Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/31/2017
11:41 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Cons of a 'Silver Bullet' Approach to Endpoint Defense

Companies relying on individual security solutions won't find one is a 'silver bullet' that will provide seamless protection.

Endpoint tools often promise to be a "silver bullet" to tackle all security problems. The problem is, no single product will fix everything, and businesses are left to juggle several tools that don't work together.

"In the last 10 years, the industry is following a destructive path of 'new threat, new widget, new threat, new widget,'" says Brian Dye, McAfee's EVP of corporate products. Over time, he explains, companies amass a collection of individual security products that don't integrate and consequently spend more time on administration than on security.

McAfee is doubling down on endpoint strategy as it transitions back to a standalone business following its spinoff from Intel earlier this year. Dye says the focus is less on first-gen and next-gen point products, and more on how to build an architecture that adapts to changing threats.

Many businesses market their products in line with industry news, says Dye. Amid the fallout of WannaCry, for example, there was a rise in products promising defense against ransomware.

"Each wave of technology promises to be the answer to world hunger," he continues. "The bad guys always find a way around it." Next-gen products promise to fix security problems but don't integrate with the broader security framework, he explains.

The effectiveness of threat defense is one of the key challenges facing businesses this year, McAfee found in its 2017 Threats Predictions report. New techniques gain value throughout deployment and improve as they face real-life scenarios. The upward trend continues until the defense becomes so effective it motivates adversaries to respond.

"At this stage, attackers experiment and discover ways to evade this type of defense and develop countermeasures to reduce its value," the report states.

Different technologies perform different functions in the process of protection, detection, and correction, says Dye. Machine learning, antivirus, intrusion prevention, and enterprise detection and response (EDR) are all examples of technologies that work better together than alone.

"To make endpoint work, you need a platform," says Dye. "It needs to combine the strengths of many different technologies so you account for the weaknesses of those technologies."

When an attacker runs malware, for example, individual tools for machine learning and EDR can try to decide whether the threat is real. On their own, each might indicate "it might be a threat" and security teams may not respond. However, if the tools collaborated and all detected a potential threat, a team would be more likely to investigate and avoid a false positive.

"There's a core tradeoff in how effective security is, and how much risk you put to the user in terms of false positives," says Dye. "The key is to have the ability to stop the bad things and not stop the good things."

Large enterprises have an advantage in building this type of flexible platform, which Dye calls the "dynamic endpoint," because they have dedicated teams and the bandwidth to try new technologies that will give them a more well-rounded defense. Small and midsize businesses don't have the luxury of being able to test every vendor claim, he notes.

Dye cautions security teams about the danger of continuing the "silver bullet" approach to security instead of the flexible architecture approach.

"The danger is … you'll stay on the hamster wheel," he explains. "You'll purchase and deploy a solution with the strength of one technology, and you'll end up having to deploy another one in another year. You'll spend all your time on admin and suck resources away from what you're supposed to be doing."

Related Content

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7759
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
CVE-2020-7760
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
CVE-2020-27014
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
CVE-2020-27015
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
CVE-2020-27885
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...