Page 8 - index
P. 8
We should dispense with the ‘bouncer’ concept in vainly attempting to identify and block every
form of cyber attack out there. Why fail in trying to defend the indefensible, when you can focus
on minimalizing the extent of the damage instead? After all, it’s mathematically impossible to
track every single adversarial tactic out there; the bad guys will always think of new ways to hit
you. Once you figure out what they’re doing and invest in solutions to stop it, they’ll come up
with new ways to hit you again.
That’s where the endpoint enters the discussion. Nearly two-thirds of the information security
professionals we surveyed say they’re interested in endpoint solutions. Why? Because a
staggering amount of high false positives are overwhelming IT departments. And even if
solutions can detect a real attack, the department still has to remediate at the endpoint. With a
traditional AV approach, every endpoint file has to be checked against the hundreds of millions
of malware variants out there. That’s impossible for most, if not all, organizations.
One option, as addressed in the Forrester report, is what is described as “endpoint execution
isolation” technology. This involves isolating infected apps “with logical separation between the
executable and the rest of the operating environment,” according to the report.
With the separation in place, the malicious code is contained within the compromised app, so it
can’t interact with the rest of the enterprise. Through this “micro-virtualization” of vulnerable
client apps and web-apps delivered to end users, malware can’t take advantage of an endpoint
exploit to probe the network. Each site/app is independently isolated, with zero access to other
enterprise systems, devices and apps.
Clearly, the information security transformation from an AV culture to an endpoint one will take
time. Although the trustworthiness of the endpoint (or lack thereof) represents over 70 percent
of enterprise breaches, it’s a progression which needs to start happening now. Otherwise, the
entire company is inviting risks – risks that can unleash costly fallout for months, or years. To
avoid such a scenario, organizations will have to invest less into ‘bouncers’ and think more
about protecting all of the ‘club patrons’ (endpoints) inside.
About the Author
Simon Crosby is Co–founder and CTO at Bromium. He was founder and CTO of
XenSource prior to the acquisition of XenSource by Citrix, and then served as
CTO of the Virtualization & Management Division at Citrix. Previously, Simon
was a Principal Engineer at Intel where he led strategic research in distributed
autonomic computing, platform security and trust. He was also the Founder of
CPlane Inc., a network optimization software vendor. Prior to CPlane, Simon was
a tenured faculty member at the University of Cambridge, UK, where he led research on
network performance and control, and multimedia operating systems. In 2007, Simon was
awarded a coveted spot as one of InfoWorld’s Top 25 CTOs.
8 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
