The Fall and Rise of Security Agents

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Current conventional thinking concerning security is heavily focused on the role of the security gateway. The basic idea is that IT organizations need to reduce the total cost of security by consolidating as many security appliances as possible into gateways that people sometime refer to as next-generation firewalls. As a bonus, these gateways are typically a whole lot more useful than legacy security systems, especially when it comes to firewalls.

But Trend Micro CEO Eva Chen warns that while this approach to security has merits, gateways are really a secondary line of defense, and she argues that customers and the security industry as a whole need to start thinking about relying more on agent technologies on the client to stop attacks at their point of origin. After all, most malware makes it onto the corporate network because of an infected endpoint. Rather than let all those infected devices consume bandwidth by attempting to send malware through gateways, it would be a whole lot more cost-effective to rely on agent software to eliminate the malware on the endpoint in the first place.

This approach runs counter to previous lines of security thinking because the argument has always been that agents introduce too much overhead on the client. That may have been true in the past, but Chen argues that there is now more than enough processing power on the client to start deploying agent technologies much more aggressively.

One of the problems with security in general is that IT organizations get addicted to showing the same defense day after day. It's like a football team that deploys the same defense pattern on every play; it doesn't take long before the opposition figures out how to exploit the team in that defense. Ultimately, what Chen is making a case for is a more balanced approach to defense that not only provides higher levels of security, but also reduces the cost of all the bandwidth that is now being consumed by mindless malware all over the network.