Endpoint security myths and why they persist
by Mirko Zorz - Editor in Chief - Monday, 14 July 2014.
In this interview, Roman Foeckl, CEO of CoSoSys, illustrates the most prominent endpoint security myths and explains why they persist. Furthermore, he talks about the hurdles with protecting endpoint clients in the enterprise and offers advice on what organizations can do in order to stay ahead of the threats.

What are today's most prominent endpoint security myths? Why do they still persist?

Endpoint security is a widely used term that means different things to different people. To make things worse, the term and its meaning has changed over the last 5 years or so. It has evolved from anti-virus/anti-malware solutions, to firewall, device control and intrusion detection. Endpoint security software differs in its definition also from one vendor to another, so one can expect to find data loss prevention capabilities included as well. No wonder that several myths emerged among IT security decision makers when it comes to endpoint security. The use of the term is furthermore evolving since what an endpoint is changes as well and it now includes also tablets and smartphones besides desktops, laptops and thin clients.

Myth 1: Endpoint security equals Data Loss Prevention

As vendors of Content Aware Data Loss Prevention (DLP), Device Control and Mobile Device Management (MDM), we see very often peopleís confusion when it comes to endpoint security and Data Loss Prevention, even from IT Admins that all have a slightly different take on the terms endpoint security and Data Loss Prevention. For example, if endpoint security software includes Device Control functionalities, an instant connection to Data Loss Prevention is made.

The error lies in the fact that DLP is focused on internal threats, while anti malware solutions are directed to external threats. Besides that, the Device Control solution integrated or bundled with anti-virus, is limited to a small number of options that can be applied and devices that can be monitored. What about the other exit points? If a user tries to leak a sensitive file through E-mail to a not trusted recipient, how is the data loss prevented with the endpoint security software? In most cases the internal threat is not addressed with an endpoint security solution at all, besides the fact that a malware infection can be stopped. An intentional data breach is not detected simply because traditional endpoint security solutions do not focus on the inside threat.

Myth 2: Macs are a special category of endpoints that donít require protection

I think probably the biggest myth of all in endpoint security is that a Mac is safer than a Windows PC. This has been somehow true for most of the recent past since Macs have been out of the scope from attackers and not widely used by companies until recently. This has changed and this mindset has to change. Macs just need as much attention to be protected as do PCs from an IT Security point of view, with Anti-Malware measures against outside and insider threats to prevent data losses. Facts show that Macs can be defeated (e.g. Flashback Trojan). When it comes to Device Control and DLP functions, the situation is similar, as many IT Managers consider that a small number of Macs in the company represent a minority, so there is no danger of data breach. They couldnít be more wrong. It is enough for one employee to copy a highly confidential file on a thumb drive and leak it to the competition or simply lose it. Any type of endpoint needs the same amount of attention be it a Mac, a PC or a mobile device.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th