Contents:
In the context of the pandemic that flared up in 2020, 2021 has been a revolutionary year, with massive transformations in multiple sectors of our lives. Here’s a quick overview regarding the 2021 cybersecurity market movements and how Heimdal™ has responded to them so far.
Ransomware Encryption Protection Became a Necessity
As I have noted in a previous article, ransomware and especially ransomware-as-a-service are still one of the major dangers of this year. Unfortunately, “ransomware is successful because it works; in many cases because organizations still don’t have the appropriate cyber defenses in place to prevent cybercriminals from infiltrating their network in the first place”.
In the first months of 2021, many companies from the private sector were severely affected by ransomware and ended up paying millions of dollars – CNA Financial Group, Colonial Pipeline, and meat manufacturer JBS S.A. are only a few examples. The ransomware attacks had social consequences too, as the cyberattack on Colonial Pipeline, for instance, affected the gasoline supply of the neighboring states from the Eastern Seaboard.
How do most of today’s ransomware attacks spread? The answer right now seems to be related to brute force attacks – they have even overtaken spam and phishing emails. Trying to compromise endpoints and servers “by inputting as many passwords as possible, usually with the aid of bots” is the first choice of cybercriminals because, unfortunately, it works. There are still too many users that protect their data with weak, insecure passwords.
The ransomware market continues to accelerate (the TAM value for detection and response solutions, including ransomware protection, was about 20B USD) directly due to the lack of coordination between governments, as operators purposely refrain from domestic action but purposely target international attacks, as they are harder to pursue.
Also, ransomware became such a critical issue in the last couple of years due to the almost mandatory evolution towards work from home and people’s dependency on their laptops and desktops. Many companies have begun their transition towards cloud services, which makes them even more vulnerable to cybercriminals and their endeavours, as user accounts often carry more privileges than necessary.
Companies are nearly three times more susceptible to deal with breaches caused by social attacks than actual vulnerabilities, which only emphasizes the necessity of continuous cybersecurity education for the employees and the need for ransomware protection solutions.
In this context, we strategically took swift action on the accelerating trend of ransomware and launched a fantastic addition to any Antivirus product – the Ransomware Encryption Protection software. It is a feature we expect will deal a decisive blow against attackers, especially when used in conjunction with Brute Force Attack protection, which we were the first to launch.
The Heimdal™ Ransomware Encryption Protection module is based on a revolutionary signature-free technology, ensuring market-leading detection and remediation of any ransomware strain, whether fileless or file-based.
The module was engineered to be universally compatible with any antivirus, extending its functionality instead of displacing it. Our Heimdal™ Ransomware Encryption Protection will detect ransomware regardless of signature, identifying the attack origin and even the system path, and block any unauthorized encryption attempts.
There Was a Huge Demand in Unification and Unified Endpoint Management
In today’s hectic world, customers are more and more looking for integrated suites/solutions. As Grand View Research also shows,
The global unified endpoint management market size was valued at USD 2.75 billion in 2019 and is expected to grow at a compound annual growth rate (CAGR) of 32.2% from 2020 to 2027. […] With the growing usage of endpoints such as laptops, tablets, mobile phones, and desktops across enterprises, the need to manage these endpoints using a single platform increases. Thus, the demand for a unified solution is growing with the rise adoption of advanced endpoints among organizations. The rise in the trend of implementing policies for allowing personal devices to access organization data is another factor that surges market growth.
Personal devices accessing organization data means BYOD – Bring Your Own Device, which makes device management even more challenging and boosts the demand for Unified Endpoint Management, but stretches into the unification of security as a whole. IT Managers, CIO’s, CISO’s and IT Admins in general really struggle with managing not just the endpoint, but all of the security stack, so, over the course of 2020, Heimdal™ took a strategic route to unify both UEM and Network/Perimeter side security. Lack of management and outsourced security, insecure use and human error, data leakage, and GDPR concerns are only some of the dangers that BYOD brings to the table.
