No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as ‘endpoint security.’
This designation change unfolded a few years back. It was a reflection of attackers moving to take full advantage of the fresh attack vectors cropping up as companies retooled their legacy networks comprised of ‘on-premises’ servers and clients to operate in the expanding world of cloud services, mobile devices and the Internet of Things.
Having covered the Symantec, McAfee, Trend Micro, Sophos, Kaspersky, et. al. since the nascent days of the antivirus market, I find in fascinating that the top dozen or so antivirus players have all managed to remain in the game. What’s more, they’ve all successfully grown into multi-layered full-service endpoint security suppliers.
I visited with Joe Sykora, vice president of worldwide channel development for Bitdefender, at Black Hat USA 2018 , and asked him to put the remarkable staying power of endpoint security in context. In 1990, Florin and Mariuca Talpes parlayed a $300 stake borrowed from a relative into a company which would become Bitdefender in 2001. Founded in Bucharest, the company of 1,600 employees is in the thick of reshaping endpoint security.
For a drill down on my discussion with Sykora, please listen to the accompanying podcast . Here are a few big takeaways:
Smarter spendingIn this fast-evolving, digitally-transformed, business environment, enterprises in 2018 will spend a record $3.8 billion for endpoint protection, according to Gartner. For a variety of reasons, many organizations just cannot seem to wean themselves off legacy antivirus suites, even as the effectiveness of legacy solutions continues to steadily wane.
Two thirds of the large enterprises recently surveyed by 451 Research and Digital Guardian reported maintaining as many as five endpoint security services, and one in 10 respondents dealt with as many as 10 solutions.
Related video: New York holds companies accountable for data security
This usage pattern has persisted even though companies are being challenged to spend security dollars much more judiciously. Compliance requirements from regulators in Europe and the U.S. keep intensifying. But the big driver compelling companies to spend smarter is obvious: the risk of sustaining a catastrophic network breach keeps rising.
One-upmanshipEndpoint security is all about one-upmanship. Through the course of the past two decades, threat actors and security vendors have engaged in a continuing contest of leapfrog. In the early days, antivirus suites were threat-centric and device-centric. So attackers simply quickened the pace of developing malware variants. Evasion of the latest antivirus signatures quickly became an art form.
Security vendors responded with new systems designed to detect and quarantine malware that slipped through signature-based antivirus detectors and firewalls ― before any harm could be done. “We took more advanced steps to put anything suspicious into a sandbox, and then blow it up to see if it was good or bad,” says Sykora.
So next, threat actors focused on honing techniques to gain access to privileged accounts. They discovered how readily privileged access could be gained via social engineering, or simply by purchasing stolen account credentials on the Dark Web. The end game became to usurp control of existing admin tools and use them to stealthily execute malicious activities from deep inside the targeted network. These so-called “fileless” attacks bypassed legacy antivirus systems altogether: there simply weren’t any malicious files to detect!
Looming consolidationIn response, endpoint security vendors are currently consolidating their endpoint tools portfolios. In fact, a wider convergence may be afoot in which endpoint systems increasingly merge with leading-edge threat detection and incident response technologies.
Consolidation of leading-edge security technologies makes a lot of sense; it drives companies toward consistent collection of security-related data. Over time this should result in more clarity, sifting out truly malicious events from the ocean of benign network activity.
“Our approach is to do consolidation with ease of use in mind,” Sykora told me. “Our solution takes legacy endpoint software, next-gen endpoint systems, data center security and storage security and gives the user a single interface. This enables the user to actually manage it all and see everything that’s going on. Of course, it’s important to have a mediation plan, if something does happen.”
Most of Bitdefender’s competitors in the endpoint security space are similarly driving toward a platform approach that, at some level, consolidates, the many and varied security systems enterprises already have in house, systems that today don’t easily talk to each other.
This is the natural course of things. As companies increase their reliance on cloud-based services, and as digital transformation accelerates, endpoint security will remain engrained as a fundamental component of defending modern business networks.
(Editors note: Last Watchdog has supplied consulting services to Bitdefender.)