Because most IT organizations have no idea where endpoint devices go once they leave the corporate network, endpoint security has become more challenging than ever. In the age of bring your own device (BYOD), every time a device connects to the corporate network, the odds that some sort of infection is being spread have increased dramatically.
In light of this, RSA, the security division of EMC, says that IT organizations will need a more sophisticated approach to endpoint security that goes well beyond the capabilities of traditional antivirus software.
Coinciding with the Black Hat USA 2013 conference, RSA formally released version 3.5 of its ECAT endpoint threat detection software that it gained via the acquisition of Silicium Security last year.
According to Meghan Risica, senior product marketing manager for RSA, IT organizations need a lot more context about the type of malware that might have infected any particular endpoint device. Some exploits are more lethal advanced persistent threats (APTs) that require immediate IT attention. Others are garden variety malware against which the company probably already has a defense installed. Rather than increasing the level of security fatigue that the IT organization suffers, Risica says ECAT is designed to give organizations more perspective on the level of threats they may be facing on any particular endpoint by inspecting the actual behavior of the endpoint device.
Risica says that after scaling the number of endpoints ECAT can support in this release into the thousands, RSA intends to further expand that number soon, with the goal of being able to provide IT organizations with a single, comprehensive tool for managing endpoint security.
Collecting that information is also critical to fueling the capabilities of Big Data security analytics applications, which are increasingly being delivered as a service. Without some ability to diagnose threats on the endpoint, security intelligence services are not going to be as effective as they could be.
The challenge most organizations face today is the battle to proactively manage security against so many different classes of threats. As a result, most organizations have adopted a reactive approach—they hope that the antimalware and firewalls provide enough protection upfront, but often just have to deal with the cleanup once a breach has taken place.
As with most things IT, though, to be forewarned is to be forearmed. The time has finally come to consider an alternative approach to security that goes beyond sitting around and waiting for something bad to happen.