SlideShare une entreprise Scribd logo

ESG: Rethinking Endpoint Security

E
EMC

This white paper from analyst firm ESG focuses on the need to rethink how security is managed on endpoints as part of a larger more comprehensive enterprise security strategy and the importance of improving organizations’ effectiveness of detecting and investigating advanced malware

Technologie
1  sur  10
Télécharger pour lire hors ligne
White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed under license from ESG. © 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
White Paper: Rethinking Endpoint Security 2 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Contents Executive Summary ......................................................................................................................................3 Rethinking Endpoint Security .......................................................................................................................3 Endpoint Security Challenges Abound ..................................................................................................................... 5 Endpoint Security in Transition ....................................................................................................................7 RSA and Endpoint Security ....................................................................................................................................... 8 The Bigger Truth ...........................................................................................................................................9 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
White Paper: Rethinking Endpoint Security 3 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Executive Summary Mention endpoint security to an infosec professional and he or she will likely think of antivirus software, vulnerability scanning, and patch management. These three areas have made up the essence of endpoint security since organizations first connected to the Internet. Antivirus software, vulnerability scanning, and patch management remained relatively effective at detecting and blocking routine malware like viruses and Internet worms from the mid-1990s through the early 2000s. Over the past few years, however, many legacy enterprise security methodologies, in particular those focusing on the endpoint, have started to show their age. While signatures and software updates remain important to patch common vulnerabilities and block pedestrian malware, new types of targeted attacks and sophisticated malware can easily circumvent traditional endpoint security controls and contribute directly to major data breaches. Endpoint security as a category is now in a rapid state of transition. Key conclusions in this white paper are:  Endpoint security strategies are changing to address new types of threats. Cyber-adversaries have adopted new tactics, techniques, and procedures (TTPs) using stealthy malware, spear phishing, social engineering, and other techniques designed to circumvent traditional endpoint security controls. These advances have led to the recent wave of publicly disclosed, massive data breaches at organizations such as Home Depot, JPMorgan Chase, and Sony Pictures, prompting security and business executives to increase their focus on cybersecurity... As a result, many organizations are rethinking their endpoint security strategies and budgets and are now crafting endpoint security strategies to address malware threats and cyber risks.  Endpoint security challenges remain. While organizations have many new endpoint security initiatives, they continue to be hamstrung by existing endpoint security challenges such as a shortage of endpoint security skill, IT operations inefficiencies, and continued dependence on legacy infosec controls. Unfortunately, these challenges are only leaving them further and further behind, increasing IT risk.  Large organizations are embracing new endpoint security controls, oversight, and analytics. ESG research indicates that many CISOs are adding new endpoint security controls to prevent, detect, and respond to sophisticated malware threats. In addition, large organizations are implementing endpoint forensics tools to capture and analyze security data in real time. Finally, firms are integrating endpoint, network packet, and log data to broaden their security visibility and analyzing this data with big data security analytics techniques. Rethinking Endpoint Security Endpoint security used to be a fairly mundane area at many enterprise organizations. The IT operations team would provision PCs with an approved gold image and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was generally straightforward and had become relatively easy to manage. More recently, however, organizations are increasing their focus on endpoint security and its associated people, processes, and technologies. This is reflected in the fact that 57% of organizations have increased their endpoint security budgets over the last two years. Endpoint security strategies are also in a state of transition. ESG research reveals that endpoint security strategy is being driven by (see Figure 1):1  The need to address new types of malware threats. Nearly one-third (31%) of respondents report that one of the two most significant influences on their organization’s endpoint security strategy moving forward is 1 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. Firms are integrating endpoint, network packet, and log data to broaden their security visibility and analyzing this data with big data security analytics techniques.
