The endpoint is where the security should be, as it has been neglected and now it is “bringing sexy back”.
Chatting with Neil Campbell, general manager for security at Dimension Data, he let out that term and dared me to use it, as we discussed the ever-evolving endpoint. I started with his thoughts on the mobile device management (MDM) space. He predicted that it would become a part of system management, and while it has been one of the leading edge areas, ultimately it will be consumed to do overall systems management or the options will die.
He said: “A tier one anti-virus vendor would have MDM built in and use it with a systems management solution as a part of the ecosystem, but MDM which is a client that you run as pure play? That is a struggle.
“Security is a pretty hard and fast area for start-ups and that is the change we see with a solution that has not been addressed before, and some early adopters make the leap and commit to a separate agent. There is a period of consolidation and some people are left without chairs when the music stops.”
Moving on to the wider endpoint, Campbell said that with humans the first part of the chain for security, and often the weakest, you cannot secure them like the endpoint and cannot implement a training regime that will give you 100 per cent coverage for your employees, and that is why we have to protect the employees from themselves.
“Remember in the early 2000s and the days of the mass virus infections that swept the globe and took down data centres, then the anti-virus community got on top of it,” he said.
“In the mid-2000s, the next step was in locking down the applications as IT needed control of the application launching and behaviour and we saw a raft of products doing that, and then we found that what it does it keeps alerting the user ‘do you trust this’, ‘are you going to allow this’? Users are just going to click ‘yes’ as they hate security and want to get on with it and it interrupts the workflow.
“However, the annoyed users didn’t realise that it was really effective at preventing a rogue threat from spawning and with APTs these days, it is making you click on a link to go to a drive-by to launch something that sits on your endpoint and uses you as a jumping pad for further exploits.”
Campbell said that the locking-down approach on endpoints and applications worked, and we need to do that regardless to whether it is on or off premise, and regardless of the device because everyone is bringing or choosing their own device, which he described as “a nightmare in terms of control”.
He said that when you choose from a selection of corporate devices, there are four targets to protect and we are used to enforcing policy on a company owned device, with BYOD there are unlimited points to protect.
He predicted that with securing the endpoint, there will be more demand for black and whitelisting of applications, but said that putting together a database of optional and approved applications that people may want to use is time-consuming, while if someone drops a remote access Trojan on your device and your endpoint security says it is not approved, it will not let it execute.
“I do think the focus is coming back to endpoint as we all recognise that we cannot consistently control or predict the behaviour of our users, but that doesn’t make it less of a problem,” he said.
“There are two things under concentration from an attack perspective – the endpoint and application, as you can attack a web application from different levels, while attacking the operating system used to be the easiest, but now it is the hardest.”
I asked him how can you ensure that you are covered against all of the old viruses and be sure that you are immunised against them? Campbell looked at anti-virus as an example; he called it an “inoculation” against a specific disease, while application control is about more of a general control of the disease.
“This is a different way of protection, not by focusing on inoculating against specific viruses but by treating the result of those viruses, which is rogue applications on your endpoint,” he said.
Maybe the focus should be more on protecting the endpoint, but as Campbell said, it can be tough not only to determine the endpoint itself, but protect the flesh and bone connected to and operating it. There is a space for anti-virus as there is a space for application control and other incoming protection technologies, but with so many attacks enabled via spear phishing, maybe 2015 will see a return to securing the endpoint, and bringing its sexy back.
Neil Campbell, general manager for security at Dimension Data, was talking to Dan Raywood