the bad guys are harnessing to break into enterprises.
But patch management used to be a separate tool. And now it is being incorporated into larger endpoint protection packages. Some vendors include patch management with vulnerability scanning. Others include it with antivirus and antimalware tools.
“Endpoint managers are beginning to bleed into the patch management space, using the management frameworks to implement more and better policies than the traditional patch management practitioners,” said Bridge with JumpCloud.
“Bringing patch management to device management means better security based on proven methods of update delivery.”
5. Zero-trust network access
Zero-trust network access (ZTNA) is sometimes known as a software-defined perimeter (SDP). It encompasses technologies that enable secure access to internal applications for remote users.
It addresses trust and access on a need-to-know, least privileged basis. This is all managed by granular policy management. As a result, ZTNA gives users secure connectivity to private applications, while protecting the network and avoiding exposing apps to the internet.
“ZTNA is a popular feature that’s growing in size,” said Bridge with JumpCloud.
“With the relocation of the workforce to home offices still prevalent in 2022, organizations are considering what it’s like to work from home all the time and some possible hazards related to network access. Low-friction VPNs using ZeroTier, TailScale, and other Wireguard implementations are becoming important to the security story of the medium-sized business that doesn’t want expensive on-prem VPN solutions.”