White Paper: Rethinking Endpoint Security 4 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. addressing new types of malware threats. This is not surprising as the volume and sophistication of attacks has never been higher and the landscape is steadily becoming more dangerous. The sophistication and efficiency of the cybercriminal underground, the threat of state-sponsored cyberattacks, and the increasing ease of access that would-be criminals have to sophisticated malware tools are an intimidating combination, driving the need for new security strategies. Organizations are rightly concerned about their ability to rebuff these threats and stay a step ahead of their attackers, and they do not believe AV can do the job alone.  Problems caused by the volume and diversity of devices. Twenty nine percent (29%) of respondents say that addressing new risks associated with mobile endpoints is a top endpoint security strategy requirement, while an additional 20% say that they need to manage new risks associated with unmanaged devices. This will only increase with the addition of more cloud, mobile, and Internet-of-Things (IoT) technologies.  Addressing cyber risk and improving information security best practices. Just over one-quarter (26%) of respondents say that their endpoint security strategy is greatly influenced by an organizational initiative to address cyber risk and improve information security best practices. This is a clear indication that what they are doing today is not working. Figure 1. Considerations That Have the Most Significant Influence on Organization’s Endpoint Security Strategy Moving Forward Source: Enterprise Strategy Group, 2015. It is also worth noting that 21% of respondents said that endpoint security strategy is influenced by an increase in oversight by their organization’s executives and/or board of directors. ESG interprets this as an indication of the growing importance of sound endpoint security policies, processes, and technologies. 13% 20% 21% 22% 23% 26% 29% 31% 0% 5% 10% 15% 20% 25% 30% 35% Numerous data breaches resulting from targeted attacks on my organization's industry Addressing new risks associated with an increase in unmanaged devices (i.e., BYOD) An increase in oversight by my organization’s executives and/or board of directors Regulatory compliance Aligning our endpoint security strategy with our use of cloud computing services (i.e., IaaS, SaaS, etc.) A general organizational initiative to address cyber risk and improve information security best practices Addressing new risks associated with mobile endpoints Addressing new types of malware threats Which of the following considerations would you characterize as having the most significant influence on your organization’s endpoint security strategy moving forward? (Percent of respondents, N=340, two responses accepted)
White Paper: Rethinking Endpoint Security 5 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Endpoint Security Challenges Abound While ESG research indicates endpoint security strategies are driven by the numerous factors discussed, many organizations still struggle to address endpoint security vulnerabilities and threats with legacy processes and technologies. For example (see Figure 2):2  Security teams spend too much time putting out fires. Thirty eight percent (38%) of respondents say that their security staff spends a lot of time attending to high-priority issues so staff members don’t have sufficient time for process improvement or strategic planning. This challenge is something of a paradox. Strategic improvements cannot and should not come at the expense of the security team failing to respond to these high-priority issues, creating a purgatorial quandary for many organizations: They know they need an endpoint security overhaul, but cannot afford to dedicate ample time at the expense of day-to-day security tactics. Effective endpoint tools must address this head-on by improving both the strategic and day-to-day position of the security team.  Organizations remain overly focused on regulatory compliance. More than one-third (34%) of respondents report that their organization is more focused on meeting regulatory compliance guidelines than addressing endpoint security with strong controls and oversight. Regulatory compliance should come as a result of strong security, and endpoint security cannot be achieved with a compliance-centric approach.  Endpoint security is fraught with too many manual processes and controls. Endpoint security has undergone a major technical transition, but many organizations continue to rely on legacy products and processes to combat these new challenges. It is often cheaper and easier for organizations to layer new products on top of legacy products as needs arise, but this unfortunately bogs down security teams with haphazard layers of security processes and tools which can create a security operations nightmare. 2 Source: ESG Research Report, The Endpoint Security Paradox, January 2015.
White Paper: Rethinking Endpoint Security 6 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 2. Endpoint Security Challenges Source: Enterprise Strategy Group, 2015. In addition to these issues, many organizations also find that their security teams are understaffed, conduct too many repetitive tasks manually, and lack critical malware and endpoint security skills for detecting and responding to cyber-attacks. All in all, ESG research points to a situation where the predominant endpoint security approach is not an adequate countermeasure for addressing the complexity and sophistication of modern threats. 11% 17% 17% 23% 29% 34% 38% 0% 10% 20% 30% 40% We lack budget to purchase the right endpoint security products My organization isn’t particularly good at vulnerability scanning and/or patch management so we are always vulnerable to having an endpoint compromised by malware My organization doesn’t monitor endpoint activities proactively so it can be difficult for us to detect a security incident My organization views endpoint security as a basic requirement and doesn’t put enough time or resources into developing best practices Endpoint security is based upon too many manual processes making it difficult for the security staff to keep up My organization is more focused on meeting regulatory compliance requirements than addressing endpoint security risks with strong controls and oversight The security staff spends a lot of time attending to high- priority issues so staff members don’t have ample time for process improvement or strategic planning In your opinion, which of the following presents the biggest endpoint security challenges to your organization? (Percent of respondents, N=340, two responses accepted)
