Fundamental Differences Between Securing Workloads and Endpoints

@RANT ON

OK, full disclosure - this is one of my pet peeves, so let me get this out of the way right out the gate: in my humble opinion, a server workload is not an endpoint. Sure, they’re all hosts, but what I think of as an endpoint is different in so many ways from a workload, including computing characteristics, their respective role in the cyber security kill chain, not to mention buying centers. Defining an endpoint as broadly as "anything with an IP address" fails to acknowledge these differences. As such, as an industry, we should be mindful to make note of these distinctions when referring to what types of hosts are being secured.

Topics: Cybersecurity endpoint

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Information Security endpoint endpoint security IT buyers IT Spending Intentions skills shortage IT purchasing IT skills security spending

Yet Another Proof Point for Network and Endpoint Security Integration

As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.

Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”

Topics: Information Security End-User Computing IT Infrastructure network Networking Information and Risk Management endpoint Security and Privacy

Why Doesn't IT Back Up BYOD?!

ESG recently started offering TechTruths... single nuggets of data and the analyst perspectives of why they matter. Check out all of them via the link above, but here is my favorite so far on BYOD data protection:

Topics: Backup Data Protection JBuff Information and Risk Management endpoint BYOD

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Topics: IBM Big Data Cisco Information and Risk Management FireEye Dell endpoint Security and Privacy Security SIEM Narus Mandiant Cybereason LogRhythm 21CT Leidos ISC8 Blue Coat RSA Security Lancope netSkope SDN click security Bit9 cybercrime Carbon Black

Endpoint Themes

Here are some trends to keep an eye on (in no particular order):

Topics: Information Security Information and Risk Management endpoint Security and Privacy Security endpoint security

Businesses Report Significant Use of Desktop Virtualization Technology

Desktop virtualization is an alternative PC delivery model in which applications, operating systems, user data, profiles, and/or entire end-user environments are encapsulated and delivered to or executed on a remote endpoint device. The various desktop virtualization delivery models allow for centralized management, hosting, and/or execution, as well as syncing capabilities that enable local execution on an endpoint device.

Topics: Cloud Computing End-User Computing Endpoint & Application Virtualization endpoint mobile mobile device desktop virtualization migration

Mobile Device Security Reality

You've heard the same things I have: "You can't control mobile device proliferation." "Most large organizations are being forced to create BYOD programs." "You need to let new employees work with their own devices and use social networking sites if you want to recruit them."

Topics: Information and Risk Management endpoint Security and Privacy BYOD mobile device consumerization of IT