To deal with the new challenges, many enterprises choose solutions like MDM, endpoint protection, and access management, but it’s clear that a unified endpoint management solution can significantly reduce costs and boost productivity, so we pushed forward with the integration and unification required by the latest social changes.
These aspects can be found in the Heimdal™ suite too, where its innovative components (for prevention, detection, response, compliance, defense, and support), communicating through artificial intelligence, can help customers replace up to 7 vendors. We truly believe that this is highly innovative to the market, and we have not yet seen another vendor unifying everything from DNS Security to Antivirus, from Ransomware Protection moving further on to E-Mail Security and Remote Support solutions.
The WorkFromHome Model Led to an Increased Focus on PAM and IAM
The WorkFromHome or WorkFromAnywhere models turned the typical enterprise upside down, forcing it to adapt – quickly and effectively – to a new reality, which, for the most part, meant that more and more devices access sensitive company information from improvised home offices. Naturally, this generated a massive expansion of the threat landscape: phishing schemes, unencrypted files sharing, weak passwords and insecure home Wi-Fi networks are only some of the dangers employees are now exposed to and we, as vendors, have to respond with new, innovative, features to protect our customers.
Privileged Access Management (2B USD TAM value in 2020) and Identity Access Management are concepts that refer to managing users’ identities, authentication, and access control. Another market driver is the strategic aspect of Zero Trust – the Zero-Trust Model (as well as the Principle of Least Privilege) advances that no employee should have access to more than he/she needs to accomplish their daily tasks – and that the access should be made in a secure manner, while all traffic is inspected and logged for future reference.
Since “organizations are accelerating their digital transformation journey at a profound rate to accommodate the new reality”, now, as Gartner puts it,
With more transactions, data, and employees moving beyond the traditional LAN perimeter, identity is […] the new perimeter. Organizations need to know if all things accessed remotely are also accessed securely and if they have the right technology to accommodate this ideal. Along with trust in human users, the growing need for reliance on and trust in digital identities also extends to machines like devices (e.g., the Internet of Things [IoT]) and workloads (e.g., containers). […] As the new normal takes shape, all organizations will need constant assurance, a forever-on defensive posture, and clarity in what they have and what they need to remain secure.
We firmly believe that the PAM market will see strong evolution over the coming 2 years and it will be an area we will invest heavily into as well. We’ve just launched the first global zero-trust execution protection engine, supported by our cross-feature capability, actively preventing elevated users from running unknown and unsigned applications, and we are still the only ones to offer de-escalation of rights on desktop and servers if there is any IOC on the device.
We see the PAM and IAM market being further amplified by the fact that privacy and data protection legislation continue to globally expand, bringing more and more restrictions regarding the use of personal data, so making sure that no one accesses more than he/she needs to do their job is and will continue to be of paramount importance for any enterprise.
We Have Also Witnessed an Increased Focus on EPDR and XDR
Another significant market trend of 2021 is related to endpoint security evolving towards EPDR and XDR. The trend clearly revolves around integrating endpoint security solutions into suites and endpoint security (the anti-malware-related technologies) into EPDR – endpoint protection, detection, and response. Additionally, EPDR is increasingly integrated with XDR (extended detection and response), which results in a unification of EPDR and NDR (network detection and response).
According to MarketsandMarkets, the endpoint detection and response market is expected to grow “from $749.0 million in 2016 to $2,285.4 Million by 2021, at a Compound Annual Growth Rate (CAGR) of 25.0%.”
The interest in EPDR and XDR is linked to the shift towards the WorkFromHome / WorkFromAnywhere models and it’s particularly growing in the case of mid-market organizations. The adoption of enterprise mobility and BYOD trends are other factors that contribute to the evolution of EPDR and XDR, since these solutions can be used on servers, mobile devices, workstations, point of sales terminals etc.
Next-generation enterprise endpoint solutions like EDR are mostly used in the workstations segment, given the fact that cybercriminals often target them in order to get access to sensitive information, from where they can move laterally into an elevated account or critical servers for the final ransomware fulfillment. However, the mobile device segment is expected to have an accelerated growth rate, too, due to the continuous rise in malware infections and phishing attacks, with the same end goal of ransomware in BEC payout.
