For years now, a battle has raged between where the focal point for security in the enterprise should actually be. Some vendors have argued that the edge of the network makes the most sense because of the inherent efficiency of relying on gateways to secure hundreds of machines.
Others, however, argue that the only effective place to secure the enterprise is at the client, especially as Web applications continue to evolve. For all intents and purposes, we have so many open ports and exceptions when it comes to network security that the only real option left is to focus on securing each end point, says Arabella Hallawell, Sophos vice president of corporate strategy.
If you accept that reality, then the only real issue is how to do that as efficiently as possible. To that end, this is why we see vendors such as Sophos opening their agent architecture to deliver a broader array of security services, such as data loss prevention.
Ultimately, IT organizations will need to judge vendors by identifying which ones can bring the greatest amount of security services to the client most efficiently. That eventually means not only taking a hard look at how extensible their agent architecture on the client is, but how robust their policy engine is as well.
We have in the name of productivity turned our firewalls and network gateways into proverbial swiss cheese by opening so many holes for specific types of applications to flow through. Given the fact that this situation is not likely to change any time soon, it looks like focusing on end point security is the only real option left. That doesn't mean throwing away your network security appliances, but it does mean recognizing them as your first, but certainly not best, line of security.