The two scariest words you can utter to a C-level It leader are these: data breach.
Recent survey research on endpoint security shows that virtually nine in 10 (89%) C-level IT leaders have a “heightened fear” of a data breach in the coming 12 months. Of those leaders, 71% name the endpoint as their biggest network security concern.
Endpoint security addresses the risks to the network posed by the use of remote devices. With each device a potential entry point for hackers, endpoint security seeks to ensure better policy standards and compliance.
So, what makes the endpoint–such as corporate laptops and BYOD mobile devices–such a tough thing to protect? In a word, according to Ziften’s Mike Hamilton: people. People freely using wireless tech across open networks, people not resisting the all-too-easy urge to click on that email link–you get the picture.
Located in Austin Texas, Ziften wants to enable enterprise IT security teams through its continuous endpoint visibility solution. The offering, said Hamilton, is customizable and permits security pros “to utilize their human intuition, natural skills, and deep knowledge of their own environments.”
Mike Hamilton is Ziften’s SVP of product and recently spoke with TechRepublic via email about the challenges of endpoint security, the lack of security resources that companies face, and the integration of endpoint data into mainstream security approaches.
TechRepublic: What makes the endpoint such a difficult place to secure?
Mike Hamilton: People are the biggest point of vulnerability in any organization and the endpoint is where they interact with whatever an attacker is after: intellectual property, credentials, cyber ransom, etc. Further, people are responsible for the policies and procedures that are in place at the enterprise, whether forced upon them by regulatory bodies or voluntarily for proper security hygiene. Securing the endpoint would be less difficult if we were willing to accept policies and procedures that could help reduce the attack surface. But, no enterprise, in practice, wants to put employees through having separate systems for outside/inside network access. Employees want to and will use their corporate equipment for personal things: checking email, syncing music with their phones, and engaging others on social networks. And people are trusting. Clicking on links in emails, tweets or Facebook posts is all too easy, and even security experts sometimes have a difficult time resisting that urge.
TechRepublic: What growing threats in endpoint security should enterprises be most aware of?
Mike Hamilton: One of the biggest threats is the widening gap between “good guys” and “bad guys.” We have some Fortune 500 customers that have a security team of one or two. But, think about the (alleged) size of attack forces of some nation states or freelance attackers looking to make money. The lack of resources and time that these security teams have to track down, hunt, identify, and mitigate threats is scary. I’ve talked to customers that have a 45-minute window to perform root-cause analysis on potential threats before they have to wipe a system and move on. Without an integrated ecosystem of tools that empower them, security folks are fighting a losing battle of time and resources.
With so much money pouring into the security ecosystem in terms of enterprise budgets and venture capital, there is just a ton of noise out there that is confusing to enterprises. I’ve seen products messaged as “endpoint protection” or “endpoint visibility” that don’t actually run on the endpoint. Those who actually need the technology are overwhelmed with overlapping and confusing messaging. As every new security player pops up, that’s one more product an enterprise has to evaluate and look at. What happens is that they either don’t properly evaluate solutions or they use what they’ve used in the past.
TechRepublic: In your competitive space–endpoint visibility and security–what are the main trends over the next several years?
Mike Hamilton: I think the main trend in this space truly overlaps with enterprise security as a whole — the integration of endpoint data into the broader security infrastructure to create connective tissue between network security devices and end users. That was what brought me to Ziften, having met the team at RSA in 2014. We did a product integration to connect network security analytics with endpoint visibility to provide the user, process, and system attribution to events happening on the network. We have adopted an open visibility strategy, allowing our customers and partners access to our data through whichever platform they prefer to consume their security data from. Nobody wants to have to pivot between multiple products while trying to find answers. At the end of the day, time is such a precious resource. We all need to focus on how to save time and optimize the resources that enterprises have at their disposal.
TechRepublic: How would you describe the concept of people-powered security?
Mike Hamilton: My former CEO once made a comment that has had a lasting impact. She talked specifically about predictive analytics, but it applies to this concept as well. People-powered security is about empowering and enabling the most impressive predictive analytic engine on the planet: the human brain. The capacity of the human brain to draw links and relationships between things and establish patterns is mind-boggling. Ultimately, it is up to us as security technology providers to empower the human brain to make better decisions — faster. We need to remove noise from alerts. We need to provide as much useful information up front as possible for security practitioners. We need to enable people to make better decisions much faster so they can get on to the next problem.
TechRepublic: What is in your view the one thing that most differentiates Ziften in the marketplace?
Mike Hamilton: In a nutshell, the time-savings we provide our customers. There’s a shortage of skilled security personnel and customers are swimming in a sea of false-positives, alert fatigue, and pivoting between silos of information to determine when something bad is occurring. Once they’ve determined they want to remediate a problem, it’s sometimes a manual process for them to take action. At Ziften, we first distill pertinent information into dashboards that users customize to their own preferences, giving them the information they care about. Second, through advanced analytics, we advise customers which problems they should look into first through prioritized risk scoring. Third, we integrate and share our insights into the existing customer ecosystem to provide a more complete picture of what is happening. Finally, we enable automated actions based on each customer’s policies and preferences to remediate problems.