This month marks a new chapter for me. After 52 years in information security, over 15 of them in academia, I have retired from my university to spend more time here, writing and doing research. One of the special – for me, anyway – outcomes of this change is that I will be doing all of the reviews personally instead of getting help from a reviews team. I look forward to getting my hands dirty and bringing the results to you.
This month, for example, we are looking at endpoint security products. This is an interesting group because what endpoint security really means has changed over the years. Some of the products we looked at were heavy in anti-malware while others were a little more traditional, addressing the classical endpoint functionality. This spells a sea change in how we secure our networks. As we have said many times in these pages, the perimeter is fading fast and, in some organizations, is gone altogether.
The abandonment of the perimeter makes it necessary to forge a new approach to securing the enterprise. That approach, more and more frequently, depends on securing the endpoint. That, actually, is a lot easier to say than to do. On one hand, moving an organization's data to the cloud makes securing it more difficult. On the other hand, using the cloud to mediate endpoint actions makes sense. If a device – not necessarily a computer – needs to access data or a cloud platform, the secure cloud becomes part of the endpoint. That was obvious as we went through this month's products.
The cloud is especially useful when a big part of securing the endpoint is anti-malware functionality. Maintaining updates in the cloud and pushing them to devices or passing all communications through the cloud makes a lot of sense – especially given that it's a lot easier for the vendor to keep one server up to date than it is to keep hundreds of thousands of customers current. As well, the cloud can host powerful computers that can perform deep analysis of suspected malware, and the availability of samples for all of the users of a particular anti-malware service also aids that analysis.
As mentioned above, one thing that we noticed this year that we have not in prior years is the emergence of two distinctly different approaches to endpoint security. One – being touted as “next-generation” endpoint protection – is largely focused on malware and uses the cloud heavily. The other is more traditional and covers a lot more territory in endpoint security, such as DLP, local firewall, peripheral control and, of course, malware. We saw both this month and we will designate one Recommended product in each category. However, our prediction is that within two years or less we will begin to see a convergence between these two types as the cloud becomes more and more entrenched.
Also, there was one surprise in a third approach. The product demonstrating that approach – a forensic approach to protecting endpoints – has a lot of experience on the forensic side and it is interesting to see this company apply that knowledge and experience to endpoint protection.
Finally, I'd like to announce that, as part of my retirement from academia, I am bringing my Threat Hunter blog out of mothballs. You can visit it here. We'll take a look at the ugly underbelly of the internet as well as provide some tips for protecting the enterprise against cyber threats. As part of that I'll have periodic lists of what types of threats are prevalent at the time of writing.