Taking the offensive on endpoint security

Buzz phrases of the day include consumerisation of IT and BYOD–bring your own device. The former phrase refers to the use of increasingly powerful and feature-rich devices, be they PCs, smartphones or tablet computers, by consumers. The meteoric rise of the tablet computer embodies this trend. According to comScore, the use of tablets in the US alone took just two years to reach 40 million–compared to seven years for smartphones to reach the same level of adoption. And those end users increasingly want to use their own devices to access both work and leisure applications–the second trend, BYOD–as they are often seen as superior to those issued to them by the organisation.

As a result of trends such as these, the number of devices connecting to corporate networks is expanding rapidly and those devices must be managed to ensure that the organisation is not exposed to security vulnerabilities through their use.

Traditionally, securing endpoints has been approached by installing software on every device needing to be protected, which works by scanning programs for signatures that have been developed by anti-virus vendors that indicate that the program is malicious. However, this method is no longer sufficient. The number of viruses and other malware has grown dramatically, with an average of 73,000 malware samples being seen daily in 2011, many of which are variants of known viruses that have been developed to avoid detection. The amount of malware that is considered to be aggressively polymorphic is also growing and this is a further problem with traditional anti-malware technologies as this type of malware is designed to modify itself on each infection. A system based on signatures alone provides no defence against threats that vary from those seen before.

A further problem is that anti-malware programs are large and tend to get bigger as more signatures are added to their defences. It is well known that they tend to be a drain on computer resources, significantly slowing down computer performance, especially at startup and during scans. Even on corporate-owned devices, many users try to circumvent such controls and many would find it totally unacceptable for an organisation to demand that they deploy such controls on devices that they have purchased themselves.
Clearly a new approach is needed–one that provides better protection by guarding against new threats as well as those for which countermeasures have already been made available–and one that does not hinder the user. This can be achieved by subscribing to endpoint security services based in the cloud, whereby only a small agent is placed on each device and protection is applied in the cloud, before exploits can ever reach the device.

Such services are new and there are a number of elements that must be considered, including the types of controls that are provided over and above signatures, the availability of cloud-based threat intelligence networks for identifying new threats, privacy and data protection controls, protection for devices when not connected to the network, and remediation capabilities should any threat still be able to break through the barriers.

Bloor Research will be participating in a webinar at 10am GMT on Wednesday 29th February 2012 that will outline what organisations should look for when choosing such an endpoint security system and the benefits that they can expect.

For more information and to register for this webinar, click on the following link:The changing face of endpoint security.