It’s Time To Re-Examine Endpoint Security

Back in 2007, ESG Research asked 206 IT security professionals to respond to the following statement: “Desktop security has become a commodity market with little difference between products.” As expected, 58% of respondents either strongly agreed (17%) or agreed (41%) with this statement. In other words, it really didn’t matter whether your ran Internet security tools from Kaspersky, McAfee, Microsoft, Sophos, Symantec, or Trend Micro; all would be equally effective.ESG hasn’t re-visited this question since, but many anecdotal conversations with IT security professionals lead me to believe that nothing has changed. If anything more people believe that endpoint security tools are a commodity today than four years ago. In my opinion, this perception is not only wrong, but could also be dangerous. Why? For one thing, threat vectors have changed. The main threat vector today is the web and the primary target is the browser. In addition, traditional antivirus signatures have been joined by other defense-in-depth safeguards, like behavior-based heuristics and cloud services, to protect endpoints. Finally, there are the endpoints themselves. In 2007, the term “endpoint” really meant a Windows PC. Now it could mean a Mac, iPad, or some type of mobile device like a Blackberry, Droid, or iPhone.Given these changes, CISOs should really take a hard look at their endpoint security tools before signing off on a new subscription. During this assessment, examine endpoint security tools in terms of:1. Security protection. This is by far and away the most important thing you are buying so prioritize the product’s efficacy over price, manageability, integration capabilities, etc. Endpoint security products should offer defense-in-depth capabilities for all types of threats. Progressive vendors are also using intelligence gathered from their installed base and security intelligence to offer much more proactive protection. If your vendor is NOT doing this, there is a problem. Note that I’m somewhat surprised that endpoint security vendors haven’t really bundled disk encryption in with antivirus and firewalls but that’s another story. 2. Integration. Endpoint security tools should easily interoperate with network security (i.e. NAC/NAP/identity-based networking, SIEM), and endpoint management tools (i.e. patch management, vulnerability management, asset/inventory management). Other endpoint tools like disk encryption, eRM, and DLP also should fit here. This will help you keep endpoint configurations up to date, monitor behavior, and enforce security policies. 3. Management. Endpoint security tools should have their own management console for command-and-control. And it may not be a requirement, but I believe that central management of all types of endpoint devices will become the default configuration over time. The main point here is that far from commodity products, the endpoint security tools used could mean the difference between business-as-usual or a costly security breach. Choose wisely.