This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017. 

The endpoint security market will experience some dramatic shifts in 2017. Everything from the disposition of the threat actors to the players in the security vendor space to the nature of endpoints is undergoing significant changes. This will most certainly catch many organisations off guard. But there are options for those security professionals who care to prepare for it. In this post, I will outline four changes that security professionals might see in 2017.

Sure Things

Rapid Consolidation in the Endpoint Security Market

According to the research firm Cybersecurity Ventures, there were more than three dozen vendors and startups in the endpoint security market in 2016. For an evaluator or buyer of security products, that’s too many options, too many disparate approaches, and too much confusion – clear signs of saturation in any market.

Investors also seemed to recognise that the endpoint security market is reaching its saturation point: 2016 marked a slowdown in funding of new security startups, compared to 2015. As fewer (new and existing) startups receive funding, those that cannot deliver enough value to buyers in order to gain a foothold in this crowded market will inevitably die out. Others will be acquired by the traditional antivirus (AV) vendors who recognise the need for rapid retooling of their offerings to stay competitive.

As the pace of cyberattacks continues to increase, so does the pace of this market consolidation. Endpoint security vendors will recognise that they must move fast to keep pace with the threat landscape and the market conditions. These conditions will lead to a rapid, Darwinian consolidation in the endpoint security market.

Dramatic Increase in Use of Exploit Kits

Recent research from Unit 42, the Palo Alto Networks threat intelligence team, outlined the three main reasons cybercriminals continue to rely heavily on exploit kits:

  1. Exploit kits present cyberattackers with a much stealthier option for infecting Windows hosts with malware.
  2. The exploitation process is automatic.
  3. Criminals can use exploit kits to essentially outsource malware distribution.

In other words, exploit kits turn cyberattacks into an automatic, outsourced, and scalable operation for criminals. And with the ability to rent access to any number of exploit kits for a few hundred dollars a month, launching an attack with exploit kits is now far more affordable than ever before.

Information security has always been a “cops and robbers” problem. And with exploit kits, the robbers add automation, outsourcing, and scalability to their side of the equation. This is a trend that will certainly continue to escalate in 2017. The security industry, on the other hand, seems only recently to have recognised that it must match those capabilities or risk losing this battle. Fortunately, there are advanced endpoint protection solutions that already offer these automated, scalable prevention capabilities to forward-thinking organisations.

Long Shots

Marked Increase in macOS-based Malware

In March 2016, Unit 42 discovered KeRanger, the first instance of a macOS-based ransomware. Since then, the team has discovered several new types of malware exclusive to macOS. This is not a surprising trend – what’s surprising is that it took so long.

macOS-based systems present cybercriminals with a perfect set of circumstances:

  • A false perception of security among end-users:The traditionally low occurrence of security breaches on macOS-based systems may lead users to be far less vigilant about cybersecurity hygiene, despite risks that are similar to Windows-based systems (for example, these systems share many of the same vulnerable applications, such as Adobe Flash).
  • A lack of sophisticated endpoint security solutions: The majority of macOS-based systems either have no endpoint security solutions deployed, or they use the same traditional AV solutions that have proven to be ineffective against today’s cyberthreats.
  • Increased organisational adoption of Apple’s technology ecosystem (from iPhones to iPad to Mac computers): In a recent research report by Nomura (October 2016 CIO Survey), the firm reported that 42 percent of the CIOs they surveyed “indicated Apple’s products are becoming more pervasive in their IT infrastructure.”

A large and increasing population of enterprise users who practice poor cybersecurity hygiene and do not have automated, sophisticated endpoint security solutions to protect their systems? Sounds like the perfect target for crafty cybercriminals looking for new sources of ransomware revenue in 2017.

Increased Awareness of IoT Security Flaws

The proliferation of the Internet of Things (IoT) is already underway. According to the research firm Gartner, there were an estimated 6.4 billion IoT devices in use in 2016. The firm forecasts that there will be over 20 billion connected IoT devices by 2020. Despite the large number of devices, IoT security still seems to be an afterthought. This is concerning, considering:

  • The increased interconnectivity between IoT devices
  • The potential for collecting and sharing data among IoT devices and their supporting data services
  • The unknown but potentially significant and increasing number of vulnerabilities within the IoT ecosystem

The IoT ecosystem is still in its technological infancy. The extent and the impact of existing security flaws may not be obvious yet because of the limited computing and connectivity capabilities of the devices in use today.

This was very likely the same argument used to justify distributing unsecure systems in the automotive industry – until researchers demonstrated their ability to remotely hack a car travelling at highway speeds in 2015.

As the IoT device counts and capabilities continue to increase in 2017, the inherent security flaws that may have been ignored in the past will become more prominent, complex and unnerving. Organisations that develop, produce, and host these devices must make a concerted effort to integrate security into these devices and the networks they operate in. Being the first organisation to deal with the public repercussions of a breach in IoT security is not a “first mover advantage” in any industry.

What are your cybersecurity predictions around endpoint security? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for healthcare.



Traps Technical Overview

Palo Alto Networks® Traps™ advanced endpoint protection stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyberattacks. Traps minimizes endpoint infections by blocking malware, exploits and ransomware. Integration with your security platform delivers additional threat analysis, shared intelligence and automated containment.

  • 145


Traps: Endpoint Protection and Response

Palo Alto Networks Advanced Endpoint Protection represents a complete paradigm shift from identification to pure prevention. Providing comprehensive exploit and malware prevention that is not designed to identify; instead, it prevents an attack before the malware can be successful.

  • 15295

White Paper

How to Pick a Winner in EDR

The endpoint security marketplace is crowded with vendors claiming to have superior capabilities. Cutting through all the marketing and sales pitches to understand how these products perform isn’t easy. Luckily, The MITRE Corporation conducted an independent test of the detection and investigation capabilities of leading endpoint detection and response (EDR) products against real-world attack sequences. We’ll break down MITRE’s methodology, the results, and what it all means for your organization as you assess your current and future endpoint security toolkit.

  • 128


Evident for Public Cloud Infrastructure

Addressing security and compliance in the cloud requires a rigorous and continuous approach that ensures risks are identified and controlled with speed. Palo Alto Networks® Evident provides continuous security of public cloud infrastructure services, enabling you to deploy applications confidently, knowing the cloud is configured according to your organization’s security requirements.

  • 15291


Managed Detection and Response

Accelerate your security operations’ maturity with our industry-leading MDR partners, powered by Cortex XDR™. Their expertise and resources relieve your day-to-day burden with 24/7 proactive alert management, threat hunting and incident response that spans network, endpoint and cloud. Our partners will get you up and running in weeks, not years, with SLAs that guarantee immediate reduction of MTTD and MTTR to under 60 minutes.

  • 1250


Traps: Advanced Endpoint Protection

Palo Alto Networks Advanced Endpoint Protection provides comprehensive exploit and malware prevention that can prevent attacks before malware can be successful.

  • 15285