Johannesburg, 01 Feb 2019
The Ponemon Institute last year declared that endpoint security risk had become unmanageable and that traditional security approaches were ineffective and resource-intensive. Yet, as more and more devices and things come online, expected to reach 200 billion by 2020, endpoint security management will become even more complicated. Enterprises need a new approach that allows them to view and manage all endpoints from a single platform.
For Sam Selmer-Olsen, MD of Bateleur Software, the biggest challenge with the current approach to endpoint security is that most solutions are tied to a particular hardware vendor and cannot detect endpoints made by other manufacturers. This meant enterprises needed a different solution for each brand of mobile device, laptop, desktop PC, printer, server, switch, router and every other type of endpoint. One study found that organisations have, on average, seven different endpoint security software solutions.
"Employees want to access company information from any device and from anywhere, and consumers jump onto enterprise WiFi networks at every opportunity. This has made it difficult to know who is on the network and what they're accessing. When enterprises run an endpoint discovery exercise, it's not uncommon for them to discover 10% of their network that they didn't know existed," says Selmer-Olsen.
Bigger picture
Enterprises typically treat endpoints as separate to the corporate network, simply because they cannot protect them. But, as the weakest links in the security chain, with each one providing an entry point for attack, Selmer-Olsen says enterprises need to start thinking about endpoints as part of the larger network security framework.
"As soon as an endpoint connects to the network, it should be considered as part of that network. Enterprises must be able to quickly and automatically identify a device, apply access control policies, and quarantine or reject malware-infected devices," says Selmer-Olsen.
This is easier said than done because networks typically comprise multi-vendor solutions and span multiple ecosystems. This is one reason why Gartner found that traditional endpoint protection platforms cannot keep up with evolving malware tactics.
"Without complete endpoint visibility, enterprises cannot detect threats until it's too late and they waste a lot of time and resources investigating false positives," says Selmer-Olsen.
One study found that 50% of companies have a team of more than 35 people managing endpoints and that businesses spend $3.4 million annually on detection and containment of insecure endpoints. It also found that 55% of vulnerable endpoints contain sensitive data and 36% of endpoints fail compliance.
Centralised, comprehensive control
To protect networks from rogue endpoints, enterprises need a real-time network management and security system, what Selmer-Olsen calls a business infrastructure control solution. The solution should be able to automate the discovery and classification of any endpoint, regardless of the manufacturer or version, and provide management capabilities from a single console.
"Enterprises need to aim for central, comprehensive control of their infrastructure, using a solution that supports unlimited scalability and that can be implemented with minimal or no changes to the existing infrastructure. The end goal should be to reduce complexity and free themselves from vendor lock-in. With a single view of their infrastructure, enterprises can better allocate their human resources and ensure accurate cost allocation."
Selmer-Olsen says most organisations can't say with certainty how many endpoints they manage. "One of the world's largest transportation and logistics companies discovered 20 000 previously undetected endpoints when it ran a discovery exercise. That's 20 000 potential network entry points for attackers and 20 000 unaccounted for endpoints, which could have serious compliance implications."
And, considering that each successful attack through a vulnerable endpoint costs a large organisation about $5 million, not to mention the associated downtime, data loss, reputation damage, productivity loss and infrastructure damage, enterprises need to gain control of their endpoints before they lose control completely.
Share