Addressing Endpoint Security Visibility and Management

Sponsored by: Promisec

Dan Yachin

November 2008

Endpoint security plays an increasingly important role in protecting against external and internal threats and in addressing regulatory requirements. With more endpoints being  mobile,  and  thus  out  of  the  direct  control  of  the  enterprise,  and  as  many  of today’s attacks are targeted at the endpoint, relevant security is constantly evolving to address an expanding range of threats.

As endpoint security environments are becoming more complex, challenges such as obtaining  continuous  visibility  into  all  endpoints  are  becoming  more  apparent  and prominent, as is tackling complexity issues. Along with the need to reduce the total cost  of  ownership  of  endpoint  security  management,  these  concerns  are  pushing organizations to seek alternatives to traditional approaches.

The   consolidation   of   security   solutions   into   endpoint   security   suites,   and   the ‘outsourcing’ of endpoint security functionalities to managed security service providers (MSSPs)  are  examples  of  this  trend.  Another  emerging  option  for  organizations  to address challenges related to endpoint security management is clientless solutions, which  can  provide  such  benefits  as  reducing  support  and  maintenance  costs  and minimizing network overheads and the impact of endpoint performance.

IDC has developed this white paper using a combination of existing market forecasts and direct in-depth primary research. To gain insight into endpoint security visibility and   management   issues   and   to   learn   how   Promisec   INNERspace   can   help organizations  address  common  endpoint  security  management  challenges,  IDC interviewed  the  company  team  on  the  issues  of  technology,  product  offerings, competitive landscape, and go-to-market strategy.

]]>

This IDC white paper addresses the need to obtain continuous visibility into corporate endpoints  while  simplifying  endpoint  security  management.  It  discusses  growing awareness  toward  the  insider  threat  and  the  role  that  endpoint  security  solutions should play in mitigating it while analyzing common difficulties in effectively dealing with the insider threat using traditional endpoint security approaches.

Introduction

After  years  of  focusing  efforts  on  keeping  their  boundaries  safe  behind  firewalls, organizations have to deal with an expanding perimeter that blurs their boundaries. With Internet, mobile, and wireless connectivity, corporate internal networks become increasingly  accessible  to  remote  workers  and  external  users  via  an  increasing number  and  variety  of  devices.  As  a  result,  the  convenient  separation  between trusted insiders and distrusted outsiders is no longer reliable.

A significant challenge for IT is securely keeping pace with the proliferation and use of existing  and  new  endpoint  devices,  including  personal  digital  assistants  (PDAs), iPods, printers, and copiers. Many newly introduced IP devices that seek access to the  network  are  unmanaged  or  unmanageable  by  IT  and  clearly  represent  added exposure to the network’s overall security posture.

Enterprise  networks  have  been  giving  local  corporate  users  near-instantaneous access  to  internal  and  external  digital  information  while  providing  secure  remote network access for Secure Sockets Layer (SSL)/VPN and wireless access points. As the  bandwidth,  stability,  and  availability  of  corporate  networks  increases,  they  also become the conduit for supporting digital voice (VoIP) and video data streams.

As the proliferation of IP endpoint types continues, enterprise IT staffs are recognizing the significant increase in security vulnerabilities and threat vectors created by their deployment. At the same time, issues at the forefront for enterprise IT and security professionals continue to include network availability, network performance, network health, internal and external breach threats, malware, policy enforcement, and private and confidential information leakage.

Adding  to  this  complex mix of technical  challenges,  federal, local, and international regulations    now    mandate    that    enterprises    establish    comprehensive    policy enforcement   mechanisms,   significantly   raising   the   risk   stakes   for   enterprise management and IT.

The Rise of the Insider Threat

The realization that most attacks are coming from inside the network leads to growing awareness of the insider threat, which endpoint security solutions can have a key roll

in addressing. As an indication of this trend, for the first time in the eight years IDC has  done  its  annual  security  survey,  trojans,  viruses,  and  other  types  of  malicious code  have  been  dethroned  from  the  top  spot  of  threats  to  enterprise  security.  The exposure  of  confidential  information  is  now  the  single  greatest  threat  to  enterprise security.  Moreover,  insider  threats  (employees  inadvertently  exposing  confidential information,  data  stolen  by  employees  or  business  partners,  and  insider  sabotage) now account for 3 of top 10 threats to enterprise security, as shown in Figure 1.

In  fact,  in  addition  to  the  abovementioned  ’classic’  insider  threats,  even  traditional external  threats  such  as  viruses  and  other  malware,  spyware,  and  hacking  can  be considered closely related to insider threats, as many of today’s attacks are designed to exploit endpoint vulnerabilities to launch targeted attacks, steal information, etc.