Carl Weinschenk spoke with Marty Kacin, Cofounder, President and CTO of KACE. In October, KACE released a white paper, "Developing a Collaborative Endpoint Security Solution: Why Perimeter Security Is Not Enough."
Weinschenk: What does the white paper look at?
Kacin: In terms of endpoint security, it's important over time to have security devices for all attacks you might encounter. In yesterday's world, security was a little less demanding or taxing in terms of devices you have to manage and places you have to make sure are secure. The paper and security efforts at KACE focused on the endpoint. That's the desktop, the laptop or server, which all are connected to the corporate network. Protecting the endpoint is just as important as protecting the perimeter. The two certainly complement each other as we move forward. We also are going to find new and ever-evolving micro levels of security that we have to address.
Weinschenk: How do you define the perimeter - and does the new interest in protecting endpoints mean, in essence, that concerns about the perimeter are fading?
Kacin: The perimeter is the firewall and scanning technologies that operate at the corporate firewall. With VPN technology today, the perimeter is all the way to the Starbucks on the corner. [One finding in the white paper] is the fact that securing the endpoint incorporates technology but also processes and best practices. It's an ongoing management discipline. As with all security, you can't just plug it in and think it's done. It needs to be managed in the context of overall business operations. I don't think [the perimeter concerns are] fading. I think it's an apples and oranges thing. We need to maintain perimeter defense. Those issues are not going away.
Weinschenk: Do more executives "get it?"
Kacin: We have this classic situation in the security world where oftentimes, decisions and security management are performed in a reactive mode even though we know vulnerabilities exist. Until people directly are affected by a real exploit, they don't kick it into gear. Until then, a lot of us get a little comfortable. IT has to keep sending out messages that security issues are growing and vulnerabilities are getting more complex and voluminous at the endpoint and we need to prepare for that. [Another finding from the white paper] is that endpoint security is important today. Not only are endpoints more complex and there are more vulnerabilities, but the amount of exploits are growing in a non-linear fashion. It's quite scary and I think people walk away with the idea that the endpoint is a serious target for malicious intrusion. Certainly in today's world, [it's important to secure] the endpoint. People are realizing the vulnerabilities are going to increase in the endpoint space and move beyond just intrusion threat management. Certainly, our customers are spending security energy around the perimeter. They also are focusing on endpoints and endpoint disk encryption. Our prospects are coming to us with a substantial checklist of items that are significantly more advanced than six months ago.