24 October 2015

Past Wednesday I listened to an interesting story on Information Week Dark Reading Radio. The half-hour show titled Endpoint Security Transformed is worth listening to. In her excellent post on the same subject Kelly Jackson Higgins, the host of the show, gives a great introduction to this emerging technology and market.

Endpoint protection has been poorly treated for many years. Focus was laid on detection. But the major attacks in the past years show that once the attacker got access to network this is not enough because insider threats are hardly to detect.

This quotation from Paul Calatayud, CISO of Surescripts, sums it up:

Endpoints are getting compromised, and their credentials get stolen. Then they become an insider threat.

Another statement from the show is very remarkable:

Most of the attacks exploit vulnerabilities which were already known, sometimes for more than a year.

This statement makes clear that we need entirely new provisioning and patching concepts, or sophisticated white listing methods to lock down the end-user systems. To apply e.g. just all Flash Player patches to thousands of computers is a nightmare and, extremely expensive.

Enjoy the show… and have a good weekend.