White Paper: Rethinking Endpoint Security 7 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Endpoint Security in Transition ESG data strongly suggests that enterprise organizations do not view antivirus as a viable technology for blocking sophisticated attacks. As a result, many organizations are supplementing their AV products with newer and more robust technologies that offer more functionality across incident detection, response, and remediation. ESG research shows that enterprises are implementing new endpoint security technologies such as: 1. Advanced antimalware products. Nearly three-quarters (73%) of organizations have already deployed or are testing advanced antimalware detection/prevention products on their endpoints (in addition to AV). The top reasons that organizations acquire advanced antimalware solutions are because it is recommended to them by their service providers (i.e., compliance auditors, penetration testers, etc.), the organizations are reacting to intelligence that they may be targets and want to add another layer of security, or they have seen industry peers add antimalware solutions with some success and they decided to follow suit. 2. Continuous endpoint monitoring. Fifty nine percent (59%) of organizations have purchased and implemented tools for endpoint monitoring over the last two years. While many continuous monitoring initiatives are in their nascent stages, the ESG data indicates that enterprise organizations are making slow and steady progress in this area. 3. Endpoint forensics. Sixty nine percent (69%) of organizations surveyed by ESG have deployed endpoint forensic solutions to some degree. And similar to real-time monitoring, organizations are deploying endpoint forensic products based on need, not cost. For example, 29% of respondents indicate that their organization deployed endpoint forensics because they thought it would improve their efficiency and effectiveness related to incident response, while another 29% indicated that the reason their organization deployed the technology was to reduce the time it takes for incident detection. Finally, ESG found that 71% of organizations are integrating endpoint data with network security analytics. This gives them a more comprehensive and integrated view of security activities across networks and host systems (see Figure 3).3 3 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. ESG data strongly suggests that enterprise organizations do not view antivirus as a viable technology for blocking sophisticated attacks. ESG found that 71% of organizations are integrating endpoint data with network security analytics. This gives them a more comprehensive and integrated view of security activities across networks and host systems.
White Paper: Rethinking Endpoint Security 8 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 3. Interest in Integration Between an Endpoint Forensics Solution and Other Types of Security Analytics Systems Source: Enterprise Strategy Group, 2015. RSA and Endpoint Security Endpoint security has grown well beyond AV alone. Many organizations are implementing new types of tools to improve their incidence detection and response effectiveness and efficiency. Unfortunately, many CISOs continue to take a tactical approach. While layering on new tools may improve some aspects of endpoint security, it also adds complexity and operational overhead. Rather than approach endpoint security on a piecemeal basis, ESG believes that a prudent endpoint security strategy must be strategic and tightly integrated with the organization’s enterprise-wide incident detection and response strategy. RSA Security, a veteran information security vendor, has recently added endpoint security to its robust portfolio of incident detection, investigation, and response related products and services. RSA’s endpoint security approach is based on:  RSA ECAT. RSA acquired Silicium Security in 2012 and has recently released a major new version of the software, RSA ECAT 4.0. RSA ECAT is an endpoint threat detection solution that exposes malware and other threats, highlights suspicious activity for fast investigation, and instantly determines the scope of a compromise. With continuous monitoring of endpoint activity, organizations can gain the real-time visibility needed to detect and respond to threats faster. Unlike AV, RSA ECAT does not rely on signatures to detect malware. Instead, RSA ECAT gains a deep view of endpoint activity, looking for and flagging suspicious behavior for review. RSA ECAT can collect the critical endpoint data needed for investigations and enables security teams to focus their investigations and quickly confirm infections. In this way, RSA ECAT can capture endpoint forensic details to improve incident investigation and response, without requiring physical access to machines. Yes, already doing this extensively, 33% Yes, already doing this on a limited basis, 38% No but we are planning to do this type of integration within the next 24 months, 18% No, but we are interested in doing this type of integration in the future, 8% No, and we have no plans for or interest in doing so in the future, 2% Some organizations are integrating endpoint forensics solutions with network-forensics and/or security analytics tools (i.e., SIEM, big data security analytics systems, etc.). Is your organization doing or planning to do any type of similar integration between an endpoint forensics solution and other types of security analytics systems? (Percent of respondents, N=291)
White Paper: Rethinking Endpoint Security 9 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved.  Integration with RSA Security Analytics. RSA Security Analytics can help security operations teams gain visibility and control over their network. It is integrated with and thus can be paired with ECAT to bring together network-, log-, and endpoint-level security visibility and provide organizations with the data collection, aggregation, and analytics tools needed for enterprise SOC teams.  RSA Professional Services. CISOs challenged by the complexity of improving their incident detection and response capabilities generally and endpoint security in particular can contract with RSA to help assess current capabilities, plan and design an appropriate endpoint security strategy, and deploy RSA ECAT alone or with RSA Security Analytics to better address the needs of their security team The Bigger Truth Endpoint security is changing to meet new demands. Organizations are struggling to hire the right staff, choose the right technologies, and respond to the many challenges of modern threats. The scale and diversity of these challenges can appear overwhelming, but organizations that take the time to devise and execute solid, integrated endpoint strategies can see rich returns. ESG believes that organizations that are seeking to overhaul their endpoint security should integrate their endpoint security technologies with their network-level and log monitoring in order to improve incident detection, prevention, and response, while also streamlining the work of their security operations team. RSA may be fairly new to endpoint security, but the company has taken an enterprise approach combining security products and services that aligns with burgeoning endpoint security needs. Given this, CISOs can benefit from an investigation of RSA’s endpoint security offering.
20 Asylum Street | Milford, MA 01757 | Tel: 508.482.0188 Fax: 508.482.0218 | www.esg-global.com

