Light Dark
February 23, 2018 By Jack Danahy 4 min read
Endpoint

There has been a critical skills shortage in cybersecurity for years. In fact, Cisco estimated that there are currently 1 million unfilled cybersecurity positions around the world. Given the rapid expansion of networks, the growing threat surface, continuous attacker innovation and the recent publicity around major campaigns such as NotPetya and WannaCry, organizations of all sizes have recognized the need for more endpoint security, which is creating even more demand for limited resources.

Filling the Gaps With Endpoint Security

IBM Security General Manager Marc van Zadelhoff noted that “the volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime,” suggesting a need for new technology to lighten the load for overwhelmed and understaffed security teams. In addition, organizations must provide more training and education programs to fill the skills gap with an eye toward developing suitably experienced members of this new wave to lead and transform security strategies in five to 10 years.

Between now and then, organizations should reduce complexity in endpoint security management wherever possible. Not every security task requires an expert, and simplification of the most commonplace items is not just possible but urgent. Strategy development, incident response, forensic analysis and enabling security technologies such as encryption, multifactor authentication and secure networking certainly demand substantial expertise. However, day-to-day security management, such as resetting passwords and patching systems, does not require that same level of security knowledge and experience, instead calling for a more traditional understanding of IT operations and infrastructure.

Ponemon Institute’s “The 2017 State of Endpoint Security Risk Report” revealed that 54 percent of companies experienced a data breach in the past year. It’s remarkable that the majority of organizations suffered successful attacks during a time when cybersecurity spending increased at twice the rate of IT investment overall, according to IDC. Worse, the losses appear to be growing even more quickly. The number of lost, stolen or compromised records surged 164 percent between 2016 and 2017, according to Gemalto.

Three Steps to Improve Simplicity in Security

While many new entrants and offerings aim to close this gap, most ignore the negative effects of complexity. As threat vectors proliferate and grow into multistage campaigns, IT managers and security teams struggle to keep up with the unique functional and management requirements of the tools they evaluate and deploy, making security budgets a fertile breeding ground for shelfware. To secure these organizations, new protections must be delivered with simplicity.

With all this in mind, let’s take a look at three key steps companies can take to simplify their security strategies and address the growing skills shortage.

1. Evaluate What You Need From Multipurpose Security Suites

According to The Standish Group, 45 percent of software functionality is never used. Given the various tasks that get lumped into security suites, that number is probably higher, so make sure you are clear on what you need and what you will use. Some tasks, such as incident response and forensic analysis, require a wealth of data from different sources to provide the context you need. Others, such as blocking malware or limiting network access, are more prescriptive and need not bury the administrator in data.

Suites can play a critical role in bringing consistency to the multiple tasks of securing an organization, but it’s important to evaluate organizational needs and staff capabilities. Investigate opportunities to integrate your existing solutions into whatever new platform you are evaluating and avoid purchases that incorporate — and charge for — substantial functionality that you hope to integrate in the future.

2. Increase Clarity and Reduce Complexity With Automation

Whether in your own efforts or when reviewing your vendor’s products and infrastructure, look for modern techniques that use the power of computing to reduce the complexity of the information required to make decisions. This has been done in the endpoint space with machine learning, turning literally millions of signatures into effective predictive models. In all areas of security operations, through both security information and event management (SIEM) platforms and advanced cognitive analytics, automation raises the level of accessible intelligence, accelerating and clarifying incident investigation and root cause analysis.

3. Intercept Attacks as Quickly as Possible

The age-old axiom goes like this: Because security is never 100 percent, you always need to invest in detection and response. This is true, but it ignores the fact that the less you focus on prevention, the more events will require urgent and complicated actions to respond.

Prevention takes multiple forms, such as patching vulnerabilities before they are exploited and blocking attacks before malicious software can gain a foothold on systems. The best way to reduce the cost and scope of incident response is to eliminate vulnerable portions of the exposed threat surface. Still, many organizations struggle to keep their systems up to date due to inefficient and burdensome processes. According to a SANS Institute survey, only 12 percent of organizations have automated patching processes, and just 10 percent are able to remediate critical vulnerabilities in under 24 hours.

Simplifying the task of managing security — in terms of both prevention and detection — means eliminating as many attacks as possible as early as possible. Effective malicious software uses multiple entry vectors, spreads laterally through advanced techniques, and can devastate a system in seconds and a network in minutes. Detection and response are obviously necessary, but few organizations have the time or expertise to dig through the complex inner workings of a successful and pervasive breach, and most will simply wipe and reload the systems that have been corrupted. Detection and response are substantially simplified by reducing the number of successful attacks in the first place.

Reducing Complexity as Endpoint Security Evolves

Over the past 25 years, the threats, solutions and baseline qualifications for a security leader have become more complex and exclusive. Organizationally, the security leader is increasingly required to bridge multiple functions: prioritizing security within diverse business contexts, directing IT operational behavior and tasking in response to security events, and integrating increased protections without disrupting existing business process. The variety of threat actors and vectors, combined with the growing list of compliance controls and standards, have further complicated the role. Fortunately, there are technologies and services available to make the burden more bearable, including security appliances, managed services, intelligence feeds, and automated assessment and prevention technologies.

Given the shortage of security experts and the surplus of threats, organizations must simplify security tasking wherever they can. They can do so by reducing the number of successful incidents and expanding the pool of available security knowledge. Delivering stronger preventative security is the only way to scale back the ballooning complexity of response in the face of a rapidly expanding cybercrime landscape.

 |  |  |  |  | 
Jack Danahy
CTO and Founder, Barkly

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature