alphaspirit - Fotolia
Endpoint security has long been a headache for IT security teams. The proliferation of employee-owned smartphones, tablets and laptops being used for business (as well as the increased number of platforms and services within each of those categories), combined with the growing use of cloud technologies has infosec pros reaching for more aspirin.
Ask any number of security administrators or business leaders their opinion on endpoint security and you're likely to get a chuckle in response, or hear a sound of disgust. Endpoint protection software -- namely antimalware -- is largely viewed as ineffective.
However, new research released by IDC takes an in-depth look at the enterprise security market and its projected (positive) growth.
Per IDC, the endpoint security market is projected for growth, so is it important again, or did it never really go away? Plenty has been published about the ineffectiveness of the oft-recommended security software; many of the industry's thought leaders have gone so far as to ask, "Is antivirus dead?" It's that clear antimalware is riddled with issues, and that the time to move on from antimalware to other endpoint antivirus alternatives is critical.
Despite this, IDC projects the endpoint software security market to grow at a compound annual growth rate of 5.1% through 2018, according to CRN. It also raked in $8.8 billion in 2013. And while IDC notes that it is mainly consumer-based at this point, the popularity of corporate endpoint security will grow to become a bigger player in years to come.
So is antimalware dead? Is endpoint protection dead -- or just futile? Many security experts claim that it is meant to be part of a larger plan, and used only as a final -- and not the only -- line of defense.
While the debate rages on, the endpoint security market will endure as an enterprise necessity. Compliance requirements aside, Kolodgy said endpoint security software products "remain a key line of defense in mobile and cloud environments. Endpoint security allows users to become an 'island onto themselves,' meeting the key security and data protection needs of the end user." Using them properly and in the right context is still key to mitigating today's endpoint threats.
In other news
- Amazon Web Services (AWS) has released its Zocalo enterprise storage and sharing service to the general public. Boasting benefits such as simple document feedback, access and sync from any device, integration with corporate directories and more, Zocalo is poised to compete with well-known Dropbox, Box, Google Drive, etc.
AWS is offering a free 30-day trial of Zocalo with 200 GB of storage per user for up to 50 users. Following the trial period, Zocalo will be available at $5 per user. Amazon WorkSpaces users will receive access to Zocalo at no additional charge. AWS notes that a number of security features have been put in place to help organizations keep on top of shared file security. All data in Zocalo is encrypted both in transit and at rest, and with the management console security administrators can view logs, track employee usage and control file access.
- Research from the Internet 2020 Report by domain name specialist NetNames reveals that the release of more than 1,000 new generic top level domains (gTLDs) is causing new uncertainty about the security of gTLDs. While new gTLDs such as .shop, .app and .law were created to reportedly "give your brand the opportunity to grow its digital footprint and build a domain portfolio that works for you," not all users are looking forward to the changes. An overwhelming 99% of senior managers surveyed in NetNames' study said that new gTLDs would fragment the Internet, while 45% claimed it would happen extensively. On the other hand, 80% of online shoppers said new gTLDs would make them more likely to use a company's website rather than turn to a search engine. Eight-seven percent of businesses admitted they were worried about keeping their brand and trademark protected once new gTLDs were released, yet 41% of business owners believe the new gTLDs will increase consumer trust.
- Verizon announced Tuesday that it would support a QR login option for two-factor authentication in its Universal Identity Services portfolio, allowing smartphone and tablet users to create a Verizon Universal ID, with which they can scan QR codes as part of the authentication process to log into participating websites and applications.
- A midyear report from the IBM X-Force revealed that the expected number of total vulnerabilities through the end of the year is likely to drop to its lowest number (fewer than 8,000) for the first time since 2011. This is despite the security shake-up Heartbleed, which the team does expect to be a continuous issue, though with not as much major impact. However, it is important to note that the total number of vulnerability disclosures have continued to drop year over year. In 2013 there were 1,602 vendors reporting vulnerabilities, 2014 saw only 926.
Despite the decline, the report notes the overall number of vulnerabilities disclosed by large enterprise software vendors has remained relatively unchanged. (34% in 2013 versus 32% in 2014). The report also highlights the current issues with the viability of CVSS scoring, questioning inherent flaws in the CVSS standard and its ability to convent the true risks some vulnerabilities pose.