During the past decade, while security threats have evolved quickly, the goal of security staffs remains the same, but has gotten far harder to fulfill: Protect all the devices that hold critical data and offer potential ways into an organization’s back end.
Doug Cahill, the senior analyst on cybersecurity at Enterprise Strategy Group, discussed at Dark Reading findings and recommendations on endpoint security that emerged from interviews with what he says are dozens of security folks.
The best approaches involve picturing the elements of security (methodology, prevention, detection and response) holistically and not as discrete and separate elements: Protect as one dresses for the cold, in layers; be proactive (this suggestion is primarily aimed at large organizations); have a spectrum of starting points, or entry points, in the security realm.
Cahill elaborates on each of the suggestions. The point clearly is that the confusion and dislocation caused by the rise of mobility, bring your own device (BYOD) work structures and other fundamental changes make security a far trickier thing with which to deal:
The new focus on protecting end users, and their multitude of endpoints, is indicative of an evolution from the old network-centric security model to one that is also host-centric across endpoints, server workloads, and IoT devices. Where customers start is largely a function of resources and skills, based on a balance between detection efficacy and operational efficiency. As the endpoint security industry goes through its transition, we can learn much from those who are at least part of the way along on their journey.
Jon Oltsik, a principal analyst at Enterprise Strategy Group – a colleague of Cahill’s – voiced his own reaction to the research at Network World. He said that organizations are deploying security solutions with two similar sounding but quite different things in mind: advanced prevention on one hand and advanced detection and response on the other.
So prevention sits at one end, while detection and response sits at the other. What makes this a continuum is the multitude of actions that happen in between these poles. Organizations are slowly moving forward with a whole bunch of additional security controls, like application whitelisting, browser sandboxing, endpoint firewall rules, attribute-based access controls, etc. These supplementary endpoint controls are intended to decrease the attack surface.
In other words, there are two basic approaches to endpoint security, and organizations have to choose which to follow. He seems to be implying that the extremes are more popular than the mid ground. Oltsik adds that he will be presenting on the findings at the RSA Security Conference in San Francisco at the beginning of March.
James Maude at ITProPortal also looks at endpoint security. His conclusion is to secure endpoints first and build outward to secure the perimeter. Otherwise, it would be akin to a bank leaving the vault door open simply because there is a guard at the door. The right approach is to have a guard – and a secure vault.
The world of security has become far more complex and uncertain over the years. That trend displays no sign of slowing. Clearly, an understanding of endpoint security – its importance and the options at play – is vital.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.