Endpoint gaining traction

The endpoint security market is expected to witness substantial growth, especially due to rising security risks across several applications including BFSI, IT and telecom, and retail.According to a report by Market Research and Consulting firm, Grand View Research, the endpoint security market size is expected to reach USD 27.05 billion by 2024. The Internet of Things (IoT) has added further layers of complexity and hence, endpoints continue to multiply offering new targets for hackers and cybercriminals.

Harish Chib, Vice President MEA at Sophos

“Organisations in the Middle East, irrespective of their size, are now taking cyber security very seriously. They have started considering incidents of data thefts and cybercrime the biggest threat to their reputation and also their bottom line. The growing importance of ICT as key growth driver for organisations, adoption of BYOD policy, and use of third platform technologies has made endpoint security a pre-requisite for organisations who want to leverage the full potential of a more connected ecosystem for all business stakeholders,” explained Harish Chib, Vice President MEA at Sophos.

This market is a very dynamic one and as threats evolve, it has become common knowledge that a robust endpoint security solution is a critical component of the cyber security infrastructure and this is gaining traction across organisations in the Middle East as well. Recent years have not only seen endpoint security being made an essential component of any organization’s strategy, there has also been a significant mind shift in everyone’s perspective of approaching the security conundrum. As headline-grabbing breaches and leaks affect organisations, irrespective of their size or geography, the priority is fast shifting to prevention rather than detection. This change of perspective has also presented security resellers with an opportunity to create and offer robust revenue generating services.

As a means to capture a bigger share of the market, Sophos’ offers endpoint protection products that not only include traditional signature-based virus detection but also technologies such as behavioural detection, emulation, Host Intrusion Prevention (HIPS), behavioural detection, web security, content filtering, application control, and so on.

Scott Manson, Cybersecurity Lead – MEA at Cisco

According to Cisco, a large portion of revenue from the consumer mass market is still claimed by anti-virus (AV) suites but when it comes to the corporate end, endpoint security marketing is fast moving from an AV-only one towards one that favours multiple functions in an integrated suite. “Endpoint security suites that traditionally focused on malware detection and removal now routinely extend to include threat protection, patch and vulnerability management and even system management functions,” said Scott Manson, Cybersecurity Lead – Middle East and Africa at Cisco.

“In this space, we of course see the classic antivirus vendors, which are all focusing on making sure that their solutions are efficient in dealing with modern threats and malware. But the endpoint domain has also opened up for more specialized vendors trying to deal with different approaches on how to protect against malware and also specific vendors focusing on the forensics of what is happening on the endpoint,” explained Nicolai Solling, CTO at Help AG.

The technology used in endpoint security has evolved to a high state of maturity over the last 15 years. The management and effectiveness of next-generation endpoint technologies are now at the point where companies feel confident removing the legacy vendors’ software, and they do usually have a reasonable price point.

Scott Carlson, Technology Fellow at BeyondTrust

“The clear majority of endpoint players including Symantec, McAfee, Trend, Sophos, Kaspersky, BitDefender, in addition to the included Microsoft technology, do a very good job at blocking the basic threats. When this technology is applied to the most common use cases, depending on the testing harness, it is effective 86%-99% of the time,” added Scott Carlson, Technology Fellow at BeyondTrust. “Next-Generation endpoint security intends to evolve the protection aspect and monitor for behavior based attacks, indications of compromise, and intend to watch for, and protect against behavior changes in the system,” added Scott Carlson, Technology Fellow at BeyondTrust.

Today there are 10 billion connected devices and according to reports this number is only expected to grow exponentially – exceeding 50 billion sensors, objects, and other connected “things” by the year 2020. The number and type of attack vectors will only continue to increase as we continue to connect the unconnected, creating a daunting challenge for those responsible to defend the infrastructure.

“As networks continue to grow and expand, new devices and applications with widely varying security postures are constantly connected. These devices often include but are not limited to mobile devices, web-enabled and mobile applications, hypervisors, social media, web browsers, and home computers. This growing trend greatly expands the attack surface and creates opportunities for attackers to compromise a non-critical asset and pivot from there to attack more critical assets and data,” stated Manson.

The evolution of cloud storage has increased the adoption of cloud-based security services since a significant amount of data is stored in one place. This has led to increased threat of data breaches and enforcement of various regulations to curb the risk of placing the data on the cloud. There is no doubt that endpoint security is also one of the areas that can be moved to a cloud-based or managed delivery model. In fact, many next generation endpoint solutions are to a considerable extent leveraging cloud and specifically artificial intelligence in the cloud to identify emerging threats.

Nicolai Solling, CTO at Help AG

While there are numerous benefits of adopting cloud services, Solling feels that there exist some privacy concerns as well which makes it important to educate customers on the potential and impact of using the cloud. “As an example, we are currently evaluating one of the emerging vendors in the endpoint space and during our test we realized that every office document executed on the machine was submitted to the cloud for analysis. I am not certain all customers would accept this. Of course, the feature can be turned off but it will also impact the security effectiveness of the solution,” he added.

Traditionally, endpoint security operated solely within the walls of a company and any updates that needed to be made to any installed endpoints would require the endpoint to be at the office or connected over VPN.  Additionally, you had to hire staff with expertise in software, configuration, response, and threat hunting.

As managed services are maturing, companies can begin to rely on the expertise of these entities for many aspects of their endpoint management. Companies will likely still need local technical support and technologies that can install the endpoint security software, but for any configuration changes, support, threat hunting, and malware response, managed services could be relied upon to conduct these portions of a plan, worldwide, and potentially reduce overall company expense.

“By relying on cloud focused technologies, companies can quickly enable new features without rolling new infrastructure, end users who travel can receive updates immediately through the internet, and in some cases aggregation of threats, identification of malware patterns, and advanced analytics can be done by the cloud provider to build a more comprehensive protection strategy for all of these vendors’ customers,” explained Carlson.

There are opportunities and risks that organizations need to prepare for as they continue to support new business models related to mobility, cloud, BYOD and the Internet of Things (IoT). With time, threats are becoming more advanced and considering the dearth of resources available for hire, companies must build a strategy that includes the ability to completely lock-down the endpoint, respond to identified threats, and enable 100% coverage by combining technologies, with availability/cloud, and with configuration management & control. Yesterday’s prevention strategies are no longer adequate for stopping advanced, targeted attacks.