Recommandé

Cost curves
Cost curvesCost curves
Cost curvesTravis Klein
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementEMC
 
Online Campaigns: A waste of money or improving your bottom line?
Online Campaigns: A waste of money or improving your bottom line?Online Campaigns: A waste of money or improving your bottom line?
Online Campaigns: A waste of money or improving your bottom line?Research Now
 
Jose esteves 1
Jose esteves 1Jose esteves 1
Jose esteves 1Susana Valente
 
02 tues demand consumer surplus
02 tues demand consumer surplus02 tues demand consumer surplus
02 tues demand consumer surplusTravis Klein
 
04 tues oppo costs choices
04 tues oppo costs choices04 tues oppo costs choices
04 tues oppo costs choicesTravis Klein
 
Process of science
Process of scienceProcess of science
Process of scienceQuanina Quan
 
The power of perception
The power of perceptionThe power of perception
The power of perceptionChandan Dubey
 

Recommandé

Cost curves
Cost curvesCost curves
Cost curvesTravis Klein
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementEMC
 
Online Campaigns: A waste of money or improving your bottom line?
Online Campaigns: A waste of money or improving your bottom line?Online Campaigns: A waste of money or improving your bottom line?
Online Campaigns: A waste of money or improving your bottom line?Research Now
 
Jose esteves 1
Jose esteves 1Jose esteves 1
Jose esteves 1Susana Valente
 
02 tues demand consumer surplus
02 tues demand consumer surplus02 tues demand consumer surplus
02 tues demand consumer surplusTravis Klein
 
04 tues oppo costs choices
04 tues oppo costs choices04 tues oppo costs choices
04 tues oppo costs choicesTravis Klein
 
Process of science
Process of scienceProcess of science
Process of scienceQuanina Quan
 
The power of perception
The power of perceptionThe power of perception
The power of perceptionChandan Dubey
 
Tire safety
Tire safetyTire safety
Tire safetyChandan Dubey
 
The Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesThe Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesEMC
 
Ireland and North Ireland
Ireland and North IrelandIreland and North Ireland
Ireland and North IrelandCEgroepSJL
 
