Managing security on endpoint systems, even in mature organizations, is especially difficult, in part because the shape of the attack surface is different on every individual endpoint. Users often have the ability to change at least some of their endpoints’ security settings, as well as install software programs and browser plug-ins. The only safe conclusion that a security manager can arrive at is that many endpoints in their organizations are easily exploitable.
— excerpt from an upcoming book on stopping zero-day exploits
I’m preparing a webinar on endpoint security and was thinking about the problem while on a flight to Chicago. Consider it this way: in an organization with 10,000 employees, you’ve got your servers in the data center managed by IT. But you’ve got 10,000 more machines with the same – or more – complication than those servers. These machines also have access to sensitive data and often store it themselves.
But there’s more. Those 10,000 machines are managed by non-technical people who have the same system-level privileges as trained and certified system engineers. And not only that, but those 10,000 machines are not in your data center but out of your physical control, often operating in external environments away from really important network security controls such as firewalls, data leakage prevention, command & control detection, and intrusion prevention systems. These are our endpoint systems. Is it any wonder we are living in the era of colossal security breaches?
This is insanity, but there is a way out.