VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Bad actors continue to capitalize on the widening gaps in endpoint security that all organizations are planning to improve in 2022. chief information security officers (CISOs) and their teams are stretched thin and being asked to support larger virtual workforces, transition infrastructure to the cloud, and protect endpoints in an increasingly unpredictable threatscape. Automating endpoint security is critical to thwarting increasingly complex cyberattack strategies.

Gartner’s latest  Endpoint Protection Platform Forecast predicts that global enterprise spending will reach $13.3 billion in 2021, growing to $26.4 billion in 2025, achieving a compound annual growth rate of 18.7%. Gartner’s latest forecast reflects that endpoint security is a priority for enterprises today.

Getting endpoint security right in 2022 

While 82% of CISOs have reevaluated their security policies in response to the support needed for work-from-home (WFH) and virtual teams, endpoints often lack needed patches to stay secure or are overloaded with conflicting software agents. Those are two of the more valuable findings from Absolute Software’s report earlier this year. Its 2021 Endpoint Risk Report found that over-configuring endpoints leave them just as vulnerable as not having any endpoints at all.

Absolute’s survey also found that 76% of IT security decision-makers say their enterprises’ investment and use of endpoint security has increased in 2021. Furthermore, CISOs tell VentureBeat that the trend is accelerating quickly as the work to build business cases to increase endpoint investment uncovers previously unknown gaps in endpoint security that leave their organizations vulnerable to breaches and cyberattacks.


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

Which endpoint security trends matter most 

For CISOs and their teams, there’s no shortage of possible directions to pursue when it comes to endpoint security in 2022. Identifying the trends that will accelerate positive business outcomes from endpoint investments is a good starting point. Proving endpoint security’s business case sets the foundation for CISOs to win budget approvals in 2022 and beyond. With that goal in mind, the following are the trends that will most improve endpoint security in 2022:

1. Zero trust security’s contributions to endpoint security accelerate in 2022

CISOs tell VentureBeat that zero trust security or zero-trust network access (ZTNA) framework decisions are table stakes for building the business cases they need to get additional funding in the future. Ericom’s Zero Trust Market Dynamics Survey published earlier this year found that 80% of organizations plan to implement zero-trust security in less than 12 months, and 83% agree that zero trust is strategically necessary for their ongoing business.

Ericom’s zero-trust survey confirms that cybersecurity investments are just as much a business decision as an operational one. Organizations need to ensure their zero trust security frameworks with Identity Access Management (IAM), network security, and web security are consistent with a business-driven approach to funding a new cybersecurity framework. These three areas are crucial for securing IT infrastructure, operations-based systems, and protecting customer and channel identities and data.

Gartner’s latest hype cycle for endpoint security observes that the current generation of ZTNA applications has improved user experiences, increased customization flexibility, and improved persona and role-based adaptability. Gartner also notes that “cloud-based ZTNA offerings improve scalability and ease of adoption.” Absolute Software’s acquisition of NetMotion is a leading indicator of how active endpoint security mergers and acquisitions will be in 2022 as vendors look to combine unique strengths into unified platforms that CISOs need to improve endpoint security enterprise-wide.

2. CISOs will focus more on consolidating endpoint systems starting with UEM

Under budget pressure to deliver more with less, CISOs want to consolidate their tech stacks and save the budget for new technologies. Unified Endpoint Management (UEM) proves its value by unifying identity, security, and remote access within Zero Trust Security or ZTNA frameworks now considered essential for securing an anywhere workforce. Like ZTNA, there’s been rapid innovation occurring in UEM over the last twelve months, with reduced security and compliance risks being the goal. UEM’s benefits include streamlining continuous OS updates across multiple mobile devices and platforms, enabling device management, and having an architecture capable of supporting a wide range of devices and operating systems.

Another benefit enterprises mention is automating internet-based patching, policy, and configuration management. Unified Endpoint Management (UEM) leaders include Ivanti, whose platform reflects industry leadership with advanced unified endpoint management capabilities. In addition, Ivanti provides customers with security solutions integrated into their UEM platform, including mobile threat defense (MTD) and passwordless multi-factor authentication (zero sign-on). Additional UEM vendors to watch include Blackberry, Citrix, IBM, Microsoft, and Sophos.

