By Tom Schmidt
As today's IT professionals know all too well, managing the dynamics of their endpoint infrastructure is a challenging task. Organizations now face a threat landscape that involves stealthy, targeted and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation.
Traditionally, administrators have made sure that each endpoint has antivirus, antispyware, desktop firewall, intrusion prevention and device control technologies installed on it. But deploying these security products individually on each endpoint is not only time-consuming, it also increases IT complexity and costs. Organizations then need to provide management, training and support for a variety of different endpoint security solutions.
Business problems at the endpoint
The IT department at a typical enterprise these days finds itself fighting some pretty fierce fires:
- Endpoint management costs are increasing The cost of downtime impacts both productivity and revenue. According to a recent study by Infonetics Research, network downtime caused by security attacks is costing large enterprises upwards of $30 million a year. In addition, the costs to acquire, manage, and administer point products are increasing, as is demand on system resources.
- Complexity is increasing, as well The manpower required to manage disparate endpoint protection technologies is inefficient and time-consuming. Also, differing technologies can often work against one another or impede system performance due to high resource consumption.
- Growing number of new known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain. One gauge of the growing sophistication of attacks is the appearance of blended threats, which integrate multiple attack methods such as worms, Trojan horses and zero-day threats.
An integrated approach
Antivirus, antispyware, and other signature-based protection measures, which are primarily reactive, may have been sufficient to protect an organization's vital resources a few years ago, but not today. Organizations now need proactive endpoint security measures that can protect against zero-day attacks and unknown threats. They need to take a structured approach to endpoint security, implementing a solution that not only protects them from threats on all levels, but also provides interoperability, seamless implementation and centralized management.
The best approach to endpoint protection provides advanced threat prevention that protects endpoints from targeted attacks, as well as never-before-seen attacks. It includes proactive technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as administrative control features that allow administrators to deny specific device and application activities deemed as high risk for the organization. They can even block specific actions based on the location of the user. In the case of an infected endpoint, security products repair the damage by disinfecting or quarantining the system. The remediation process is then completed by deploying the necessary patch.
This approach calls for consolidating endpoint protection technologies in a single, integrated agent that can be administered from a central management console. The goal is to increase endpoint protection while eliminating the administrative overhead and costs associated with multiple security products.
Conclusion
To combat the sophisticated, targeted attacks that plague today's threat landscape, organizations can no longer rely solely on traditional antivirus and antispyware solutions. Effective endpoint security requires them to implement additional layers of security that can proactively protect against zero-day threats. Organizations need to take a holistic approach to endpoint security that effectively protects them from threats at all levels.
Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.