5 ways endpoints are turbocharging cybersecurity innovation

The onslaught of endpoint attacks delivers more and more data — data that DevOps teams need to fine-tune existing products and invent new ones. Mining attack data to identify new threat patterns and correlations, then fine-tuning machine learning (ML) models and new products, is the goal. The more complex and numerous the attempts at endpoint attacks, the richer the data assets available for building new platforms and apps.  

Gleaning new insights from endpoint attack data is a high strategic priority for market leaders. During his keynote at Palo Alto Networks’ Ignite ’22 Conference, Nikesh Arora, Palo Alto Networks chairman and CEO, said, “we collect the most amount of endpoint data in the industry from our XDR. We collect almost 200 megabytes per endpoint, which is, in many cases, 10 to 20 times more than most of the industry participants. Why do you do that? Because we take that raw data and cross-correlate or enhance most of our firewalls; we apply attack surface management with applied automation using XDR.”  

On the hunt for innovation and market growth 

Gartner’s latest Information Security and Risk Management forecast from Q4 2022 predicts that enterprise spending on endpoint protection platforms worldwide will grow from a base of $9.4 billion in 2020 to $25.8 billion in 2026, attaining a 14.4% compound annual growth rate (CAGR) over the forecast period. A core market catalyst is attackers’ relentless pursuit of new techniques to breach endpoints undetected.

CrowdStrike’s Falcon OverWatch Threat Hunting Report revealed that attackers had shifted to malware-free intrusions, which accounted for 71% of all detections indexed by the CrowdStrike Threat Graph. CrowdStrike sees an opportunity to help its customers avert a breach by picking up on the slightest new signals that previous-generation endpoint protection platforms would completely miss. 

“One of the areas that we’ve really pioneered is the fact that we can take weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals, across not only endpoints but across domains, and come up with a novel detection,” CrowdStrike co-founder and CEO George Kurtz told the keynote audience at the company’s annual Fal.Con event last year.

Which endpoint innovations are delivering the most value? 

Competitive parity is short-lived in the endpoint security market. Attackers are ingenious and lethal in devising new breach tactics, and enterprises are acquiring AI and ML startups, as well as established companies with deep expertise, to keep up. Selling the benefits of consolidation, as Palo Alto Networks and CrowdStrike are doing, works well when there’s a broad suite of products to bundle and a steady pipeline of new products. 

“Buyers of endpoint security products are seeking consolidated solutions. Providers are responding by integrating their products and partners around XDR platforms. Capabilities include identity threat detection and response, enhanced threat intelligence, data analytics and managed service delivery,” write Rustam Malik and Dave Messett in Gartner’s latest report on the competitive landscape in endpoint protection platforms. Gartner also predicts that by the end of 2025, more than 60% of enterprises will have replaced older antivirus products with combined EPP and EDR solutions that supplement prevention with detection and response. 

Of the many innovative cybersecurity applications, platforms and solutions that endpoint security has contributed to, five are proving to have the most significant impact. These are cloud-native platforms, unified endpoint management (UEM), remote browser isolation (RBI), self-healing endpoints and identity threat detection and response (ITDR).

Innovation #1: Cloud-native platforms that advance enterprise endpoint security

CISOs tell VentureBeat that cloud-native endpoint protection platforms adapt more easily to how their teams work, allowing more customized user experiences. Cloud-native EPP, EDR and XDR platforms often have more reliable application programming interfaces (APIs) that streamline integration with cybersecurity tech stacks. 

Another factor contributing to how cloud-native endpoint platforms are helping advance innovation in the broader cybersecurity market is cloud platforms’ ability to scale to accommodate peaks and drops in compute, processing and storage.

Cloud-native endpoint platforms are known for managing real-time protection and response, while contributing telemetry data that is useful in behavior-based detection and analytics. This can help identify and respond to new and emerging threats.

“Cloud-native endpoint protection platform (EPP) solutions continue to witness an uptick in adoption as they shift the administration burden from product maintenance to more productive risk-reduction activities,” writes Gartner’s Rustam Malik. Leading cloud-native endpoint protection providers include AWS, Carbon Black, CrowdStrike and Zscaler.

Innovation #2: Unified endpoint management (UEM) that drives greater endpoint visibility regardless of device

UEM proved indispensable when hybrid work became the norm and managing various endpoints on the same platform became an urgent priority. CISOs tell VentureBeat that they are also looking for new ways to simplify, streamline and gain greater visibility and control over endpoint devices, including deployment, patching and provisioning for remote employees. 

CISOs also want improved endpoint security without sacrificing user experience, a challenge many UEM vendors are trying to solve in their current and future releases. Advanced UEM tools use analytics, ML and automation to provide better visibility into endpoint performance and improved reliability.

There is also a trend toward consolidating endpoint support teams, tools and processes into a centralized framework to improve efficiency. The increasing threat of cyberattacks has led to a need for faster patch deployment and improved control and compliance in configuration management. 

