Editor’s Note: Mark is a featured presenter at this year’s Gartner Symposium ITxpo, Oct. 16-20 in Orlando.
It’s time to flip our thinking about enterprise information security. For a long time, we’ve taken an inside-out view, making the network and central server the starting point of our tech stacks. We employ a whole series of solutions on servers and networks—from monitoring and alerts to policies and procedures—to try and prevent a network breach and to protect the central data store. With what little time and resources we have left, we install some antivirus and malware detection tools on endpoints to try and catch anything that might infect the network through endpoints.
This approach just isn’t working. The bad guys aren’t going straight for the network anymore. They’re targeting users—both willing and unwitting—and leveraging their endpoints and credentials to move around the network with complete authorized access. And while central servers are still critical, nearly half of enterprise data now lives on users’ endpoints.
Massive holes in endpoint security
Just because we have antivirus software or malware detection on our users’ devices doesn’t mean we’re protected. Those tools are only effective, at best, about 60 percent to 70 percent of the time. And with BYOD now prevalent, we can’t control everything on an employee’s device.
Even when we do control enterprise-issued devices, our security capabilities can’t prevent a laptop from being stolen. Or keep an employee from downloading client data onto a USB drive. Or stop a high-level employee from emailing sensitive data to a spear phisher posing as a co-worker.
Shift your thinking—start with the endpoint
We can’t keep building bigger walls around central structures when cybercriminals can just get the keys, and we can’t continue leaving endpoint data protection as an afterthought.
We need to change our thinking. We need to admit that breaches are inevitable and be prepared to quickly recover and remediate. And that means starting at the outside, with our increasingly vulnerable endpoints.
Collect the data, see the risk, mitigate the threat
By focusing on endpoint data collection in real time, you gain visibility into all your data. You can spot the anomalies, like the employee who just gave his two-week’s notice and is now oddly exfiltrating his entire hard drive. You can see exactly where an attack started and what path it took. You can see exactly what data an attack compromised—so you know whether or not it’s reportable. And you know—with certainty—that you will retain every version of every file on every endpoint, so even if an attack hits, business won’t come crashing to a halt.
Mitigating risk. Ensuring business continuity. Aren’t these the ultimate goals of enterprise infosec?
See Mark’s presentation on eliminating endpoint blind spots at Gartner Symposium ITxpo. Click here for registration information.