Simplicity Is the Key to Progress in Endpoint Security

February 23, 2018
| |
4 min read

There has been a critical skills shortage in cybersecurity for years. In fact, Cisco estimated that there are currently 1 million unfilled cybersecurity positions around the world. Given the rapid expansion of networks, the growing threat surface, continuous attacker innovation and the recent publicity around major campaigns such as NotPetya and WannaCry, organizations of all sizes have recognized the need for more endpoint security, which is creating even more demand for limited resources.

Filling the Gaps With Endpoint Security

IBM Security General Manager Marc van Zadelhoff noted that “the volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime,” suggesting a need for new technology to lighten the load for overwhelmed and understaffed security teams. In addition, organizations must provide more training and education programs to fill the skills gap with an eye toward developing suitably experienced members of this new wave to lead and transform security strategies in five to 10 years.

Between now and then, organizations should reduce complexity in endpoint security management wherever possible. Not every security task requires an expert, and simplification of the most commonplace items is not just possible but urgent. Strategy development, incident response, forensic analysis and enabling security technologies such as encryption, multifactor authentication and secure networking certainly demand substantial expertise. However, day-to-day security management, such as resetting passwords and patching systems, does not require that same level of security knowledge and experience, instead calling for a more traditional understanding of IT operations and infrastructure.

Ponemon Institute’s “The 2017 State of Endpoint Security Risk Report” revealed that 54 percent of companies experienced a data breach in the past year. It’s remarkable that the majority of organizations suffered successful attacks during a time when cybersecurity spending increased at twice the rate of IT investment overall, according to IDC. Worse, the losses appear to be growing even more quickly. The number of lost, stolen or compromised records surged 164 percent between 2016 and 2017, according to Gemalto.

Three Steps to Improve Simplicity in Security

While many new entrants and offerings aim to close this gap, most ignore the negative effects of complexity. As threat vectors proliferate and grow into multistage campaigns, IT managers and security teams struggle to keep up with the unique functional and management requirements of the tools they evaluate and deploy, making security budgets a fertile breeding ground for shelfware. To secure these organizations, new protections must be delivered with simplicity.

With all this in mind, let’s take a look at three key steps companies can take to simplify their security strategies and address the growing skills shortage.

1. Evaluate What You Need From Multipurpose Security Suites

According to The Standish Group, 45 percent of software functionality is never used. Given the various tasks that get lumped into security suites, that number is probably higher, so make sure you are clear on what you need and what you will use. Some tasks, such as incident response and forensic analysis, require a wealth of data from different sources to provide the context you need. Others, such as blocking malware or limiting network access, are more prescriptive and need not bury the administrator in data.

Suites can play a critical role in bringing consistency to the multiple tasks of securing an organization, but it’s important to evaluate organizational needs and staff capabilities. Investigate opportunities to integrate your existing solutions into whatever new platform you are evaluating and avoid purchases that incorporate — and charge for — substantial functionality that you hope to integrate in the future.

2. Increase Clarity and Reduce Complexity With Automation

Whether in your own efforts or when reviewing your vendor’s products and infrastructure, look for modern techniques that use the power of computing to reduce the complexity of the information required to make decisions. This has been done in the endpoint space with machine learning, turning literally millions of signatures into effective predictive models. In all areas of security operations, through both security information and event management (SIEM) platforms and advanced cognitive analytics, automation raises the level of accessible intelligence, accelerating and clarifying incident investigation and root cause analysis.

3. Intercept Attacks as Quickly as Possible

The age-old axiom goes like this: Because security is never 100 percent, you always need to invest in detection and response. This is true, but it ignores the fact that the less you focus on prevention, the more events will require urgent and complicated actions to respond.

Prevention takes multiple forms, such as patching vulnerabilities before they are exploited and blocking attacks before malicious software can gain a foothold on systems. The best way to reduce the cost and scope of incident response is to eliminate vulnerable portions of the exposed threat surface. Still, many organizations struggle to keep their systems up to date due to inefficient and burdensome processes. According to a SANS Institute survey, only 12 percent of organizations have automated patching processes, and just 10 percent are able to remediate critical vulnerabilities in under 24 hours.

Simplifying the task of managing security — in terms of both prevention and detection — means eliminating as many attacks as possible as early as possible. Effective malicious software uses multiple entry vectors, spreads laterally through advanced techniques, and can devastate a system in seconds and a network in minutes. Detection and response are obviously necessary, but few organizations have the time or expertise to dig through the complex inner workings of a successful and pervasive breach, and most will simply wipe and reload the systems that have been corrupted. Detection and response are substantially simplified by reducing the number of successful attacks in the first place.

Reducing Complexity as Endpoint Security Evolves

Over the past 25 years, the threats, solutions and baseline qualifications for a security leader have become more complex and exclusive. Organizationally, the security leader is increasingly required to bridge multiple functions: prioritizing security within diverse business contexts, directing IT operational behavior and tasking in response to security events, and integrating increased protections without disrupting existing business process. The variety of threat actors and vectors, combined with the growing list of compliance controls and standards, have further complicated the role. Fortunately, there are technologies and services available to make the burden more bearable, including security appliances, managed services, intelligence feeds, and automated assessment and prevention technologies.

Given the shortage of security experts and the surplus of threats, organizations must simplify security tasking wherever they can. They can do so by reducing the number of successful incidents and expanding the pool of available security knowledge. Delivering stronger preventative security is the only way to scale back the ballooning complexity of response in the face of a rapidly expanding cybercrime landscape.

Jack Danahy
CTO and Founder, Barkly

Jack Danahy is the co-founder and CTO of Barkly, the Endpoint Protection Platform that delivers the strongest protection with the fewest false positives and ...
read more