Cybersecurity experts around the world continue to do everything in their power to foresee the future of endpoint security. Of course, their ambition is understandable: in a field as stressful and as consumed by perpetual anxiety as ours, any hint of what the future might hold can provide insight into stopping future cyber attacks and maintaining the security of enterprises’ IT perimeters.
Of course, as with any prediction, the future of endpoint security is hotly debated and disputed. Consensus only exists in the broad strokes—which is why we here at Solutions Review decided to try our hands at gazing into the crystal ball at the future of endpoint security. While we may not have definitive answers, we certainly found some intriguing questions:
EDR Will Become the Central Commodity?
While cybersecurity is a field of constant innovation and reassessment, we have noticed a few recurrent themes in the recent direction of endpoint security solutions. For one, the cybersecurity paradigm is shifting from a prevention-based model—in which traditional endpoint security reigns supreme—to a detection-based model in which next-generation endpoint security solutions will need to adapt.
Secondly, vendors and clients alike are coming to terms with the fact that no matter the preventative capabilities deployed, no endpoint protection platform has a 100% success rate preventing digital threats from penetrating and potentially dwelling inside enterprises’ IT environments.
With these factors in mind, it seems obvious that the future of endpoint security will be dominated by endpoint detection and response (EDR) capabilities. EDR is the endpoint protection platform feature designed to fulfill the need for threat detection and reducing attacker dwell time.
As an industry, we’ve already seen evidence that EPP solution providers are investing heavily in developing their own EDR capabilities or in acquiring vendors to incorporate EDR capabilities into their existent solutions. Simultaneously, in their Magic Quadrant Report for Endpoint Protection Platform, technology research giant Gartner noted that the once-distinct lines between EDR and EPP are blurring. If these aren’t indicative of an EDR-dominated future of endpoint security, we can’t be sure of anything.
However, this apparent certainty raises some questions—specifically about how EDR will be incorporated into EPPs more completely. A report from EPP vendor Bitdefender found that IT security teams and CISOs suffer from alert fatigue due to all of the false positives EDR solutions can generate. In fact, nearly half of the surveyed CISOs said a majority of their EDR alerts were false positives. Overall, Bitdefender’s study found a common feeling that EDR’s detection and monitoring capabilities are difficult to manage.
If EDR truly is the future of endpoint security, then EPP solutions providers will need to address this shared perception of the capability—but this is where crystal ball becomes murky. Will the majority of endpoint protection platform providers focus on refining the user experiences of EDR or reducing the false positives? Will they develop more managed security services options for enterprises to sufficiently handle the generated security alerts? Will EDR be supplanted by another detection and monitoring capability that fits with client demands more?
Alas, we only have questions for now.
Will Cryptojacking Define the Future of Endpoint Security?
We’ve detailed study after study highlighting a similar refrain: illicit cryptocurrency mining malware, better known as cryptojacking, has become the most common digital attack method in the world replacing the once-dominant ransomware. Cryptojacking malware attacks have increased staggeringly over the past quarter while ransomware has seen a significant decrease in new strain variants.
We can’t deny this makes a certain amount of sense. Cryptojacking is a subtle cyberattack, taking advantage of longer dwell times to exploit enterprise endpoints’ own processing power and electrical consumption. Ransomware is by its very nature a more blatant attack less likely to provide a guaranteed return and far more likely to be blocked by an adequate endpoint protection platform. Further, with its emphasis on exploiting dwell time and subverting preventative measures, cryptojacking attacks fit with a future of endpoint security depending on EDR more than ransomware.
So is cryptojacking truly the threat we should be most concerned about for our endpoint protection platform? It actually isn’t so clear. Endpoint protection platform vendor Comodo points out in their own study that an overemphasis on preventing or detecting cryptojacking attacks will open the door for a ransomware resurgence. Further, cryptojacking is entirely dependent on the valuation of cryptocurrencies—itself no guarantee. If cryptocurrencies ever lose their valuation in a significant manner, hackers may abandon the mining malware for a more profitable tactic.
With the turbulence surrounding Bitcoin, that future may not be far off…
Will Scrutiny Define the Future of Endpoint Security?
Gartner noted in its Magic Quadrant Report that endpoint protection platforms are under increasing scrutiny due to the higher-than-average wave of cyberattacks from the year prior. Endpoint security clients felt disappointed that their solutions didn’t block attacks or that the vendor service they received didn’t meet their expectations.
If these feelings are any indication of the future of endpoint security, we believe it shows that prevention will still be valued even in the new detection paradigm. Finding and removing threats will be important in a practical sense, but prevention features will always attract clients more readily. Gartner’s finding may also indicate a future emphasis on service and communication as solution providers work with an increasingly tech-savvy workforce.