If you do some research on endpoint security you'll quickly read one analyst or another's claim that antivirus software is dead and that there is a pressing need for some new model like cloud security services, white listing, black listing, virtual desktops, etc.
Antivirus is dead? Hmm, I wonder if these analysts have been following the financial results of Kaspersky, McAfee, Symantec, Trend Micro or a host of others who continue to make money on endpoint security software.
As you can sell by my sarcasm, I don't subscribe to this theory but I do believe that endpoint security is going through massive changes in order to best address new threats and new requirements. Now and into the future, endpoint security will:
1. Follow a hybrid model. Yes, you will still install bits on your PC but resident software will be increasingly supported by cloud services. This will break the endpoint security reliance on signature downloads, minimize the device-based footprint, and help alleviate patching fire drills. Additionally, the hybrid nature of endpoint security will vary by device. Androids and iPhones will have thin agents and rely mostly on the cloud while PCs will continue to leverage local disk, memory, and processors.
2. Fatten the feature set. Antivirus became endpoint security as vendors added anti-spyware, HIPS heuristics, and whitelisting to their code. Look for more web threat integration as well as products that throw in full-disk encryption. PC backup will also become a "must have," Symantec is ahead here.
3. Feature identity protection. For the average consumer, it is probably worth a few extra bucks to get an identity protection service like LifeLock, TrustedID, or IDWatchdog. Look for these services to be commodified and offered as a feature in products from folks like Panda and Sophos.
4. Consolidated pricing. Like most geeks, I have numerous PCs and consumer devices that need protecting. Pricing models will change to accommodate this increasingly typical use case. One user, one price, multiple devices, common reporting.
5. Common agents. Check Point and Symantec are already talking about one agent for multiple endpoint security functions. Cisco is going a different way with its AnyConnect client that consolidates Scansafe, TrustSec, and VPN clients. We'll see more of this as vendors bundle additional functionality for WAN optimization, PC configuration management, backup, etc.
6. PC tuning. TV ads for services like "finallyfast.com" may be prosaic, but any money going to these fly-by-night services are not going to McAfee and Trend.
Aside from market demand, security vendors will go down this path for defensive reasons. Free AV software from AVG and Microsoft is plenty good for casual users.
Will all of these features mean a uber fat client application? No. Like hybrid threat protection, vendors will offer a lot of these features as cloud services and rely on a lightweight agent to orchestrate the process. Finally, users will choose what they want and how much they want via a pricing calculator. Think Dell online PC sales as an analogue.
Security purists may claim that endpoint security changes mean giving up control but the business case is too attractive for both users and vendors to pass up. Broad based solution that covers requirements like threat management, performance management, backup, identity protection, and configuration management across multiple devices per user is simply the next phase of an evolutionary life cycle.