The endpoint has quickly become valuable real estate for security tools and controls, as traditional network perimeters have given way to cloud-based models in support of the digital workforce. By 2020, global IT security spend is expected to reach $128 billion with 24 percent of it allocated to endpoint security tools. In fact, organizations today use an average of 80 security vendors’ products.
Yet, over 70 percent of breaches still originate on the endpoint. According to a recent Absolute study of six million enterprise devices representing 12,000 organizations across North America and Europe, much of endpoint security spend is voided because tools and agents fail, reliably and predictably.
The inevitable decay of security controls
It is widely agreed that the universe naturally gravitates toward chaos. These same principles that govern space apply to security environments as well. Endpoint devices are not immune. They, too, are subject to entropy, which means they will go from order to disorder. The security posture of a device will regularly drift or decay.
When I refer to a control or tool or agent failing reliably and predictably, this security decay is not the design of malevolent threat actors or evidence of negligent users. It’s a natural and ordinary outcome from increasing the number of tools fighting for underlying resources (hardware and software) — and every additional security tool only increases the probability of failure and decay.
Complexity causes endpoint fragility and risk
In reality, the organizations we typically tout for being ‘sophisticated’ are actually the ones with the most severe endpoint entropy. Why? Because what we reallymean when we say ‘sophisticated’ is ‘they own a lot of security tools’.
We have to change our definition of ‘sophisticated’ to account for true up-leveling; reserving such honors for those who halt endpoint security decay. To do so, we need to recognize that complexity of the landscape is an exposure, it makes it increasingly difficult for IT and security teams to have visibility, and comes with the constant demand to uphold security controls.
For organizations with a boatload of controls, apps, and agents, it’s not necessarily that a control, app, or agent isn’t chinning the bar of their potential, but something more tragic: each tool adds an incremental risk, because the expected security benefits are nullified by a negative externality: agent collision.
When agents compete for device resources, some are starved while others feast. When starved, the agent fails. This means security tools are actually increasing the frequency of collision, and the effect of collision is a breakdown in the security posture. Increased security spending does not increase safety.
Understanding and Achieving Endpoint Resilience
To recap, evolving security threats have caused enterprises to layer on more and more endpoint controls, increasing complexity, impacting performance, and the collision of these controls is leaving the endpoint exposed.
We need to understand the dangers of equating IT security spending with security and risk maturity. From here, we need to stop spending another dime on new tools and, instead, accurately reassess the effectiveness of existing security investments – especially when cybercrime threatens to cost the world $6 billion annually in damages by 2021.
To secure the endpoint, the security tools already in place must be made resilient. Resilience is a property of the agent or tool itself, which is demonstrated by an ability to persist in spite of collision or friction. I am resilient when I recover from an infection or automobile accident. I have demonstrated the capability to persist in the face of entropy-accelerating events.
Tools and agents experience the same thing. But the resilient ones bounce back, they heal, they recover, and sometimes, they’re even resurrected from the dead. This only comes when we have the courage to go deeper into the endpoint system, analyze the friction points within agent resources, and mitigate the risk of collision. With that unimpeded view of the device underworld, anyone can recreate the landscape and prevent the entropic-events that lead to security decay.
Josh Mayfield, director of security strategy at Absolute