Defense in Depth: Why Network Technology Providers Are Bolstering Their Portfolios with Endpoint Solutions
Herjavec Group Contributor
Evgeniy Kharam, Director Network Security Architecture
The network perimeter dominated enterprise security over the last fifteen years. Despite this focus, there were still multiple AV-type and personal-type endpoint solutions; though most organizations used only Anti-Virus solutions.
Try as we might to ignore it, the world has fundamentally changed. More laptops. More mobile devices. More companies moving to the cloud. It’s a new day for business and in turn, a new day for security. The bad guys have become much more sophisticated, developing plenty of new attacks that can be used to get inside your network. Hackers realized long ago that there is no point hacking the firewall if you can just hop right to the endpoint behind it.
I still remember a time when I would attend regular firewall training sessions. One day stands out to me in particular: the instructor was bragging about this one firewall that had such sophisticated segmentation of duties that no one had ever compromised it. When I asked if the same was true about the companies that this firewall was protecting…he changed the topic.
The world of MORE has provided the opportunity for new endpoint specialties in sandboxing, behavior-based analytics, machine learning, monitoring of registry, file system, process space, network connections, indicators of attack, threat intelligence, and whitelisting. The way we evaluate the overall market is also changing. Gartner opened a new category in 2013 and called it ETDR, which in 2015 changed to EDR: “Endpoint Detection Response”. IDC Worldwide similarly introduced Specialized Threat Analysis and Protection (STAP) as a new security segment, focused on detecting malware-based attacks aimed at cyberespionage and data exfiltration. They’ve estimated the market for STAP technologies will grow from $200M in 2012 to $1.7B by 2017.
The big network security players identified early that in order to stay in the game, they needed presence in the next generation endpoint security market. People have different opinions on whether network vendors should play in the endpoint market or if the endpoint vendors should play in the network market. After all, different teams tend to manage the products and they have varying perspectives on where the problems are. The reality is that when things go wrong and the customer calls for an Incident Response (IR) team to investigate, a good IR team will evaluate the endpoint information, the forensic data, the firewalls, the SIEM and all other devices to understand how the bad guys got into the network, how they moved inside it, and how the data was exfiltrated. The customer assumes they have visibility to it all – and ideally they should.
If we take a step back, and consider things from an architectural perspective, the integration between endpoint and network is a very important milestone. It represents unified dashboards, improved control, visibility across platforms, the ability to benefit from cloud threat data, URL, IP & file reputations, user behavior analytics and the untapped potential of big data.
The milestone is even more momentous with the shift to cloud. We are seeing technology vendors embrace a hybrid management platform through their own development, or via acquisition, to have a better grasp of all the devices on and off the network. Integration examples of network security partners who have added endpoint to their vast portfolios include:
As security professionals, we all appreciate that when it comes to cybersecurity, there is no state of perfection. No matter how strong your network security posture, evolution and proactive improvement are imperative to thwart rising threats. Technology vendors take the same approach to their portfolios. The examples above are a short list of the network security providers that have integrated endpoint into their offerings with the objective of offering more visibility & scope as part of their robust solutions.
If you’d like support in deciphering the complex endpoint security market, please reach out to a Herjavec Group Security Specialist to arrange an Endpoint Toolkit Session for your board or security team.
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia). For more information, visit www.herjavecgroup.com.