Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Endpoint security trends for 2015: What can we expect?

Kim Crawley, Security Researcher for the InfoSec Institute. | Jan. 29, 2015
In my data center work experience, a very significant percentage of the major network vulnerabilites I've had to fix were caused by the introduction of poorly secured computers. It's a surprisingly common blunder.

So, in 2015, I believe that many businesses that have BYOD policies will scrap them altogether. They may either switch to CYOD (choose your own device that's completely administered and controlled by an IT security policy) when smartphones and tablets are completely necessary for work, or eliminate work done on mobile devices if it's functionally possible. More and more often, we may see USB ports in office PCs being carefully controlled so that employees cannot mount the filesystems of their personal devices to them.

A different antivirus approach
Both consumer and enterprise antivirus software tends to work based on signatures. If antivirus developers constantly keep up on the latest malware and crypters (programs used to help malware evade signature antivirus shields), their software will usually do a great job of preventing some malware infections. But for obvious reasons, signatures are useless for zero-day attacks.

"Signatures have been dying for quite a while. The sheer number of malware samples we see every day completely overwhelms our ability to keep up with them," said F-Secure's Mikko H. Hypponen.

Antivirus software, both consumer and enterprise, will still use signatures for many years to come. But anomaly-based malware detection will become a greater component in the products of competent antivirus developers.

Currently, anomaly detection algorithms are much more sophisticated in IDS and IPS devices. They focus on network activity rather than code. Antivirus developers are already researching better ways to implement anomaly-detection in antivirus shields.

False positives are going to be a huge problem, and there'll always be bugs in the system. Sandboxing suspicious packets only sometimes works, and most sandboxing functions for such purposes are limited to the Windows platform. But I'm optimistic that there will be a lot of progress in anomaly-based malware detection research in 2015. As malware development gets ever more sophisticated (Stuxnet! Regin!), that'll be an absolute must.

It'd make me so happy to hear zero-day attacks becoming less frequent!

Vendor reduction
The greater the number of vendors a business has to deal with for their firewalls, IPSs, and antivirus solutions, the more complex a network administrator's job is. Also, money spent on one vendor's product may take away funds for something else.

When IT departments find that expensive antivirus software products are no more effective than inexpensive antivirus products, the temptation to switch antivirus vendors is perfectly understandable.

Palo Alto Networks surveyed 555 of their customers. They asked "Would you consider switching to 'free' enterprise antivirus in order to fund more advanced endpoint protection for your company?" 44% of respondents said they'd either consider it, or they're already doing it.

If antivirus heavyweights like Symantec want to stay competitive in the enterprise, they may need to package their antivirus software licenses with other products that are applicable to endpoint security more often, and cut license prices altogether. Limiting license commitment duration may also help. If a corporation is stuck in a three-year license, that doesn't make it easy for them to switch to another vendor if they become dissatisfied with the performance of their current vendor's product.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.