Endpoints are where a company's sensitive data is most susceptible to attack; malicious actors can exploit vulnerabilities there to gain access to a network, steal data, or spread malware. Undeniably, endpoint security is essential for protecting data, applications, and systems from cyberthreats.
However, endpoint security has evolved significantly over the past five years. The cybersecurity industry started with an on-premises, prevention-centric based strategy — an approach that dominated for decades — but security teams began to realize that visibility was as important as raw detection. This ideological shift ushered in the EDR (extended detection and response) era where security was redefined in terms of endpoint data and visibility. The days of debating a 99.8% versus 99.9% detection rate gave way to hours spent gathering as much endpoint information as possible.
To manage this new, enormous pool of data, security solutions looked to the cloud for storing and processing it all in a way that could best help security teams. Pouring through copious amounts of endpoint data to identify anomalies and shed light on active attackers within an organization became a key occupation for every major security organization. Threat hunting and breach closure was the new game: Rather than stopping an attacker at the gate, the cybersecurity world now assumed the attacker was already inside the house.
To keep up with collection and analysis, security tools quickly transitioned from “cloud-enabled” to “cloud-reliant.” A consequence of this shift was a slow degradation of detection rates in general. The differences between a top-tier prevention tool and a “good-enough” prevention tool were no longer measured in tenths of a percent, but rather in entire percentage points.
An interesting — and in hindsight, foreseeable — thing happened as a result. Adversaries switched from sophisticated attacks — the APT, or advanced persistent threat, approach — to a blunt, smash-and-grab mentality. Attackers moved quickly to monetize small flaws in the armor of enterprises: The rise of ransomware clearly highlights this new strategy. Coupled with the reliance on an always-on, cloud-reliant internet connection to achieve even modest protection, organizations should prepare to pivot security strategies once more.