Top Trends in Endpoint Security for 2020.
Endpoint devices are on the front lines in network security. They're the ones that connect directly to the Internet. Email phishing, remote login attempts, hostile Web pages, and port scans are just some of the attacks they're regularly subject to. Once they're compromised, they become the launching point for attacks on the network's internals.
Endpoint security is the systematic management of a network's endpoint devices to safeguard them. It goes beyond securing the individual machines to treating them all as an attack surface that needs consistent protection. Endpoints include desktop and laptop computers, tablets, phones, point-of-sale devices, and IoT devices. A weakness in any of them can open up the whole network to breaches.
Priorities have changed over time. This is partly because the threats have changed and partly because of the legal landscape. GDPR took effect in Europe in 2019 and affects all sites that do business in Europe. Protection of personal data is a higher priority than ever, since failing to safeguard it can result in heavy fines.
How endpoint threats are changing
Criminals and spies keep changing their tactics to get around existing defenses. Old techniques have become less effective. Security engineers need to devise new methods of protection. It's a never-ending arms race. Several trends in threats have become clear in 2019 and will grow in 2020.
Fileless malware. Instead of downloading a file to run, some malware is loaded into memory and immediately runs. This eludes all file scanning.
Zero-day attacks. They've always been a serious problem. Software that relies on threat signatures won't catch them. Threats that arrive without previous warning now account for more than half of all attacks on endpoints.
Less protection by anti-malware software. Largely because of the zero-day issue, software that catches infections has declined in effectiveness.
How the defenses are evolving
As traditional approaches such as firewalls and antivirus software have become less effective, new approaches have emerged.
Artificial intelligence and machine learning. In practice, these terms often mean simply software that adapts to new kinds of threats. It looks for suspicious behavioral patterns rather than byte sequences. These approaches handle zero-day threats better than traditional protective software.
Cloud-based protection. Cloud security software stays current without requiring administrators to download updates. Its analytics quickly identify new dangers, and it can immediately update itself to notify administrators when it detects them.
Defense in depth. No one form of protection is adequate. Security software has moved toward multiple layers of protection, and this trend will continue. Protection layers include firewalls, mail filters, multifactor authentication, subdividing of networks, and limiting authorizations.
Sanitizing documents. Security systems are paying more attention to incoming documents, removing potentially dangerous features even if they don't contain known threats. Files with macros are a well-known way to put hostile software into harmless-looking documents. Stripping out the macros eliminates potential threats.
Monolithic protection vs. cyberdiversity. These are two conflicting trends. Having all security software as part of an integrated system simplifies management and makes gaps in protection less likely. The major vendors are integrating their tools into suites that work well together. On the other hand, using protections that come from different vendors avoids falling into known patterns and complicates the attacker's job. It's too soon to say which trend will win out.
More attention to IoT devices. The Internet of Things has been a notorious weak point in network security, but things are starting to turn around. Vendors are paying more attention to security, and endpoint security systems are getting better at protecting them. There's still a long way to go.
Endpoint security will never be perfect. New types of threats pose unfamiliar risks, and users make mistakes. The only way to stay reasonably safe is to keep adapting. Keeping existing protections updated is important, but it's not enough. IT managers need to look at new approaches and decide when it's time for a serious overhaul.