The UEM market itself is consolidating, driven partly by CISOs’ concentration on getting more endpoint security for a lower price while improving network efficiency. Noteworthy vendors include IBM, Ivanti, ManageEngine, Matrix42, Microsoft and VMWare, all of which are positioning themselves to capitalize on the current market consolidation.

Gartner notes in its latest Magic Quadrant for Unified Endpoint Management Tools that Ivanti and VMWare are the only two vendors to receive a neutral-to-positive review for their zero-trust capabilities. Gartner states in the Magic Quadrant that “Ivanti continues to add intelligence and automation to improve discovery, automation, self-healing, patching, zero-trust security, and DEX via the Ivanti Neurons platform.” This reflects the success Ivanti has had with multiple acquisitions over the last few years.

CISOs who are prioritizing consolidation need to keep zero trust a priority. Their influence on the UEM vendor landscape is significant and growing.

Innovation #3: Remote browser isolation that solves the challenge of protecting every browser session from attack

Remote browser isolation (RBI) is finding strong adoption across many businesses, from small and medium to large-scale enterprises (including government agencies), that are pursuing zero trust network access (ZTNA) initiatives. RBI does not require significant changes to technology stacks; instead it protects them by assuming that no web content is safe. 

RBI runs all browser sessions in a secure, isolated cloud environment, which allows for least privilege access to applications at the browser session level. This eliminates the need to install and track endpoint agents or clients on managed and unmanaged devices. It also enables easy, secure access in a BYOD (bring-your-own-device) environment and allows third-party contractors to use their own devices as well.

Leading RBI providers include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler. Ericom is particularly noteworthy for its approach to zero-trust RBI, which preserves the native browser’s performance and user experience while protecting endpoints from advanced web threats.

RBI can also protect applications such as Office 365 and Salesforce, and the data they contain, from potentially malicious unmanaged devices that contractors or partners might use. Ericom’s solution can even secure users and data in virtual meeting environments like Zoom and Microsoft Teams.

Innovation #4: Self-healing endpoints that free the IT team’s time while securing networks

Self-healing endpoints will shut themselves down, validate their OS, application and patch versioning, and then reset themselves to an optimized configuration. Absolute Software, Akamai, Ivanti, Malwarebytes, Microsoft, SentinelOne, Tanium, Trend Micro and many others have endpoints that can autonomously self-heal. 

Absolute Software’s approach is unique in its reliance on firmware-embedded persistence as the basis of self-healing. The company’s approach provides an undeletable digital tether to every PC-based endpoint. Absolute’s Resilience platform is noteworthy in providing real-time visibility and control of any device, on a network or not, along with detailed asset management data. It’s also the industry’s first self-healing zero-trust platform that provides asset management, device and application control, endpoint intelligence, incident reporting, resilience and compliance. 

Forrester’s The Future of Endpoint Management report provides a valuable roadmap for CISOs interested in modernizing their endpoint management systems. Forrester defines six characteristics of modern endpoint management, outlines endpoint management challenges, and describes the four trends defining the future of endpoint management. CISOs tell VentureBeat that they often make a case for self-healing endpoints by highlighting the cost and time savings for IT service management, the reduced workload for security operations, the potential losses from damaged assets and the improvements to audit and compliance.

Innovation #5: Identity threat detection and response (ITDR) that effectively stops identity-driven breaches

Attackers target identity access management (IAM) platforms and systems, including Active Directory (AD), bypassing legacy controls and moving laterally through a company’s network. These attacks often involve obtaining privileged access credentials, enabling attackers to steal valuable data such as employee and customer identities and financial information.

Traditional methods for managing and securing identities and access are not enough to keep identity systems safe from attacks. ITDR is gaining momentum because it’s proving effective in closing the gaps in identity security between isolated IAM, PAM and identity governance and administration (IGA) systems.

ITDR vendors are designing their systems to enforce the core design goals of zero trust. From strengthening least privilege access by identifying entitlement exposures and privileged escalations that could indicate a breach, to identifying credential misuse before a breach occurs, ITDR platforms are designed to integrate into an IAM and strengthen it. Leading vendors that are either shipping or have announced ITDR solutions include Authomize, CrowdStrike, Illusive, Microsoft, Netwrix, Quest and Tenable.

More attacks, more data to innovate with 

Endpoint security has helped create the five innovations described above. Each contributes to gaining greater insight into attack behaviors and to training machine learning models to predict attacks.

Cloud-native platforms, unified endpoint management (UEM), remote browser isolation (RBI), self-healing endpoints, and identity threat detection and response (ITDR) are defining the future of cybersecurity at the enterprise level by providing CISOs with the adaptability and data insights they need to secure their enterprises. With endpoints under siege today, endpoint platform vendors face a challenging future of turning these innovations into hardened defenses that integrate and excel as part of a broader zero-trust framework that redefines the effectiveness of cybersecurity tech stacks.