The state of endpoint health in 2019

The endpoint has quickly
become valuable real estate for security tools and controls, as traditional
network perimeters have given way to cloud-based models in support of the
digital workforce. By 2020, global IT security spend is expected to reach $128 billion with 24 percent of it allocated to endpoint security tools. In
fact, organizations today use
an average of 80 security vendors’ products.

Yet, over 70 percent of
breaches still originate on the endpoint. According to a recent Absolute study of six million enterprise devices representing 12,000 organizations across North America and Europe, much of
endpoint security spend is voided because tools and agents fail, reliably and
predictably.

The inevitable
decay of security controls

It is widely agreed that
the universe naturally gravitates toward chaos. These same principles that
govern space apply to security environments as well. Endpoint devices are not
immune. They, too, are subject to entropy, which means they will go from order
to disorder. The security posture of a device will regularly drift or decay.

When I refer to a control
or tool or agent failing reliably and predictably, this security decay is not
the design of malevolent threat actors or evidence of negligent users. It’s a
natural and ordinary outcome from increasing the number of tools fighting for
underlying resources (hardware and software) — and every additional security
tool only increases the probability of failure and decay.

Complexity causes endpoint
fragility and risk

In reality, the
organizations we typically tout for being ‘sophisticated’ are actually the ones
with the most severe endpoint entropy. Why? Because what we reallymean
when we say ‘sophisticated’ is ‘they own a lot of security tools’.

We have to change our
definition of ‘sophisticated’ to account for true up-leveling; reserving such
honors for those who halt endpoint security decay. To do so, we need to
recognize that complexity of the landscape is an exposure, it makes it
increasingly difficult for IT and security teams to have visibility, and comes
with the constant demand to uphold security controls.

For organizations with a
boatload of controls, apps, and agents, it’s not necessarily that a control,
app, or agent isn’t chinning the bar of their potential, but something more
tragic: each tool adds an incremental risk, because the expected security
benefits are nullified by a negative externality: agent collision. 

When agents compete for
device resources, some are starved while others feast. When starved, the agent
fails. This means security tools are actually increasing the frequency of
collision, and the effect of collision is a breakdown in the security posture.
Increased security spending does not increase safety.

Understanding and
Achieving Endpoint Resilience

To recap, evolving security threats have caused enterprises to layer on more
and more endpoint controls, increasing complexity, impacting performance, and
the collision of these controls is leaving the endpoint exposed.

We need to understand the
dangers of equating IT security spending with security and risk maturity. From
here, we need to stop spending another dime on new tools and, instead,
accurately reassess the effectiveness of existing security investments –
especially when cybercrime threatens to
cost the world $6 billion annually in
damages by 2021.

To secure the endpoint, the
security tools already in place must be made resilient. Resilience is a
property of the agent or tool itself, which is demonstrated by an ability to
persist in spite of collision or friction. I am resilient when I recover from
an infection or automobile accident. I have demonstrated the capability
to persist in the face of entropy-accelerating events.

Tools and agents experience the same thing. But the resilient ones bounce back, they heal, they recover, and sometimes, they’re even resurrected from the dead. This only comes when we have the courage to go deeper into the endpoint system, analyze the friction points within agent resources, and mitigate the risk of collision. With that unimpeded view of the device underworld, anyone can recreate the landscape and prevent the entropic-events that lead to security decay.

Josh Mayfield, director of security strategy at Absolute

Comments are closed.