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?Dr. Raju M. Mathew
 
อังกฤษ
อังกฤษอังกฤษ
อังกฤษjojowhisky
 
The Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems MagazineThe Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems Magazinerobertaronen
 
Power presentació(bona)
Power presentació(bona)Power presentació(bona)
Power presentació(bona)pujadasjordi
 
บทที่ 4
บทที่ 4บทที่ 4
บทที่ 4einscream
 
Actionable IAM
Actionable IAMActionable IAM
Actionable IAMEMC
 
Recording Reccy
Recording ReccyRecording Reccy
Recording Reccysophiemcavoy1
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 

Contenu connexe

En vedette

The Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesThe Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesEMC
 
Ireland and North Ireland
Ireland and North IrelandIreland and North Ireland
Ireland and North IrelandCEgroepSJL
 
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?Dr. Raju M. Mathew
 
อังกฤษ
อังกฤษอังกฤษ
อังกฤษjojowhisky
 
The Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems MagazineThe Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems Magazinerobertaronen
 
Power presentació(bona)
Power presentació(bona)Power presentació(bona)
Power presentació(bona)pujadasjordi
 
บทที่ 4
บทที่ 4บทที่ 4
บทที่ 4einscream
 
Actionable IAM
Actionable IAMActionable IAM
Actionable IAMEMC
 

En vedette (10)

Tire safety
Tire safetyTire safety
Tire safety
 
The Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesThe Digital Universe in 2020 - United States
The Digital Universe in 2020 - United States
 
Ireland and North Ireland
Ireland and North IrelandIreland and North Ireland
Ireland and North Ireland
 
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
KNOWLEDGE MANAGEMENT - WHERE THEY ARE GONE WRONG?
 
อังกฤษ
อังกฤษอังกฤษ
อังกฤษ
 
The Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems MagazineThe Power of Wear Rings - Pumps & Systems Magazine
The Power of Wear Rings - Pumps & Systems Magazine
 
Power presentació(bona)
Power presentació(bona)Power presentació(bona)
Power presentació(bona)
 
บทที่ 4
บทที่ 4บทที่ 4
บทที่ 4
 
Actionable IAM
Actionable IAMActionable IAM
Actionable IAM
 
Recording Reccy
Recording ReccyRecording Reccy
Recording Reccy
 

Plus de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Plus de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Dernier

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Dernier (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

