Top Myths of Endpoint Security

This hits right home with Network Box, as we do perimeter security and we cringe every time we hear AV companies making the case that moat defenses are a thing of the past. Indeed, if there was someone suffering in the fight against malware today, it’d be just those very companies owning the end point. Yes, the same ones who are telling you to ditch your gateway defenses.

I always like to draw a parallel with the real world; think of the perimeter defense as being the stone fort and moat surrounding your castle. Now, would you remove those and let your enemies through? Wouldn’t you rather stop them at the gate? Or, as far away from your gate as possible, for that matter?

From a stricter technical standpoint, several considerations must to be made:-

1- End point security is often at the mercy of the end user because it’s possible for an end user to turn it off or reconfigure it incorrectly. The IT department needs to set things up very carefully to avoid this. And even then, there are users who still manage to circumvent such measures.

2- As with every other security system, End Point security requires updates. If updates aren’t being correctly downloaded and installed, often there is little feedback (will the end user call the IT when he gets that pop up?).

3- The End Point security solution runs on the same platform it’s trying to defend and, consequently, suffers from identical vulnerabilities. Which means, it is, in itself, vulnerable. In fact, the first thing Trojans do when they start working is to take down the end point security, disarm it, and render it useless (assuming it was ever useful to begin with if it allowed Trojans in). Any Trojan that doesn’t do that wouldn’t likely be that dangerous anyway.

continue reading »