Endpoint security trends for 2015: What can we expect?

"A very significant percentage of the major network vulnerabilites I've had to fix were caused by the introduction of poorly secured computers"

Endpoint security is definitely an approach that I favour. Keeping a network secure is an immense challenge that requires constant work and vigilance. Why introduce a client or server to your network before making sure that the device is as security hardened as possible?

In my datacentre work experience, a very significant percentage of the major network vulnerabilites I've had to fix were caused by the introduction of poorly secured computers. It's a surprisingly common blunder.

Network-based information security attacks have been making the news with increased frequency throughout 2014. It's even gotten to a point where a lot of those incidents are being reported in mainstream publications and websites. And you can bet that for each incident that makes the news, there are possibly thousands more that we don't get to read about.

A lot of these problems can be prevented with a solid endpoint security strategy. Are corporations and institutions going to get smarter about it? In the rapid pace of tech, how will endpoint security implementation evolve in 2015? From my keen observations of what's going on in the IT world, here's what I predict.


As personal and business smartphone usage has exploded since about 2007, people who work in office environments carry their work home with them on the same devices they use to watch cat videos on YouTube, empty their wallets with Candy Crush Saga, and conduct their personal banking. Many of them even use their phones to pay for stuff in malls and restaurants, thanks to NFC payment apps such as Google Wallet and Apple Pay. Businesses will often allow BYOD (bring your own device), thinking that it'll increase productivity and save them money by not having to purchase mobile devices for their employees.

But BYOD introduces a multitude of security problems to corporate networks, even when they don't contain a business's sensitive data. The app payment, banking, and NFC payment examples I cited are examples of how sensitive personal financial data may be on employees' personal phones and tablets.

Also, mobile malware is an ever increasing risk.

"As consumers and businesses shift to using mobile devices for a greater percentage of their daily activities, cybercriminals will place a larger emphasis on targeting these platforms - specifically Android and jailbroken iOS devices. Remote find, lock, and wipe aren't enough," said Mark Bermingham of Kaspersky Lab.

It also makes it far too complicated to thoroughly run a penetration test and security harden an office's network when so many employees' own devices get connected to it. "Attention employees! Give us all of your personal smartphones for 36 hours so that we can test their security!" Yeah, that will go over well.

So, in 2015, I believe that many businesses that have BYOD policies will scrap them altogether. They may either switch to CYOD (choose your own device that's completely administered and controlled by an IT security policy) when smartphones and tablets are completely necessary for work, or eliminate work done on mobile devices if it's functionally possible. More and more often, we may see USB ports in office PCs being carefully controlled so that employees cannot mount the filesystems of their personal devices to them.

A different antivirus approach

Both consumer and enterprise antivirus software tends to work based on signatures. If antivirus developers constantly keep up on the latest malware and crypters (programs used to help malware evade signature antivirus shields), their software will usually do a great job of preventing some malware infections. But for obvious reasons, signatures are useless for zero-day attacks.

"Signatures have been dying for quite a while. The sheer number of malware samples we see every day completely overwhelms our ability to keep up with them," said F-Secure's Mikko H. Hypponen.

Antivirus software, both consumer and enterprise, will still use signatures for many years to come. But anomaly-based malware detection will become a greater component in the products of competent antivirus developers.

Currently, anomaly detection algorithms are much more sophisticated in IDS and IPS devices. They focus on network activity rather than code. Antivirus developers are already researching better ways to implement anomaly-detection in antivirus shields.

False positives are going to be a huge problem, and there'll always be bugs in the system. Sandboxing suspicious packets only sometimes works, and most sandboxing functions for such purposes are limited to the Windows platform. But I'm optimistic that there will be a lot of progress in anomaly-based malware detection research in 2015. As malware development gets ever more sophisticated (Stuxnet! Regin!), that'll be an absolute must.

It'd make me so happy to hear zero-day attacks becoming less frequent!

Vendor reduction

The greater the number of vendors a business has to deal with for their firewalls, IPSs, and antivirus solutions, the more complex a network administrator's job is. Also, money spent on one vendor's product may take away funds for something else.

When IT departments find that expensive antivirus software products are no more effective than inexpensive antivirus products, the temptation to switch antivirus vendors is perfectly understandable.

Palo Alto Networks surveyed 555 of their customers. They asked "Would you consider switching to 'free' enterprise antivirus in order to fund more advanced endpoint protection for your company?" 44% of respondents said they'd either consider it, or they're already doing it.

If antivirus heavyweights like Symantec want to stay competitive in the enterprise, they may need to package their antivirus software licenses with other products that are applicable to endpoint security more often, and cut license prices altogether. Limiting license commitment duration may also help. If a corporation is stuck in a three-year license, that doesn't make it easy for them to switch to another vendor if they become dissatisfied with the performance of their current vendor's product.

Another excellent idea is if network security appliance vendors like Cisco and Juniper Networks make deals with antivirus vendors like Kaspersky and Symantec. They could cooperate to make packages for enterprise customers that include OS antivirus and firewalls in addition to IPS/IDS devices that contain antivirus software and hardware firewalls. It's such a great idea of mine, that it's possible they may be considering that already. I just hope, for the sake of the industry, that they don't buy each other's companies.

I watch information security trends very closely, and I write about a lot of my observations. So, by the time 2015 is over, we'll see how correct or incorrect I am. But I'm feeling pretty darn confident!

Kim Crawley is a Security Researcher for the InfoSec Institute.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityGooglesecurityendpoint securitykaspersky labyoutube

More about AppleF-SecureGoogleIPSJuniperKasperskyNFCPalo Alto NetworksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kim Crawley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place