This blog was written by Joakim Lialias.
Pop quiz: What’s the right balance between user flexibility and endpoint security?
It’s a trick question—there is no right answer. Or rather, there are as many answers as there are organizations. The “right” balance is a function of an organization’s culture, its approach to security, its level of in-house security expertise, and many other factors. No two businesses are the same.
A more useful approach is to look at security and flexibility as a continuum. On one end (call it “Total Control”), you can envision an organization that prioritizes endpoint protection above all else. Endpoints are locked down tight by default, with users restricted to doing only what is expressly allowed by organizational policy. On the other end (call it “Total Flexibility”), you have the opposite: employees have the freedom to do what they need to get their jobs done—install applications, open email attachments, visit external websites. Endpoints will be exposed to more threats, but the organization hopes its defenses will detect them before they can do too much damage.
Most organizations fall somewhere in the middle. But CISOs still find themselves weighing tough tradeoffs, especially when it comes to handling unknown files coming into the environment. Here again, there’s no “right” answer. But your endpoint security needs to be aligned with where you fall on that continuum. And in weighing the tradeoffs, make sure you’re not giving up the farm.
Calculating “Costs” of Different Approaches
What exactly do organizations sacrifice when making these tradeoffs? Let’s start with an organization on the right-hand side of the continuum—say a business in consulting, advertising, or manufacturing. Your employees constantly collaborate with outside vendors and customers. Customer service and responsiveness are top priorities, so you can’t block every single unknown executable or hold up every email attachment for minutes at a time until it’s fully vetted. You’re confident your defenses will catch most of the bad stuff before it causes serious damage. But the sacrifice you’re making here is the first endpoint to get hit with a new threat—the “patient zero” infection. Cleaning up those patient zeros carries a cost that adds up quickly, as well as costs to users, whose endpoints are out of commission.
On the flip side, consider a financial or healthcare organization, or a government agency closer to the left-hand side. Your approach to unknown files is “block first, ask questions later.” Nothing executes on endpoints that hasn’t been expressly approved by IT. But there’s a cost here, too. By denying everything by default, you’ve sacrificed visibility. Your endpoint defenses effectively become a “black box.” You have no way to understand what’s attacking you, what vulnerabilities the malware is seeking to exploit, or how to beef up your defenses against that type of threat.
In both of these scenarios, the sacrifice is too great. No matter where you fall on the continuum, you ought to be able to secure patient zero while still learning from every interaction with potential threats. You should be able to implement endpoint security that’s informed by what’s happening outside your organization, and continually refined by what’s taking place within.
A Better Approach
To achieve a better balance, stop thinking about endpoint security as layers of protection that are either on or off. Rather, endpoint security should function more like a soundboard in a music studio. For some songs, you want to crank up the bass. For others, you want to emphasize the high end. There’s no need to choose between bass or treble—you can adjust different knobs to get the right mix for each song.
Your endpoint security should work the same way. You should have multiple layers of endpoint defenses at your disposal, with the ability to turn inspection and blocking at various layers up or down to best suit your organizational priorities.
When you start to think about endpoint security in this way, you can start using all the tools at your disposal in a smarter way. Because you can control how much you see, you know how much control you need to have. And wherever you fall on the continuum, you can decide what to allow or restrict on a more granular basis, while empowering your employees to be as productive as possible.
To find out how you can tune different layers of McAfee endpoint solutions to find the right balance for your organization, join us for a webinar “Busting the Malware Silver Bullet Myth.”