Just a few months ago a senior executive at one of the world’s largest security companies let slip in an interview that “anti-virus is dead”. This was a rather embarrassing admission from a company that makes the bulk of its revenue from legacy anti-virus technology! Nevertheless, the point is actually valid: today’s cyber threats have outstripped the capabilities of old-school signature-based anti-virus.
So what does this mean for how we secure endpoint devices, which, after all, are the access point through which users access the critical data and applications that the security industry is tasked with protecting? In the third of my predictions for the future of cloud security, I explain how a new approach to endpoint security has a central part to play in how we protect networks, data and assets in 2015.
Endpoint and Network Security Will Become Intricately Linked
The security industry has traditionally approached endpoint security and network security as completely different product lines that are sold to different buying centers within the enterprise. But in today’s world of sophisticated and rapidly evolving threats, we will quickly see these two critical parts of the security landscape develop deeper levels of awareness, connectivity and adaptability. The network layer will need to become aware of, and responsive to, what is happening on endpoint devices both on-network and off-network, and vice-versa.
For example, if a group of laptops in a branch office are suddenly found to be sending high volumes of traffic to a low-reputation IP address in China, the network will need to immediately adapt – perhaps shutting down access to that IP, or sandboxing traffic from that part of the network for further inspection. Similarly, if a corporate cloud-based application is experiencing anomalous traffic or unusual login attempts, then sensitive endpoint devices might be automatically placed under a more stringent security policy, or perhaps have their traffic directed through an alternate route.
My point is that these technologies can no longer afford to exist in isolation. A cloud-based security layer is the best way to provide this “connective tissue”, enabling commonality of policy, and correlation of activity and response across the entirety of the stack.
Next generation endpoint solutions will entail a variety of techniques, from anomaly detection, sandboxing, heuristics and the like to detect and prevent unknown attacks. However, the most powerful solutions will be those that have visibility across both the endpoint and the network, correlating events, behavior and traffic to enable a holistic focus on true prevention.