ESG: Rethinking Endpoint Security

  • 1. White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed under license from ESG. © 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
  • 2. White Paper: Rethinking Endpoint Security 2 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Contents Executive Summary ......................................................................................................................................3 Rethinking Endpoint Security .......................................................................................................................3 Endpoint Security Challenges Abound ..................................................................................................................... 5 Endpoint Security in Transition ....................................................................................................................7 RSA and Endpoint Security ....................................................................................................................................... 8 The Bigger Truth ...........................................................................................................................................9 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
  • 3. White Paper: Rethinking Endpoint Security 3 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Executive Summary Mention endpoint security to an infosec professional and he or she will likely think of antivirus software, vulnerability scanning, and patch management. These three areas have made up the essence of endpoint security since organizations first connected to the Internet. Antivirus software, vulnerability scanning, and patch management remained relatively effective at detecting and blocking routine malware like viruses and Internet worms from the mid-1990s through the early 2000s. Over the past few years, however, many legacy enterprise security methodologies, in particular those focusing on the endpoint, have started to show their age. While signatures and software updates remain important to patch common vulnerabilities and block pedestrian malware, new types of targeted attacks and sophisticated malware can easily circumvent traditional endpoint security controls and contribute directly to major data breaches. Endpoint security as a category is now in a rapid state of transition. Key conclusions in this white paper are:  Endpoint security strategies are changing to address new types of threats. Cyber-adversaries have adopted new tactics, techniques, and procedures (TTPs) using stealthy malware, spear phishing, social engineering, and other techniques designed to circumvent traditional endpoint security controls. These advances have led to the recent wave of publicly disclosed, massive data breaches at organizations such as Home Depot, JPMorgan Chase, and Sony Pictures, prompting security and business executives to increase their focus on cybersecurity... As a result, many organizations are rethinking their endpoint security strategies and budgets and are now crafting endpoint security strategies to address malware threats and cyber risks.  Endpoint security challenges remain. While organizations have many new endpoint security initiatives, they continue to be hamstrung by existing endpoint security challenges such as a shortage of endpoint security skill, IT operations inefficiencies, and continued dependence on legacy infosec controls. Unfortunately, these challenges are only leaving them further and further behind, increasing IT risk.  Large organizations are embracing new endpoint security controls, oversight, and analytics. ESG research indicates that many CISOs are adding new endpoint security controls to prevent, detect, and respond to sophisticated malware threats. In addition, large organizations are implementing endpoint forensics tools to capture and analyze security data in real time. Finally, firms are integrating endpoint, network packet, and log data to broaden their security visibility and analyzing this data with big data security analytics techniques. Rethinking Endpoint Security Endpoint security used to be a fairly mundane area at many enterprise organizations. The IT operations team would provision PCs with an approved gold image and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was generally straightforward and had become relatively easy to manage. More recently, however, organizations are increasing their focus on endpoint security and its associated people, processes, and technologies. This is reflected in the fact that 57% of organizations have increased their endpoint security budgets over the last two years. Endpoint security strategies are also in a state of transition. ESG research reveals that endpoint security strategy is being driven by (see Figure 1):1  The need to address new types of malware threats. Nearly one-third (31%) of respondents report that one of the two most significant influences on their organization’s endpoint security strategy moving forward is 1 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. Firms are integrating endpoint, network packet, and log data to broaden their security visibility and analyzing this data with big data security analytics techniques.
  • 4. White Paper: Rethinking Endpoint Security 4 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. addressing new types of malware threats. This is not surprising as the volume and sophistication of attacks has never been higher and the landscape is steadily becoming more dangerous. The sophistication and efficiency of the cybercriminal underground, the threat of state-sponsored cyberattacks, and the increasing ease of access that would-be criminals have to sophisticated malware tools are an intimidating combination, driving the need for new security strategies. Organizations are rightly concerned about their ability to rebuff these threats and stay a step ahead of their attackers, and they do not believe AV can do the job alone.  Problems caused by the volume and diversity of devices. Twenty nine percent (29%) of respondents say that addressing new risks associated with mobile endpoints is a top endpoint security strategy requirement, while an additional 20% say that they need to manage new risks associated with unmanaged devices. This will only increase with the addition of more cloud, mobile, and Internet-of-Things (IoT) technologies.  