Mitigating IT security risks should be a top priority for any enterprise, regardless of its size, and EDR solutions are excellent at fighting against old and new, sophisticated threats like APTs, Trojans, zero-day malware, but we did predict a bigger change to prevention, and hence decided to focus on moving to E-PDR.
The social changes and trends of the cyber market from the last period have been truly revolutionary, and the response from cybersecurity vendors should, of course, match the new reality.
2021 Cybersecurity Market Movements: Cybersecurity Vendors’ Response
Looking at the already mentioned tendencies, I’m sure that the cybersecurity market will continue its evolution towards unified endpoint management solutions with highly intuitive dashboards, and admin privilege and anti data leakage-oriented solutions, everything with automation and downtime minimization in mind.
For this reason, in the previous months we’ve already been focusing on developing new products and features that will allow our customers to enjoy the benefits of a unified suite that approaches cybersecurity from multiple angles, according to the market’s most stringent needs:
Application Control in Combination with Privileged Access Management
Application control is necessary for the context of the Zero Trust and WorkFromHome models. Our Application Control module can be used independently or combined with Heimdal™ Privileged Access Management and offers full control over the applications that users run as well as a full audit trail.
The Application Control over PAM technology results from the possibility of supporting whitelisting and blacklisting when the two modules are combined, thus offering highly customizable admin sessions and blocking lateral movement and network compromise.
New Dashboard + New Agent
Our new dashboard and agent were redesigned to provide customers with an improved centralized cybersecurity management experience. The new highly responsive Heimdal™ dashboard will allow you to have a quick, clear overview of your systems’ security, and its intuitive design will help you get all the details you need with only a couple of clicks.
Predictive DNS
Another major focus for us was enhancing the predictive DNS technology, as part of our Heimdal™ Threat Prevention and EPDR software, which allows us to predict threats before we even encounter them. Heimdal’s predictive DNS security can proactively block malicious servers while they still look benign and before they are misused, with more than 96% success rate.
How is this possible? Our Neural Network AI works non-stop analyzing all the domains our customers encounter, allowing it to identify and extract data patterns that we can use to predict malicious usage of unknown domains.
An emphasis on extended detection and response, passwordless authentication, and risk management services are other current focus points for cybersecurity vendors.
Views on the Future
There is a huge shift in the challenges of the IT teams these days. Traditionally, the CIO, CISO, IT Admin, and IT Managers were faced with having systems that work, but today it’s also about keeping them and the data they host safe. The complexity is enormous and this is why, in my opinion, the best thing we, as a business, can do for our customers is make their life more unified, more simple.
In the last couple of years, we have seen IT departments go from just being technical to being technical and understanding security – and now also the importance of data privacy. The battle against cybercriminals will continue to grow even more challenging: the shift towards remote work, the increased use of IoT devices, and BYOD policy forced us to have another look at our cybersecurity solutions and how we (should) prevent attacks, and they will also drive the future of data privacy legislation.
Cybersecurity incidents can have massive consequences for businesses and society, so both security vendors and customers must keep an eye on the future, understand the present context and what has happened so far in order to evolve and maintain a cyber-secure climate.
As for Heimdal™, you can count on us to continually adjust our suite according to the market’s most pressing needs.
Morten Kjaersgaard is the visionary CEO of Denmark-based Heimdal®, an AI-powered cybersecurity leader with a global reach, safeguarding 15,000 businesses from 260+ million cyberattacks. With a Corporate Marketing background, Morten bridges cybersecurity intricacies with business goals. He's a cybersecurity advocate, event speaker, and insightful blog contributor. Morten uniquely translates technicalities into actionable insights, a valuable asset in the digital landscape. His presentations blend cybersecurity expertise, real-world business engagement, and data-driven insights, inspiring innovative strategies. Morten doesn't settle for the status quo, pushing organizations to embrace bold, revolutionary approaches. Connect with him on LinkedIn for more.
