I just returned from the Gartner Security and Risk Management Summit in National Harbor Maryland and wanted to share a bit from one of the more interesting sessions I attended, a panel discussion entitled “Network vs. Endpoint vs. Application - How to Best Protect from Advanced Threats?”
During the session, Greg Young, Joseph Feiman and Neil MacDonald of Gartner debated where to invest next to address advanced threats. Specifically (and I summarize):
- Neil advocated investment in endpoint threat detection technologies, citing them as the usual compromise that initiates a data breach as well as the area most VCs seem to be investing.
- Joseph countered that while endpoints were often the initial compromise, it’s ultimately the applications (and their data) that are breached so that’s where organizations should invest.
- Greg acknowledged the value of both approaches but cited the difficulties in covering all (or even a majority) of endpoints or finding mature application security solutions and instead recommended the network as a great investment given its ability to deploy once and protect many.
Certainly, each analyst has a valid point and I would recommend that organizations look at each area and assess where they are currently under vs. well-invested (from a threat detection perspective) to answer the question for themselves. This type of assessment is exactly what we hope to facilitate, in even a broader context, with our Advanced Threat Protection Framework. There is no one “right answer” for everyone, what you need most really depends on what you already have/how effective it is in each area.
As you make this determination, please comment and let us all know!