This blog was written by Joakim Lialias.
It starts out innocently enough: there’s a dangerous emerging threat to endpoints that can sneak past current defenses. A new startup has just the solution to stop it. Sure, you’re not thrilled about adding another agent and interface to your already overtaxed security team’s portfolio, but it’s just this one small addition, and it really does provide important protection.
Fast forward to a year later, and there’s another new threat. Now, you’re looking at another new endpoint product, with yet another new agent and interface. Six months later, it happens again. And again. All of a sudden, your security teams are managing a dozen different agents across your environment. They’re struggling just to keep their heads above water. And because there’s so much complexity, it now takes even longer to detect and respond to threats.
You’ve just been hit by the “endpoint security snowball effect.” And you’re not alone.
According to a recent Forrester survey commissioned by McAfee, the average organization is now monitoring 10 different endpoint security agents. When they need to investigate and remediate a new threat—those times when literally every second matters—they’re swiveling between an average of five different interfaces.
How did we get here? A number of industry and organizational trends converged to create the current predicament, including:
- Silver bullet startups: The last several years have witnessed an explosion of new endpoint security products hitting the market. Many are very innovative. The problem is that none of them have command over the full security architecture. They’re designed to solve niche problems, making them hard to integrate into an overarching, automated security framework.
- Conglomerate growth through acquisition: There are a few comprehensive security players in the market—but most have grown through acquisition, not by innovating their own products. Their endpoint tools may all have the same logo, but the products themselves remain distinct in their development and the engineering resources they require.
- Diverse buying centers within organizations: Many organizations have experienced their own rapid growth, both geographically and through acquisitions. The result is that there may be several different buying centers in an organization for endpoint security, with different people making purchasing decisions to meet specific needs
It hasn’t helped that, for years, the accepted best practice for endpoint security was to layer multiple “best-of-breed” solutions. As many organizations are now seeing firsthand, that approach quickly snowballs—and eventually becomes an avalanche—creating more complexity than any security team can keep up with.
These days, more organizations—over 50 percent according to the Forrester survey—are turning back to single-vendor solutions. They’re prioritizing endpoint solutions that can do more things, more efficiently, with better accuracy and less complexity.
Envisioning a Better Solution
Fortunately, this is not the first time that CISO’s have seen this problem. A decade ago, organizations were similarly buried in disparate tools and processes for the basic IT architecture.
In response, the industry moved toward the concept of the “service-oriented architecture” (SOA), sometimes called the enterprise service bus. The idea was to create a single, common framework that everything could plug into, where disparate solutions could communicate, and IT could move away from constant manual integration.
So the model already exists. Now, we need to apply it to endpoint security. What should that look like?
First, individual endpoint security operations can no longer be built around siloed point products. Each layer of endpoint security should be modular, like a blade snapping into a server chassis. Components should be able to exchange data in real time, so that, for example, when a new threat is detected by one piece of the system, the rest of the defense fabric is instantly aware of it and can automatically inoculate the rest of the environment. Everything should be visible from a single interface, so that the friction between different agents and processes disappears. And the security framework should be highly adaptable, so you can continually add new capabilities without requiring a top-to-bottom rip and replace.
It’s a different approach than most solutions out there today. But the sooner organizations start demanding it from their security vendors as a baseline business requirement, the sooner we’ll see snowballing endpoint complexity melt away.
Find Out More
McAfee is making this vision a reality right now. Our Dynamic Endpoint solution was designed from the ground up to break down barriers between siloed solutions, linking endpoint capabilities across the threat defense lifecycle into a single security fabric. We’re making endpoint defenses more adaptive and automated. And we’re helping security teams in every industry operate more efficiently—and stamp out security snowballs before they start.