Endpoint security software, AV in particular, is getting a bad reputation for being an ineffective security measure.
Advanced attacks, increasingly sophisticated threats, and trends such as cloud, mobility and the Internet of Things are changing the security game and upsetting the balance.
Simon Campbell-Young, CEO of Phoenix Distribution, says in the past, endpoint protection was considered a cure-all. Each machine in the business had endpoint security installed, which regularly updated signatures, patched as necessary, scanned regularly, and users were good to go. “The usual array of threats, viruses, worms, spyware and adware were no longer a worry.”
However, the landscape changed when far deadlier threats emerged. “Threats like Stuxnet, which first showed how malware can be weaponised, changed the game. Alongside this, the cyber underworld started to organise itself more effectively, developing stealthier malware, more advanced evasion techniques and zero-day attacks. To counter this, the security community brought out more sophisticated counter measures such as sandboxing, cloud intelligence, file reputation services and dynamic payload analysis,” Campbell-Young explains.
He says this heralded a significant shift in the security game, as security vendors frantically began playing ‘catch up’ with threat actors. “Too often, those that were tasked with protecting their businesses from these new threats were not au fait with more advanced threat techniques, and continued to rely too heavily on traditional endpoint protection.”
Unfortunately, this is still the case today at many companies. “The IT department slaps endpoint security on all machines, too often in some minimal configuration, and lets it tick over, updating signatures, running scans and so on. This results in the organisation suffering a breach, and the blame being laid at the product’s door.”
Campbell-Young says this mind-set needs to change. “Technical departments must take proper control of endpoint security and train staff properly on installing, configuring and provisioning it, as a part of the whole security strategy, not as a stand-alone solution. A proper understanding of what the endpoint security requirements are must be reached, and a plan written to tweak endpoint security to the businesses’ needs to mitigate risk, and protect the various endpoint devices.”
At the end of the day, he says a company’s users pose the biggest risk to its security. They have access to the most sensitive data, and too often turn a blind eye to security policies, engaging in risky behaviours that they know they shouldn’t. They will unthinkingly plug all manner of devices into the corporate network, and download applications without considering the security implications.
“All this sensitive data on your users’ endpoints is being targeted by cybercriminals, who will exploit these endpoints to gain a foothold into the company. This adds up to a huge challenge for the technical department, and the only way to address it, is to ensure that good endpoint security is in place.”