Addressing cyber risk and improving information security best practices. Just over one-quarter (26%) of respondents say that their endpoint security strategy is greatly influenced by an organizational initiative to address cyber risk and improve information security best practices. This is a clear indication that what they are doing today is not working. Figure 1. Considerations That Have the Most Significant Influence on Organization’s Endpoint Security Strategy Moving Forward Source: Enterprise Strategy Group, 2015. It is also worth noting that 21% of respondents said that endpoint security strategy is influenced by an increase in oversight by their organization’s executives and/or board of directors. ESG interprets this as an indication of the growing importance of sound endpoint security policies, processes, and technologies. 13% 20% 21% 22% 23% 26% 29% 31% 0% 5% 10% 15% 20% 25% 30% 35% Numerous data breaches resulting from targeted attacks on my organization's industry Addressing new risks associated with an increase in unmanaged devices (i.e., BYOD) An increase in oversight by my organization’s executives and/or board of directors Regulatory compliance Aligning our endpoint security strategy with our use of cloud computing services (i.e., IaaS, SaaS, etc.) A general organizational initiative to address cyber risk and improve information security best practices Addressing new risks associated with mobile endpoints Addressing new types of malware threats Which of the following considerations would you characterize as having the most significant influence on your organization’s endpoint security strategy moving forward? (Percent of respondents, N=340, two responses accepted)
  • 5. White Paper: Rethinking Endpoint Security 5 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Endpoint Security Challenges Abound While ESG research indicates endpoint security strategies are driven by the numerous factors discussed, many organizations still struggle to address endpoint security vulnerabilities and threats with legacy processes and technologies. For example (see Figure 2):2  Security teams spend too much time putting out fires. Thirty eight percent (38%) of respondents say that their security staff spends a lot of time attending to high-priority issues so staff members don’t have sufficient time for process improvement or strategic planning. This challenge is something of a paradox. Strategic improvements cannot and should not come at the expense of the security team failing to respond to these high-priority issues, creating a purgatorial quandary for many organizations: They know they need an endpoint security overhaul, but cannot afford to dedicate ample time at the expense of day-to-day security tactics. Effective endpoint tools must address this head-on by improving both the strategic and day-to-day position of the security team.  Organizations remain overly focused on regulatory compliance. More than one-third (34%) of respondents report that their organization is more focused on meeting regulatory compliance guidelines than addressing endpoint security with strong controls and oversight. Regulatory compliance should come as a result of strong security, and endpoint security cannot be achieved with a compliance-centric approach.  Endpoint security is fraught with too many manual processes and controls. Endpoint security has undergone a major technical transition, but many organizations continue to rely on legacy products and processes to combat these new challenges. It is often cheaper and easier for organizations to layer new products on top of legacy products as needs arise, but this unfortunately bogs down security teams with haphazard layers of security processes and tools which can create a security operations nightmare. 2 Source: ESG Research Report, The Endpoint Security Paradox, January 2015.
  • 6. White Paper: Rethinking Endpoint Security 6 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 2. Endpoint Security Challenges Source: Enterprise Strategy Group, 2015. In addition to these issues, many organizations also find that their security teams are understaffed, conduct too many repetitive tasks manually, and lack critical malware and endpoint security skills for detecting and responding to cyber-attacks. All in all, ESG research points to a situation where the predominant endpoint security approach is not an adequate countermeasure for addressing the complexity and sophistication of modern threats. 11% 17% 17% 23% 29% 34% 38% 0% 10% 20% 30% 40% We lack budget to purchase the right endpoint security products My organization isn’t particularly good at vulnerability scanning and/or patch management so we are always vulnerable to having an endpoint compromised by malware My organization doesn’t monitor endpoint activities proactively so it can be difficult for us to detect a security incident My organization views endpoint security as a basic requirement and doesn’t put enough time or resources into developing best practices Endpoint security is based upon too many manual processes making it difficult for the security staff to keep up My organization is more focused on meeting regulatory compliance requirements than addressing endpoint security risks with strong controls and oversight The security staff spends a lot of time attending to high- priority issues so staff members don’t have ample time for process improvement or strategic planning In your opinion, which of the following presents the biggest endpoint security challenges to your organization? (Percent of respondents, N=340, two responses accepted)
  • 7. White Paper: Rethinking Endpoint Security 7 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Endpoint Security in Transition ESG data strongly suggests that enterprise organizations do not view antivirus as a viable technology for blocking sophisticated attacks. As a result, many organizations are supplementing their AV products with newer and more robust technologies that offer more functionality across incident detection, response, and remediation. ESG research shows that enterprises are implementing new endpoint security technologies such as: 1. Advanced antimalware products. Nearly three-quarters (73%) of organizations have already deployed or are testing advanced antimalware detection/prevention products on their endpoints (in addition to AV). The top reasons that organizations acquire advanced antimalware solutions are because it is recommended to them by their service providers (i.e., compliance auditors, penetration testers, etc.), the organizations are reacting to intelligence that they