There has long been a discrepancy between endpoint protection and network security. The latter has the benefit of well-honed defenses such as enterprise-grade firewalls and intrusion detection systems. The former, though, is a more difficult undertaking due to:
Prior to the Internet, cybersecurity was both straightforward and relatively low stakes. The only way to infect a machine was to somehow install malware on its local system, without the mass reach provided by an IP network. Early viruses such as the MacMag virus from 1988 were usually spread via floppy disks that, in some cases, came bundled with periodicals – an effective distribution mechanism for the time, but nothing compared to what is available to today.
Over the past 25 years, the emergence of high-speed networking in homes, offices and public places has facilitated the rise of entire new classes of threats, including social engineering, targeted and Web attacks. To give a sense of the new landscape, a Trend Micro TrendLabs report on targeted attacks during the second quarter of 2013 documented the ongoing dangers to public and private sector organizations posed by campaigns utilizing HTTP tunnels, malicious attachments and malware.
Government agencies were the subjects of by 83 percent of the such attacks over that time period. Software companies, Internet service providers, financial enterprises and the aerospace engineering industry rounded out the list, highlighting how networking has enabled cybercriminals to put tremendous pressure on firms in critical sectors.
Rapidly evolving technologies
Endpoints have come a long way since the days of mainframes and PCs that were bolted to desks. Mobile phones, tablets and laptops are everywhere, and more devices – such as smartwatches and other wearables – are on the horizon.
What do people do on these endpoints? A 2012 Gartner report revealed that checking email was the single most common activity on phones, with 74 percent of early adopters reporting that they engaged in it, ahead of social networking and gaming. Ninety percent of adult Americans own a mobile phone, and 29 percent of them consider it something that they can’t imagine living without, according to the PewResearch Internet Project.
In the context of endpoint security, this number is notable since email remains one of the most common vectors for advanced cyberattacks. A 2012 Trend Micro research paper argued that spear-phishing emails had become the “most favored [advanced persistent threat] bait.” That is, they served as a means of bypassing network security going after individual email accounts and devices.
Investments and priorities
A lot of cybersecurity professionals have backgrounds in network security. Accordingly, they often prioritize what they know well over what may be less familiar to them.
A 2013 Enterprise Strategy Group survey of 395 of these individuals found that nearly 60 percent of respondents ranked their network security measures as “more thorough” than the ones in place for servers; only 7 percent said the inverse. Thirty-seven percent ranked endpoint and network security as equivalent priorities. The network is still widely regarded as the hub of cybersecurity efforts.
Endpoint security may be making a much-needed comeback
It’s clear that endpoint security is more of an uphill battle than network security. Endpoints are upgraded frequently, increasingly mobile and hooked into a wide array of personal and corporate data via channels such as email and file sharing applications. On top of this, the growing momentum of bring your own device initiatives – two out of three companies may adopt one by 2017 – complicates what CIOs and security teams have to deal with.
Moreover, weak endpoint security raises the stakes for doing network security the right way. If an attacker makes it past the network’s defenses, then endpoints and servers become wide-open targets for phishing-led APTs and other threats. In the results of a 2014 survey conducted by the Ponemon Institute, 40 percent of respondents cited endpoints as entryways for attacks. More than 70 percent characterized endpoint threats as being increasingly difficult to contain.
Ultimately, it would seem logical to bring endpoint and network security into balance instead of neglecting one while building up the other. Streamlined BYOD management is a good example of what such an approach could provide. More specifically, personal phones and tablets move between networks throughout the day. There’s no guarantee that they’ll always be on a secure enterprise network, meaning that organizations run the risk of data being compromised when an endpoint ends up on public Wi-Fi or a home network.
“Endpoint/network security integration makes sense,” observed ESG’s Jon Oltsik in a column for Network World. “When malware or suspicious traffic is detected on the network, security analysts can then cross-correlate this intelligence with granular endpoint activities like network connections, file downloads, in-memory processes, etc. This is certainly a much more thorough and timely analytics methodology than poking around networks and endpoints independently.”
A recent ESG report, “Network Security Trends in the Era of Cloud and Mobile Computing,” revealed that firms may be taking Oltsik’s advice to heart. Already, 22 percent of enterprises are performing “extensive” integration of network and endpoint security tools. Among large, advanced organizations, that share is much higher at 65 percent.
The importance of endpoint security in today’s environments
These results are promising, since endpoint security has plenty to bring to the table, despite the common viewpoint that antivirus software in particular is unsuited to containing advanced attacks. It’s not a cure-all like it was in the past, but it’s still important.
Security professionals must take the lead and devise strategies that weave endpoint security into other protective measures such as network monitoring. If it is to be effective in curtailing risk, endpoint protection can’t be a standalone solution anymore.
At its best, endpoint security can give administrators greater visibility into what’s going on around their organizations – connecting the dots, as Cybereason CEO Lior Div put it for Forbes. It also yields insights on device activity so that false positives – e.g., thinking that a failed login was an intrusion attempt rather than someone struggling to remember her password – can be better discarded