Endpoint Security Makes Quantum Shift - InformationWeek
IoT
IoT
IT Leadership // Digital Business
News
12/3/2014
01:36 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Endpoint Security Makes Quantum Shift

We can't stop every attack, so we need a new mantra: Detect and respond. Here are the essential tools, skills, and processes.

Rest in peace, antivirus. You had a good run for a security technology -- 1987 to 2014.

In case you missed it, in May, Symantec called time of death for antivirus software. It did so not because AV technologies suddenly became less effective. Rather, the company finally acknowledged that it's not a matter of if, but when, an organization will be targeted and that antivirus products will stop only some attacks. Plenty of security bloggers and pundits reacted with glee, given that antivirus software reportedly represents 40% of Symantec's revenue.

But it's not quite that simple. Eugene Kaspersky at the Kaspersky CyberSecurity Summit summed up the reality, likening antivirus software to a seatbelt -- you need it, but it's not the most important part of your protection efforts.

So when it comes to endpoint security in 2014 and beyond, what is most important? A willingness to aggressively shake up your strategy.

The endpoint is where the security war is now being waged; it has topped our list of breach vectors in the last two InformationWeek Strategic Security Surveys. Among the 2014 Strategic Security Survey respondents whose orgs were successfully attacked within the past year, 76% had at least one malware-driven breach, up from 69% in 2013, and 59% had at least one phishing-based breach.

A new approach is required. To extend Kaspersky's analogy, this is IT security's "airbag" moment. Airbags significantly reduce the risk of death in serious crashes, but while they were invented in 1952, they weren't operationally feasible in automobiles until the 1970s and not widely deployed until much later. The catalyst? The invention of the electronic data recorder, which tracks activity to determine when to deploy an airbag. Airbag technology allowed us to shift from building cars to withstand impact (big and lots of steel) to building cars to reduce the effects of an impact on occupants -- a significant change that has led to massive increases in both safety and efficiency.

Call to action
To cope with the changing threat landscape, you need a rich mix of tools and processes, a big dose of vigilance -- and to avoid getting discouraged. So many Fortune 500 companies, government agencies, and healthcare orgs have been in the news that we're seeing "breach fatigue," leading to some level of disheartenment. We asked the 536 2014 Security Survey respondents, all from organizations with 100 or more employees, what security technologies they would retain if they could pick only three. Our goal was to find out which products earn their keep. The results weren't encouraging. While 89% have endpoint protection deployed, only 44% would hang on to these products. Most would jettison other widely used technologies, too, including patch and identity management.

As we discuss in the Strategic Security report, it's apparent that companies are buying products they know won't entirely solve their problems.

It's an issue, because no one has unlimited money for security. Just 37% of respondents saw increases in spending, even as the number of attacks skyrockets; 59% make do with 10% or less of the overall IT budget. Most -- 75% of more than 400 respondents to our 2015 Consumerization of IT Survey -- say the No. 1 barrier to allowing end users to connect their personal equipment to the organization's network is fear that the devices are infected with malware.

Guess what? IT's inability to afford new security products isn't going to stop the consumerization wave. So we'd better start thinking creatively. (Note: The author is CTO of CounterTack, which is in the endpoint threat detection and response market.)

Up the stack
Given the endless game of whack-a-mole that is IT security, it makes sense that, as antivirus effectiveness waned, security software vendors moved to network-level prevention. The idea: We won't need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

From network-based anomaly detection to advanced sandboxing, these tools flooded the market and worked great -- for a while. As they always do, attackers adjusted, adding new techniques, such as encryption and fast-flux DNS. It is an arms race, after all. Some attackers started to obscure their exploits, hiding in plain sight by blending with innocuous network traffic. Others simply stopped aiming at the network. No network traffic means no results from network detection tools.

Where did attackers shift their efforts, if not the network? The endpoint, where security technologies haven't evolved in years and corporate data is usually ripe for the picking.

What do we mean by endpoint? Any device sitting at the "end of the network," that any user interacts with, that is of interest to an attacker, and that runs an operating system. Endpoints include workstations, servers, mobile devices, and also those devices that power oil valves, nuclear power plants, and any other networked device on the Internet of Things. That's right, your Nest home thermostat is an endpoint, too. The definition is broad and expansive by design.

Read the rest of this story in the new issue of
InformationWeek Tech Digest
. (Free registration required.)

 

Michael A. Davis has been privileged to help shape and educate the globalcommunity on the evolution of IT security. His portfolio of clients includes international corporations such as AT&T, Sears, and Exelon as well as the U.S. Department of Defense. Davis's early embrace of ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michael A. Davis
100%
0%
Michael A. Davis,
User Rank: Strategist
12/5/2014 | 1:23:03 PM
Re: Issues with endpoints
That sounds like a prevention idiology. The goal of the report was to highlight the fact prevention by itself doesn't work. When prevention fails, it fails 100% open. Your organiztion needs to know when prevention fails what happened, how it happened, what was taken, and how to respond and you need that information immediately, not months later in a forensics investigation.

All the layers need to exist to protect and organization: prevention, detection, deterrrance, and response. Most orgnaizations only focus on deterrance (policy) and prevention. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
12/3/2014 | 5:28:16 PM
Issues with endpoints
I do think that endpoint security is a demanding and often futile effort. There has to be better ways to protect networks using newer technologies that obfusccate systems, hardening them from attack. It's truly a resource to try to combat the vulnerabilities of every single endpoint. 
News
IT Budgets: Traditional Still Bigger than Cloud
Jessica Davis, Senior Editor, Enterprise Apps,  9/20/2018
Commentary
Building a Smart City Doesn't Have a Common Blueprint
Guest Commentary, Guest Commentary,  9/18/2018
Commentary
AWS vs. Azure: Users Share Their Experiences
Guest Commentary, Guest Commentary,  9/7/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll