Although endpoints have become widely known as the “new perimeter,” many security solutions have not kept pace with this new reality, leaving endpoints vulnerable to increasingly sophisticated and damaging attacks.
Wallace Sann, VP of Systems Engineering and Public Sector CTO of ForeScout Technologies, told Homeland Security Today that full visibility into the network is crucial. However, with the International Data Corporation estimating that the number of connected devices could reach 30 billion by 2020, maintaining visibility is becoming increasingly difficult.
Headquartered in San Jose, California, ForeScout Technologies is a network security company that has developed technology that sees network endpoints, runs compliance checks on those devices, and mitigates any threats posed by those devices. The company offers solutions built to overcome the most formidable challenges of traditional endpoint security, including lack of visibility and control.
“Knowing what is on the network is fundamental, and we can help with that,” Sann explained. “Our solutions are different because we don’t require something to be installed on the endpoint—meaning a laptop, iPhone, printer, etc. Since we can see all devices, it affords us the ability to view a much clearer picture of what is on the network and what should not be on the network.”
ForeScout emphasizes that organizations should not only be concerned with who should and should not be on the network, but also with the value of orchestrating and automating endpoint security tools.
Sann explained that orchestration—a popular buzzword in the tech community— can be described as “bi-directionally integrating with other tools and sharing context.” The idea is to make the most of existing tools, rather than simply adding more, by getting them to work as one integrated system.
Essentially, orchestration makes it possible for disparate security tools to communicate, which helps to overcome security silos and eliminates the need for human intervention, which is often prone to error.
“Humans are error-prone. We take vacations. We are struck to the 9-5 window and the adversaries don’t have those restrictions,” Sann said.
According to a survey by Frost and Sullivan conducted on behalf of ForeScout, 52 percent of respondents from large enterprises said they operate more than 13 different security tools. However, more than two-thirds of respondents reported they had only a couple of tools that could directly share security-related context or control information.
“Historically, technologies have yielded false positives, blocking legitimate users,” Sann said. “The reason for this is that technologies did not communicate with each other. So there was no context. Today, through orchestration and automation, those toolsets can be orchestrated and share context.”
Sann said public and private sector agencies looking to improve the security of their endpoints need to look for solutions that are both machine-learning aware and have limited dependencies. He explained that many endpoint technologies require a client or agent to be deployed on the endpoint. While agents are good for patching and heavy-lifting type of functions on the endpoint, to be able to see everywhere and have a continuous monitoring view of an endpoint, a clientless approach is beneficial.
“I always say: ‘If you want to know what is on the network, the technology needs to ask the network, not the endpoint,’” Sann explained. “So I’m not going to ask a printer what is on the network. The printer only knows about itself. It may sound trivial, but that is what we have been lacking in the past from endpoint protection technologies.”
Although no silver bullet, in today’s increasingly dangerous cybersecurity threat environment, the value of orchestration and automation in endpoint protection is going to become increasingly apparent, and will require the implementation of solutions that can adapt as the threat landscape and adversary evolves.