3. Self-healing endpoints will have a breakout year in 2022

Organizations are accelerating their adoption of self-healing endpoint platforms, needing more resilient, persistent endpoint security that provides greater visibility and control. CISOs from healthcare, insurance, financial services, and manufacturing tell VentureBeat that self-healing endpoints are a high priority going into 2022, given their potential to bring greater scale, security, and speed into IT and cybersecurity operations.

A self-healing endpoint has self-diagnostics designed in that, when combined with adaptive intelligence, can identify breach attempts and take immediate action to thwart them. Self-healing endpoints then shut themselves off, re-check all OS and application versioning, including patch updates, and reset themselves to an optimized, secure configuration. All these activities happen without human intervention. Absolute Software, Akamai, Blackberry, Cisco’s self-healing networks, Ivanti, Malwarebytes, McAfee,  Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro, Webroot, and many others all claim their endpoints can autonomously self-heal themselves.

4. AI, behavioral analytics, and firmware-embedded technologies redefine endpoint management

Absolute Software’s unique approach to providing self-healing endpoints based on firmware-embedded connections that are undeletable from every PC-based endpoint, combined with their real-time visibility and control of endpoint devices, makes them a prime example of the innovation happening in endpoint security today. Absolute’s customers say their Persistence technology effectively remediates endpoints, providing resilience and autonomous response to breach attempts.

Another innovator in endpoint security is Ivanti, and its AI-based Neurons platform relies on bots to identify anomalies and threat hunt in real-time, eradicating threats in the process. One of Neuron’s design goals is to improve IT Service Management (ITSM) and IT Asset Management (ITAM) so IT teams can have a comprehensive picture of IT assets from cloud to edge. A third example of innovation is Microsoft Defender 365, which relies on behavior-based detections and machine learning to self-heal endpoints. Continually scanning every artifact in Outlook 365, Microsoft Defender 365 is one of the most advanced self-healing endpoints for correlating threat data from emails, endpoints, identities, and applications. When there’s a suspicious incident, automated investigation results classify a potential threat as malicious, suspicious, or no threat found. Defender 365 then takes autonomous action to remediate malicious or suspicious artifacts.

5. Enterprises will turn to AI and ML-based approaches for battling ransomware

2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout all of 2020, according to Sonic Capture Labs’ 2021 Sonicwall’s Cyberthreat Report, Mid-Year Update. A few high-profile ransomware attacks, including Colonial PipelineKaseya, and JBS Meat Packing, reflect how bad actors focus on large-scale disruptions to drive higher bitcoin and cryptocurrency payouts. When CISOs rely on inventory-based approaches to protecting endpoints, there’s the chance that not all patch updates will be applied consistently across each endpoint device.

Instead of relying on inventory-based approaches in 2022, CISOs and security teams will adopt more AI and machine learning-based approaches that capitalize on supervised machine learning algorithms and convolutional neural networks, combined with bot technology to identify anomalies in data faster than any inventory-based approach could. Bots can identify which endpoints need updates and their probable risk levels, making the most current and historical data to identify the specific patch updates and sequence of builds a given endpoint device needs.

Microsoft acquiring RiskIQ and Ivanti acquiring RiskSense are prescient of further mergers and acquisitions in 2022 focused on thwarting ransomware attacks. Ivanti gained the largest and most diverse data set of ransomware attacks available by acquiring RiskSense, along with RiskSense’s Vulnerability Intelligence and Vulnerability Risk Rating. RiskSense’s Risk Rating involves data-driven patch management, prioritizing and quantifying adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation. Using bots to automate patch management by identifying and prioritizing threats and risks is fascinating to track, with CrowdStrike, Ivanti, and Microsoft being the leading vendors in this area.

Endpoint security in 2022

Improving endpoint security is a goal all organizations will strive for in 2022. The business cases of driving cybersecurity investments will become even more urgent and focused in the next 12 months. Assuming threats will grow more ingenious, deceptive, and difficult to identify is a given. How organizations allocate budget for endpoint security and identify the threat vectors that could most impact revenues and their businesses is a far more challenging decision to make.

Emerging technologies and their potential to unravel complex ransomware threats before they impact the operations of a business are key. Adopting zero-trust security and enforcing least privileged access while treating each identity as a new security perimeter. And there’s the growth of machine identities, projected to grow at twice the rate of human ones by Forrester, that introduce the scale challenges every organization will have to face in the next twelve months. 2022 will be a challenging year for endpoint security, one that’s going to deliver valuable lessons on how to secure every endpoint, whether it’s a machine or a human identity. Buckle up. It’s going to be a rough ride.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.