Gartner recently released a report on operationalizing endpoint security – on how signature-based anti-malware is losing effectiveness in the face of an overwhelming volume of threats. I have a few thoughts about the report’s findings and what organizations can do to better protect their endpoints.

As the Gartner report made clear, signature-based anti-malware is losing its effectiveness. There are a massive number of new threats all of which require new signatures to stop them. But there is too big a delta between threats and signature windows, which is creating problems.

At the heart of Gartner’s report is this: 90 percent of attacks are leveraging vulnerabilities that are either patch- or configuration-related for which remediations already exist. In other words, organizations just haven’t taken the time to deal with these vulnerabilities. As a result, they’re unprepared to protect their organizations from malware-related threats.

When you look at security today, the internal and external threat landscape has drastically changed. Further, organizations are faced with growing pressure to achieve IT efficiency  through the adoption of  cloud computing, virtualization and outsourcing mechanisms. These trends are leading to increased endpoint risk, which is being exacerbated by massive budgetary concerns and lack of funds to support these projects in the midst of a changing threat landscape. What this Gartner report reminds us is that businesses need to better align processes and importantly technologies across IT Operations and IT Security.

To protect against new threats, it’s more critical now than ever for IT Operations and IT Security teams to start working together by coming together to synchronize efforts across the entire organization. Organizations can then start to address common root causes of malware infections and other threats, which enable the following:
1.    Better security focus on managing critical risks
2.    Prioritizing vulnerability patching
3.    Addressing configuration creep at the endpoint

These measures can proactively reduce the attack surface of endpoints.

Unfortunately, prior to this past year, companies have done a poor job bridging the gap between IT Operations and IT Security. We conducted a survey with the Ponemon Institute in 2008 and saw a massive void between IT Operations and IT Security. The survey was sent to 25,000 IT Security and IT Operations folks in the US. One of questions we posed was, “Have you suffered a data breach in the past year?” While 94 percent of security people said they had, only a shocking 54 percent of operations people were aware that they had suffered a breach at all. This is a startling reminder that better alignment between the two groups is critical to a successful security strategy.

One key reason for this disconnect is that larger organizations tend to have a higher level of unnecessary departmentalization. This ends up costing them a great deal of money because those in charge of desktops and laptops don’t communicate with those in charge of servers who in turn don’t talk to those in charge of overall security and so forth. We are now starting to see more and more vendors bring technologies together on a single platform to help bridge this gap.

A lot goes into making your endpoints safe and secure. You need to work with a vendor who understands the role of the endpoint and the software on that endpoint beyond signature-based security. That involves all the pieces beyond traditional security and firewalling, such as asset discovery, license management metering, operational system configuration management, etc.

It comes down to the use of the configuration management process and tools to establish common security standards and remediate non-compliance rapidly both in terms of patch remediation and machine configurations. Secure configurations that are patched well are safer than those that are not managed appropriately. By doing a better job of this, organizations will dramatically reduce the attack surface area.

The key takeaway of the Gartner report is PURE LOGIC!  Reduce the attack surface area using the tools we already have today and you will solve 90 percent of the problems you suffer due to sloppy configurations and poor security patch remediation practices. Then focus on the remaining 10 percent…a much more reasonable task.