“Plus ça change, plus c’est la même chose,” an epigram by French writer Jean-Baptiste Alphonse Karr (1849) translates as “the more things change they remain the same.” There is an eerie parallel of governments’ reaction, the proliferation of fake news, and potential treatment between the Spanish flu of 1918 and the current Coronavirus pandemic. Do check out the podcast by Paul Combs – The Revisionist History, if you are interested.
By Pankit Desai, Co-founder and CEO, Sequretek
One may wonder what the above context has got to do with the topic of endpoint security — to start with: there is a “Virus” with a play here and, like its biological cousin, it seems to morph to a changing landscape, albeit technological in this case. It was way back in 1971 that the world encountered its first computer virus, “Creeper.” Since then, there has been a constant game of one-upmanship between the attackers and defenders. For a while, it seemed like the good guys had the upper hand only to be proven wrong, and for a few legitimate reasons.
Technological Changes and its Impact
Lowering of costs and complexity has resulted in the democratization of technologies like – IoT, cloud, big data, mobility, robotics, and additive manufacturing. This technology infusion has transformed manual and offline systems into automated and networked employees moving out of their offices and data centers, moving to the cloud.
Before COVID, the companies who understood technology’s power had started embracing this transformation and absorb its impacts. However, the laggards ended up getting caught pretty much unaware. They were forced to quickly figure out a way to enable their enterprises to “work from home” scenarios and open up their internal processes to external access. As if this was not enough, the WFH creates an additional challenge where ‘personal assets are being used for professional purposes’ and ‘professional assets are being used for personal purposes.’
Enhanced Security Risks and Responses
Technological advances and changing circumstances have impacted how enterprises have configured their IT infrastructure, forcing them to rethink how they now need to be secured.
Traditionally there was an emphasis on a strong perimeter defense to protect critical assets, be it endpoints or servers in one’s datacentre, since they were supposed to protect the perimeter. However, there was a lopsided budget allocation leading to a strong perimeter but weak device security. For most of them, a signature-based antivirus was sufficient for endpoint security, and patching was done sporadically, if at all, for servers.
The result is for everyone to see. Pull up any report by analysts or security experts, and one sees varied statistics suggesting that attacks on the endpoints are on the rise and are the cause of the majority of breaches. Thankfully, there is a consensus that the endpoint is the new perimeter that needs to be defended.
Reactive Approach Leads to New Challenges
The industry has gone about addressing the threat perception by offering a series of layered products, each of whom solves a specific security challenge.
Antivirus (AV) was the first technology, launched in the late 80s, to address external threats by leveraging signature, behavior, and heuristics-based models. As zero-day attacks and advanced persistent threats (APT) started coming in somewhere in early 2010, one saw emulator based Anti-APT technologies coming into the market. We are now witnessing the proliferation of machine learning-based technology Endpoint Detection Protection and Response (EDR) to address the challenges of file-less malware, the effectiveness of emulator technologies, and signature dependencies with AV.
On the other hand, the need to understand and improve environmental hygiene resulted in another technology set. Asset management to get an understanding of the heterogeneous landscape, both hardware and software. Application whitelisting to reduce the software asset sprawl and the consequent security risk. Vulnerability / Configuration Management to identify software vulnerabilities, followed by Patch Management, to fix the same.
Add technologies like encryption, device control, data loss prevention, host firewall, VPN, and you get the drift. It almost seems that every time there was a new security challenge, the industry’s response was to offer a new product, not only that, most of these technologies don’t talk to each other. It’s a classic case of six blind men and the elephant story, where each one touches a different part of the elephant to give a view on what they were seeing. In most enterprises, the endpoint security realm is about managing multiple management consoles, each reporting their point of view on devices’ health. The situation becomes even more complicated when the consoles can’t even agree on the inventory count as each of them reports independent numbers with considerable time spent on reconciliation.
Technology Bloat and Ensuing Challenges
Way back in 2015, Gartner coined the term “endpoint protection platform” (EPP), defining it as a solution that would converge endpoint device functionality into a single product that would combine several point technologies into one. Most of the technologies mentioned earlier are part of the Advanced EPP feature set.
It’s been more than five years since. A recent report by a security leader identified that, on average, there 50-70 different security tools that enterprises end-up investing in, and 35% of the security products had overlapping functionality. These findings should not come as a surprise, looking at how one sees the bloat of technologies for the endpoint space.
As if the technology bloat challenges weren’t enough, the same report identifies 80% of the tools as poorly configured. The way the market today operates, the product companies come out with products with rich but complicated feature sets. The implementation and subsequent management are left to poorly trained customers or resellers, leading to misconfigurations.
Therefore, the result is to talk to any CXO these days, and one hears a familiar grouse, “I spend so much money on these complicated three-letter acronym products. I, however, don’t get an answer to a simple question: Am I secure?” This has caused significant consternation with the security community that will need rectification.
Is there a way forward?
While the sins of the past have come to haunt us as the endpoint security battle remains unsolved and probably more complicated than before, we can take a series of measures to earn the trust back by thinking in the customer’s interest.
Machine Learning: Effective use of ML would be an effective method to remove the challenges of continuous security updates. However, there are two schools of thought on where the ML capability should reside agent v/s cloud. While the cloud gives much better control, there is an issue, especially in countries with relatively poor internet infrastructure or data residency issues, sending packets to the cloud for analysis may not be viable. A hybrid model with some localized capability for ML may be a better option.
Single Agent, Single Console: It is high time that products start looking at the endpoint security as an integrated problem, and not silos. It is heartening to note that companies branch into adjacent spaces and the coverage points seem to be improving. There are a lot of paths still to be covered.
Reduce feature bloat: In a zeal to differentiate the products, there are quite a few features that have made the products too complex to implement and run. There needs to be a critical view of what is essential as a feature set and what can be knocked off to make them simple to implement and manage.
Open interfaces: In the short run, at least till the consolidation play pans out, there needs to be an agreed API framework that allows the product to co-exist and lean on each other to become part of the security chain.
Platform v/s product: It is essential to think of a platform-based approach where products (yours or someone else) can be plugged in as new technologies or needs come. Expecting customers to overhaul their security architecture every time a new digital transformation wave comes in (5G, IoT) is not viable.
The federated nature, heterogeneity, and volume of endpoints make them the weakest link for enterprise security. It will need stakeholders’ collective efforts to overcome the inherent nature of the risk attached to them.
Till then, maintain social distance and stay safe for overcoming the risk attached to another virus that is running rampage across the world.
About the Author
Pankit Desai, Co-founder and CEO of Sequretek, a Mumbai-based cybersecurity company, launched it in 2013 with an aim to provide enterprise clients an end-to-end cybersecurity platform. Pankit, a veteran of the IT industry, brings 20+ years of hard-core technology and leadership experience from the information technology industry to lead Sequretek. Prior to Sequretek, he was with Rolta as the President of Business Operations. He has also served in a senior leadership capacity with NTT Data Inc, Intelligroup, Wipro, and IBM India. His vast experience has given him the ability to manage and scale global business units and service lines rapidly and efficiently. Pankit has diversified business operations and created an organization that has a multidimensional growth, understanding of business support functions, Financial Planning and Analysis, Recruitment and Operations, Internal IT, Quality, Marketing, and Alliance.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!