The endpoint, allows clear focus on how the data behaves when it is on, or passing through, the endpoint.
Endpoint security has, arguably, been trying to sort out its niche for years. That, really, is no surprise since the nature of the endpoint has been a moving target. It now seems likely, though, that the folks who focus their efforts on endpoints have it right: It's the data, not the endpoint itself. The endpoint is just a component of the enterprise that is the ingress and egress point for much of the data that enters and exits the network. While it may not always be the last thing the data sees as it leaves the network or the first thing it sees as it enters, it certainly is the focus of the important data-centric activity. So it makes sense that focusing on the data as it passes through, into or out of the endpoint, should be a key aspect of network security. If the endpoint itself is data-centric, it also makes sense that the protection applied to it should also be data-centric. And that pretty well sums up the more than a dozen products that we looked at this month.
If we are going to focus on the data, we need to understand it. That means being able to define what it is, where it came from and where it's going. Add some rules that define where it should go and some configuration bits, and we start to see a new product type that has risen from what we always have thought of as "endpoint security." In the vernacular of the day, let's break that down. First, it always was about the data. We just approached it differently. We treated the endpoint as if it was a standalone device and, basically, asked, "How should we protect the data on this?" That was fine as long as we were pretty sure what that endpoint looked like, what kinds of data it might contain, who might be using it, and where the data was likely to go.
If we had a desktop computer, we might be concerned about controlling what data could be burned to a CD or taken away on a USB drive. We cared a lot about malware, so we wanted to make sure that there was a current version of malware protection on the device. Some of those traditional tasks still are important for endpoint security tools, but now some are being handled more efficiently by other tools.
For example, checking to make sure that the anti-malware protection is current can be done more efficiently by a NAC device. That lets us unload that task from the endpoint. And, remember that today's endpoint devices are a lot different from yesterday's.
But, let's go back to the notion of the endpoint being data-centric. If we look closely at the data and control it, we probably are doing exactly what we should be doing at the endpoint. And, today that posits: Where is the data going? Once data is sitting on the endpoint, there are just two things that can happen to it that we want to protect against: theft of the device and exfiltration of the data. Theft of the device can be covered by encryption at the hard disk level (or the non-volatile memory equivalent for most mobile devices). Exfiltration takes a bit more effort. Data can exit because someone with access - legitimate (or not) - wants it to. They want to ship it to storage in the cloud, for example. Once in the cloud, the organization has lost control of the information asset. That means that the endpoint security needs to understand the data that it is protecting, and most of our products this month refer to that process as being "content aware."
While we have not lost the network-centric functions - such as NAC, policy management, anti-malware gateways or data leakage protection - targeting the last bastion of protection, the endpoint, allows clear focus on how the data behaves when it is on, or passing through, the endpoint. Consequently, if all of the network protections quietly curl up their toes and lose track of the activities they are supposed to be tracking, the endpoint can take over. It also means that while I am sitting in an airport lounge using my iPad, not connected to my network, I really don't need to worry about my data. And, as a CISO, I can worry a bit less about a rogue employee quietly shipping company secrets to DropBox just before he quits and goes to work for the competition.