Endpoint Security Makes Quantum Shift - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Digital Business
01:36 PM
Connect Directly

Endpoint Security Makes Quantum Shift

We can't stop every attack, so we need a new mantra: Detect and respond. Here are the essential tools, skills, and processes.

Rest in peace, antivirus. You had a good run for a security technology -- 1987 to 2014.

In case you missed it, in May, Symantec called time of death for antivirus software. It did so not because AV technologies suddenly became less effective. Rather, the company finally acknowledged that it's not a matter of if, but when, an organization will be targeted and that antivirus products will stop only some attacks. Plenty of security bloggers and pundits reacted with glee, given that antivirus software reportedly represents 40% of Symantec's revenue.

But it's not quite that simple. Eugene Kaspersky at the Kaspersky CyberSecurity Summit summed up the reality, likening antivirus software to a seatbelt -- you need it, but it's not the most important part of your protection efforts.

So when it comes to endpoint security in 2014 and beyond, what is most important? A willingness to aggressively shake up your strategy.

The endpoint is where the security war is now being waged; it has topped our list of breach vectors in the last two InformationWeek Strategic Security Surveys. Among the 2014 Strategic Security Survey respondents whose orgs were successfully attacked within the past year, 76% had at least one malware-driven breach, up from 69% in 2013, and 59% had at least one phishing-based breach.

A new approach is required. To extend Kaspersky's analogy, this is IT security's "airbag" moment. Airbags significantly reduce the risk of death in serious crashes, but while they were invented in 1952, they weren't operationally feasible in automobiles until the 1970s and not widely deployed until much later. The catalyst? The invention of the electronic data recorder, which tracks activity to determine when to deploy an airbag. Airbag technology allowed us to shift from building cars to withstand impact (big and lots of steel) to building cars to reduce the effects of an impact on occupants -- a significant change that has led to massive increases in both safety and efficiency.

Call to action
To cope with the changing threat landscape, you need a rich mix of tools and processes, a big dose of vigilance -- and to avoid getting discouraged. So many Fortune 500 companies, government agencies, and healthcare orgs have been in the news that we're seeing "breach fatigue," leading to some level of disheartenment. We asked the 536 2014 Security Survey respondents, all from organizations with 100 or more employees, what security technologies they would retain if they could pick only three. Our goal was to find out which products earn their keep. The results weren't encouraging. While 89% have endpoint protection deployed, only 44% would hang on to these products. Most would jettison other widely used technologies, too, including patch and identity management.

As we discuss in the Strategic Security report, it's apparent that companies are buying products they know won't entirely solve their problems.

It's an issue, because no one has unlimited money for security. Just 37% of respondents saw increases in spending, even as the number of attacks skyrockets; 59% make do with 10% or less of the overall IT budget. Most -- 75% of more than 400 respondents to our 2015 Consumerization of IT Survey -- say the No. 1 barrier to allowing end users to connect their personal equipment to the organization's network is fear that the devices are infected with malware.

Guess what? IT's inability to afford new security products isn't going to stop the consumerization wave. So we'd better start thinking creatively. (Note: The author is CTO of CounterTack, which is in the endpoint threat detection and response market.)

Up the stack
Given the endless game of whack-a-mole that is IT security, it makes sense that, as antivirus effectiveness waned, security software vendors moved to network-level prevention. The idea: We won't need to scramble to keep malware off endpoints if we can block the exploit or malware at the email server or web gateway.

From network-based anomaly detection to advanced sandboxing, these tools flooded the market and worked great -- for a while. As they always do, attackers adjusted, adding new techniques, such as encryption and fast-flux DNS. It is an arms race, after all. Some attackers started to obscure their exploits, hiding in plain sight by blending with innocuous network traffic. Others simply stopped aiming at the network. No network traffic means no results from network detection tools.

Where did attackers shift their efforts, if not the network? The endpoint, where security technologies haven't evolved in years and corporate data is usually ripe for the picking.

What do we mean by endpoint? Any device sitting at the "end of the network," that any user interacts with, that is of interest to an attacker, and that runs an operating system. Endpoints include workstations, servers, mobile devices, and also those devices that power oil valves, nuclear power plants, and any other networked device on the Internet of Things. That's right, your Nest home thermostat is an endpoint, too. The definition is broad and expansive by design.

Read the rest of this story in the new issue of
InformationWeek Tech Digest
. (Free registration required.)


Michael A. Davis has been privileged to help shape and educate the globalcommunity on the evolution of IT security. His portfolio of clients includes international corporations such as AT&T, Sears, and Exelon as well as the U.S. Department of Defense. Davis's early embrace of ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Michael A. Davis
Michael A. Davis,
User Rank: Strategist
12/5/2014 | 1:23:03 PM
Re: Issues with endpoints
That sounds like a prevention idiology. The goal of the report was to highlight the fact prevention by itself doesn't work. When prevention fails, it fails 100% open. Your organiztion needs to know when prevention fails what happened, how it happened, what was taken, and how to respond and you need that information immediately, not months later in a forensics investigation.

All the layers need to exist to protect and organization: prevention, detection, deterrrance, and response. Most orgnaizations only focus on deterrance (policy) and prevention. 
User Rank: Ninja
12/3/2014 | 5:28:16 PM
Issues with endpoints
I do think that endpoint security is a demanding and often futile effort. There has to be better ways to protect networks using newer technologies that obfusccate systems, hardening them from attack. It's truly a resource to try to combat the vulnerabilities of every single endpoint. 
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll