The Evolution of the “Endpoint”
Over the past few years, the perception of what an “endpoint” is, and therefore the definition, has changed. The original perception was a user workstation independent of operating system. With the expansion of functionality, data persistence, Internet connectivity, and ultimately the threats against them, that definition no longer applies. Laptops became included, then smartphones, servers, tablets, internal file shares, and dedicated or special function devices such as point of sale terminals and processors.
This change in perception is actually a great awakening on the part of IT and business personnel. They are more willing to accept that any location in the business where information is stored or processed is an endpoint, from the protection perspective. With this awakening comes a heightened concern about what types of endpoints are in the corporate environment, who owns and manages them, what types of work and associated data are on them, and how they will be protected. In parallel to this heightened awareness, EMA research found that attention on endpoint protection and the value of solutions providing protection capabilities including prevention, detection, and/or incident response, jumped from 9th place to 2nd place in terms of perceived value based on total cost of ownership.1 When compared to 17 other security technology categories, there is a significant lack of consumer confidence in endpoint prevention as a capability. Twenty-two percent (22%) of research respondents rated prevention as their least confident security control, which is twenty-nine percent (29%) higher than the next closest control.2
Endpoint Protection is Greater Than Prevention
Ten years ago, the perception of the endpoint focusing on PCs and laptops, the lack of mobile devices and common deployment IoT devices, and other factors made relying on endpoint antivirus for endpoint protection a pretty good bet. Today, such is not the case. The approach of relying on an endpoint prevention product for protecting the environment is sheer folly. Though the endpoint prevention solutions are good, at this point no single solution covers all use cases on all types of devices. It is the scope of devices and the fact that many of them are personally owned, and therefore not managed by the organization, that brings the concern.
Projecting the Environment From Devices Requires Endpoint Visibility
For IT and security personnel, this means they need to consider a larger issue, which requires turning the old protection paradigm on its head. We are no longer identifying and protecting the endpoints in the environment; we are identifying the device to protect the environment from those devices. This makes greater visibility into the devices operating within the environment paramount. The BYOD trend put users in control of more devices that are doing work for and in the organization, both officially and unofficially. Without endpoint visibility , the chance of protecting corporate data falls to zero.
EMA research identified some interesting trends: currently, less than 15% of midmarket and enterprise organizations have fewer than 1,000 endpoints in their environments and 49% have between 1,000 and 5,000, while 33% of enterprises have over 5,000 and upwards of 10,000. In addition, 54% of large enterprises (20K or more employees) have between 10,000 and 25,000 endpoints that they are aware of.2 Of BYOD, IoT, and special function device requirements, over 25% of the devices being used for some kind of business work is unable (technically or by policy) to have a management agent placed on it for prevention or detection.2 Therefore, they could be unprotected and a viably beachhead for an attack of some kind.
To begin to address the endpoint issues that we have today at scale, we need to look beyond solutions fixed on traditional server, PC, and laptop protection. By doing so, we will gain visibility into the real scope of the endpoints in the environment.