may be targets and want to add another layer of security, or they have seen industry peers add antimalware solutions with some success and they decided to follow suit. 2. Continuous endpoint monitoring. Fifty nine percent (59%) of organizations have purchased and implemented tools for endpoint monitoring over the last two years. While many continuous monitoring initiatives are in their nascent stages, the ESG data indicates that enterprise organizations are making slow and steady progress in this area. 3. Endpoint forensics. Sixty nine percent (69%) of organizations surveyed by ESG have deployed endpoint forensic solutions to some degree. And similar to real-time monitoring, organizations are deploying endpoint forensic products based on need, not cost. For example, 29% of respondents indicate that their organization deployed endpoint forensics because they thought it would improve their efficiency and effectiveness related to incident response, while another 29% indicated that the reason their organization deployed the technology was to reduce the time it takes for incident detection. Finally, ESG found that 71% of organizations are integrating endpoint data with network security analytics. This gives them a more comprehensive and integrated view of security activities across networks and host systems (see Figure 3).3 3 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. ESG data strongly suggests that enterprise organizations do not view antivirus as a viable technology for blocking sophisticated attacks. ESG found that 71% of organizations are integrating endpoint data with network security analytics. This gives them a more comprehensive and integrated view of security activities across networks and host systems.
  • 8. White Paper: Rethinking Endpoint Security 8 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 3. Interest in Integration Between an Endpoint Forensics Solution and Other Types of Security Analytics Systems Source: Enterprise Strategy Group, 2015. RSA and Endpoint Security Endpoint security has grown well beyond AV alone. Many organizations are implementing new types of tools to improve their incidence detection and response effectiveness and efficiency. Unfortunately, many CISOs continue to take a tactical approach. While layering on new tools may improve some aspects of endpoint security, it also adds complexity and operational overhead. Rather than approach endpoint security on a piecemeal basis, ESG believes that a prudent endpoint security strategy must be strategic and tightly integrated with the organization’s enterprise-wide incident detection and response strategy. RSA Security, a veteran information security vendor, has recently added endpoint security to its robust portfolio of incident detection, investigation, and response related products and services. RSA’s endpoint security approach is based on:  RSA ECAT. RSA acquired Silicium Security in 2012 and has recently released a major new version of the software, RSA ECAT 4.0. RSA ECAT is an endpoint threat detection solution that exposes malware and other threats, highlights suspicious activity for fast investigation, and instantly determines the scope of a compromise. With continuous monitoring of endpoint activity, organizations can gain the real-time visibility needed to detect and respond to threats faster. Unlike AV, RSA ECAT does not rely on signatures to detect malware. Instead, RSA ECAT gains a deep view of endpoint activity, looking for and flagging suspicious behavior for review. RSA ECAT can collect the critical endpoint data needed for investigations and enables security teams to focus their investigations and quickly confirm infections. In this way, RSA ECAT can capture endpoint forensic details to improve incident investigation and response, without requiring physical access to machines. Yes, already doing this extensively, 33% Yes, already doing this on a limited basis, 38% No but we are planning to do this type of integration within the next 24 months, 18% No, but we are interested in doing this type of integration in the future, 8% No, and we have no plans for or interest in doing so in the future, 2% Some organizations are integrating endpoint forensics solutions with network-forensics and/or security analytics tools (i.e., SIEM, big data security analytics systems, etc.). Is your organization doing or planning to do any type of similar integration between an endpoint forensics solution and other types of security analytics systems? (Percent of respondents, N=291)
  • 9. White Paper: Rethinking Endpoint Security 9 © 2015 by The Enterprise Strategy Group, Inc. All Rights Reserved.  Integration with RSA Security Analytics. RSA Security Analytics can help security operations teams gain visibility and control over their network. It is integrated with and thus can be paired with ECAT to bring together network-, log-, and endpoint-level security visibility and provide organizations with the data collection, aggregation, and analytics tools needed for enterprise SOC teams.  RSA Professional Services. CISOs challenged by the complexity of improving their incident detection and response capabilities generally and endpoint security in particular can contract with RSA to help assess current capabilities, plan and design an appropriate endpoint security strategy, and deploy RSA ECAT alone or with RSA Security Analytics to better address the needs of their security team The Bigger Truth Endpoint security is changing to meet new demands. Organizations are struggling to hire the right staff, choose the right technologies, and respond to the many challenges of modern threats. The scale and diversity of these challenges can appear overwhelming, but organizations that take the time to devise and execute solid, integrated endpoint strategies can see rich returns. ESG believes that organizations that are seeking to overhaul their endpoint security should integrate their endpoint security technologies with their network-level and log monitoring in order to improve incident detection, prevention, and response, while also streamlining the work of their security operations team. RSA may be fairly new to endpoint security, but the company has taken an enterprise approach combining security products and services that aligns with burgeoning endpoint security needs. Given this, CISOs can benefit from an investigation of RSA’s endpoint security offering.
  • 10. 20 Asylum Street | Milford, MA 01757 | Tel: 508.482.0188 Fax: 508.482.0218 | www.esg-global.com