Anti-malware gateways are driving next-generation endpoint security implementation and antivirus replacements at large organizations. Remember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006. In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010. This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.APT visibility got another boost in 2013 when Mandiant released its now famous APT1 report documenting several cyber-attacks emanating from a PLA group known as Unit 61398.Driven by a wave of APT attacks and detailed threat intelligence, enterprise organizations doubled-down on threat prevention and detection technologies. Most of them started by deploying advanced anti-malware gateways (aka: “network sandboxes”) from vendors like Blue Coat, Check Point, Cisco, FireEye, Fortinet, Lastline, Palo Alto Networks, and Trend Micro. According to ESG research, 34% of enterprise organizations have deployed network-based anti-malware gateways “extensively” while another 46% have deployed network-based anti-malware gateways “somewhat” (note: I am an ESG employee).With this in mind, I’ve discovered an interesting relationship between network-based anti-malware gateways and next-generation endpoint security as part of an extensive ESG research project. From about 2012 through 2014, many enterprises evaluated and deployed network-based anti-malware gateways on their networks. Once implemented, it wasn’t at all unusual for these devices to “light up like a Christmas tree.” In other words, anti-malware gateway devices presented security analysts with conclusive evidence that hidden malware and malicious network traffic was actually all over their networks – bots, command-and-control traffic, encrypted traffic, etc. Now security professionals understood at the time that traditional antivirus software was no match for targeted attacks and APTs, but this was more of an intellectual conclusion. Once they deployed network-based anti-malware gateways however, theory gave way to reality. All of a sudden, security analysts were able to provide CISOs with alarming reports and real data revealing the scope of the endpoint security problem on their own networks. The cybersecurity chickens had come home to roost. CISOs realized that network-based anti-malware gateways were only part of a next-generation solution and that they had to do more to protect endpoints themselves. From a cybersecurity market perspective, this trend makes a lot of sense. The Google Aurora attack led to APT awareness and the need to take action. This drove network-based anti-malware gateway deployment (and the FireEye IPO) in the 2012-2014 timeframe. Network-based anti-malware gateway deployment led to widespread exposure of antivirus weaknesses resulting in a wave of next-generation endpoint security deployment as well as industry innovation and funding (i.e. Bit9 + Carbon Black, Countertack, CrowdStrike, Cylance, Invincea, SentinelOne, etc.). Based upon these trends and my research, I believe that 2016 will be a big year for next-generation endpoint security on both the demand and supply side. In the meantime, I’ll be presenting the results of ESG’s next-generation endpoint security research at the RSA Security Conference, on Thursday March 3. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe