It’s hard to get a firm estimate of the number of connected devices in the world, but when all the smartphones, PCs, and IoT devices are added together, the total number of endpoints runs into the tens of billions.

Those tens of billions of devices each represent a potential point of access for cybercriminals, and that makes them tens of billions of devices that need protection.

This scale is at least partly why Fortune Business Insights reported the global endpoint security market was worth US$14.9 billion ($23.2 billion) in 2024 and will grow to US$30.3 billion ($47.5 billion) by 2032.

That spending is spread across a wide variety to tools, one of the most significant of which being firewalls, with the enterprise firewall market worth US$13.5 billion ($21.1 billion) in 2024, according to Straits Research.

The firewall market is itself evolving quickly, however, thanks to the emergence of so-called next generation firewall technology, which includes additional filtering capabilities including deep packet inspection and intrusion prevention. These enable firewalls to better monitor for suspicious anomalies and malicious activity based on specific behaviour signatures, enabling advanced threats to be blocked before they pose a risk.

This next-generation segment of the firewall market was estimated by Polaris Market Research to be growing at more than 10 percent each year, and worth US$5.18 billion ($8.12 billion) in 2024.

Another key aspect of endpoint protection is anti-virus and anti-malware technology, which has also gained a ‘next generation’ moniker thanks to the introduction of artificial intelligence, machine learning, and behavioural analysis capabilities.

These new anti-virus tools also deliver the ability to detect and block malicious activity, proving to be more effective at stopping ransomware and fileless malware (malware that works within a computer’s memory rather than downloading files to the hard drive).

Some of the growth in endpoint security spending has been fuelled by the twin trends of increased use of personal devices in the workplace, and more people working from home or remote locations following the pandemic, with Forrester’s report The State Of Bring Your Own Device, 2024 finding that employee-owned mobile devices and computers were as likely to be the target of a cyberattack as a corporate endpoint.

Within the myriad of endpoint threat prevention technologies out there, about a quarter of spending is now directed to a set of tools called Endpoint Detection and Response (EDR), which comprises a data collection and processing system couple with remediation capabilities.

Speaking at the Gartner Security & Risk Management Summit in Sydney in March, Gartner’s director analyst for endpoint security Eric Grenier said EDR offered a good starting point for endpoint protection, but said that it didn't solve everything, as it only provided insights from the endpoints.

“We need to grab the telemetry from multiple attack vectors to really give us the whole kill chain,” Grenier said. “It gives us full insights into everything that is happening in our environment. EDR alone is not a defensive strategy. We need to adopt defence-in-depth.”

Hence, many larger organisations are opting to invest in the greater capacities of eXtended Detection and Response (XDR) systems supported by Security Information and Event Management (SIEM) capabilities for a more sophisticated view of their threat landscape.

UNSW’s EDR investment

UNSW has made a significant investment in endpoint security, ensuring strong protection while balancing the needs of its operational, academic, and research users. This includes automatically hardening device security configurations and deploying CrowdStrike Endpoint Detection and Response (EDR) as a core component of its strategy to enhance security without compromising the user experience or increasing the management overhead.

“As cyber threats evolve, we must continue to protect our sensitive research and operational data whilst ensuring a seamless experience for our diverse user base,” UNSW chief information security officer Derek Winter said.

Winter said the university is using its chosen EDR for “real-time threat detection, and rapid containment capabilities, allowing us to proactively manage risk without adding complexity or friction to the user experience.”

Additionally, by integrating intelligent security automation, the university is delivering strong endpoint protection with minimal disruption, ensuring a secure and productive environment for its complex user base.

A strategic focus at CSIRO, Melbourne Airport

Australia’s scientific research agency CSIRO is also working to build and enhance a “robust incident response capability” as one of five strategic pillars it is working towards.

“As much as I'd like to think we've got all of our security in the right space, we need to be forewarned and forearmed and we need to be able to quickly mobilise if we're seeing something that's unusual or abnormal inside our organisation,” CISO Jamie Rossato said.

For Melbourne Airport’s head of cyber security Cheuk Wong, a managed security services provider is assisting with its 24/7 monitoring, detection and response capabilities.

“We obviously do a lot of logging within the environment to make sure that we have visibility,” Wong said. “Visibility is very important to me because if I don't know what's happening in the environment, I can't protect it.”