Here’s why complex security and endusers don’t mix

CloudCorporateEnduserEventsAPTDrive-by downloadsEndpointEndpoint ProtectionEndpoint Protection AdvancedProject Galileo

ComplexitySecurity is really all about your endusers. And that’s a problem, because when one user does something wrong, it has the potential to bring down the whole company.

Security companies have been trying to deal with the user problem for decades, but they’ve been going about it the wrong way.

The way most security vendors design their products is to wrap your endpoints – and your users – in layer upon layer of security. But the time, cost and complexity of implementing a whole bunch of additional layers of technology can be overwhelming.

Here’s an example of what I mean. Let’s imagine an enduser named Sam the Sales Guy logs in from the road without using his VPN and gets infected on a website by a drive-by download.

Later in the day Sam reports to the office, logs into the network, and goes about his workday without knowing that the malware on his computer has installed a sophisticated password stealer that silently grabbed the passwords for his Salesforce, corporate email and – why not – his Facebook account.

Fortunately, this security failure could probably be prevented at one of several layers: perhaps via a cloud-based web gateway to protect Sam when he visits the web from a remote location; via some type of endpoint-based advanced persistent threat (APT) detection agent; or maybe a next-generation firewall that would detect malicious traffic coming from Sam’s PC as the malware calls home.

But unfortunately, these various security layers bring about the problem of complexity: now you have multiple endpoint agents, multiple management consoles, and multiple security vendors to deal with.

This is a recipe for failure.

Jon Oltsik of Enterprise Strategy Group has written about the problems of complexity and chaos in security, and he came up with a phrase to talk about the solution that I quite like: Endpoint Security Technology Nirvana.

Jon asks, what if instead of all these disparate layers of security you could integrate all of the best enduser protection technologies into a unified system that is simple to manage?

Here at Sophos we’ve been working on the very same concept. Our focus is on enduser security that is comprehensive, including protection against advanced threats, yet it’s coordinated so different protection modules work together. It’s security that’s user-centric, rather than device-centric. And it brings it all together in one simple-to-use management console.

If you’d like to learn more about how Sophos is building better security for endusers, please check out the  webcast Jon and I recently recorded. We discuss how you can solve security complexity, including these topics:

  • A vision for endpoint security nirvana: comprehensive, integrated protection
  • Rethinking enduser protection with simplicity in mind
  • How integrated security provides better protection than layered security.

On-demand webcast: Why Complexity Is the Enemy of Enduser Security

Image of maze courtesy of Flickr user FutUndBeidl.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s