The endpoint security has been an area of volatility for some time. Back in the day, antivirus solved the problem. You just performed regular scans for viruses and that was all you needed to be concerned about.
But things quickly changed as attack vectors grew in sophistication. And now the list of endpoint threat categories and associated tools has greatly increased: anti-malware, spam filtering, endpoint detection and response (EDR), patch management, data loss protection, vulnerability management, mobile threat defense, ransomware protection, and others. And the market is undergoing further change.
Here are some of the top trends in the endpoint protection market:
1. From endpoints to workloads and data
Threat actors continue to exploit vulnerabilities across endpoints and cloud environments and ramp up innovation on how they use identities and stolen credentials to bypass legacy defenses — all to reach their goal, which is your data.
Endpoint protection is thus expanding from traditional endpoints to all types of workloads: cloud, identity, and data, as both work and personal endpoint devices are now on organizational networks. Organizations now need to adopt a more identity-based approach to protect their endpoints every step of the way through the network.
“Organizations must secure all critical areas of enterprise risk — endpoints and cloud workloads, identity and data — with solutions that deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities,” said Patrick McCormack, SVP of platform engineering, CrowdStrike.
“Strong IT hygiene with an asset inventory and consistent vulnerability management is crucial as well in properly defending the modern-day endpoint.”
2. Better BOYD and smartphone support
One thing the pandemic did was force organizations to face up to the challenges of bring your own device (BYOD) policies. Many have now instituted stronger BYOD policies and better workflows. There is also more support available for smartphones.
“There is now better support for BYOD devices to lightly manage, or even enable, personal devices,” said Tom Bridge, principal product manager of Apple Technologies at JumpCloud.
For example, both Jamf and JumpCloud offer BYOD device support for Apple devices to deploy apps and accounts securely to personal devices as well as provide some lightweight management and enablement for end users. The whole idea is to get people working as securely as possible.
3. Endpoint and patching blend
With so many endpoint tools out there, it makes sense that consolidation would take place. IT doesn’t have the time to bounce from screen to screen dealing with multiple point products all dealing with endpoint protection.
Vendors are now beginning to package them up. For example, patching and endpoint protection are being combined in some products.
“Endpoint managers are beginning to bleed into the patch management space, using the management frameworks to implement more and better policies than the traditional patch management practitioners,” said Bridge with JumpCloud.
“Bringing patch management to device management means better security based on proven methods of update delivery.”
4. Emergence of converge
Dave Taylor, CMO of Syxsense, takes it a stage further. His company already combined patch management with vulnerability scanning, remediation of threats, and IT management.
It recently added a mobile device management (MDM) module to offer a comprehensive package for endpoint management.
“Convergence as a key market driver,” Taylor said. “In today’s cybersecurity landscape, threats have become increasingly blended, so it is not enough to simply patch endpoint devices anymore.”
He cites the example of the recent PrintNightmare vulnerability. To remediate it, users needed to apply a patch and remediate two separate security misconfigurations to resolve the issue fully. Why have to deal with multiple products to do these things when one converged tool can automatically take care of it all?
5. Growth of unified endpoint management
This convergence trend reached to the point where Gartner calls this area unified endpoint management (UEM).
“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows 10, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Gartner analyst Dan Wilson.
“UEM tools apply data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”
He added that UEM simplifies endpoint management by consolidating disparate tools and streamlining processes across devices and operating systems. Thus, this field has expanded beyond management to offer deeper integration with identity, security, and remote access tooling to support a zero-trust security model that enables the anywhere workforce.
Wilson noted benefits, such as:
“Reduced total cost of ownership (TCO) of managing endpoint devices by simplifying device management and support processes,” he said.
“Reduced security risk through support for more device types and OSs, better policy management, and integration with identity, security, and remote access tools.”