X
Please note we have recently updated our Privacy Policy, effective May 24, 2018. You may view the updated Privacy Policy here.
By using this website, you consent to the use of information that you provide us in accordance with the Privacy Policy.

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

7-experts-cloud-based-endpoint-security
sean_blanton
February 27, 2018 / Sean Blanton

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.


Effective Deployment Depends On Understanding Your Threat Scenarios

John Meakin, CISO, Formerly Burberry

For John Meakin, former chief risk and security officer at Burberry, today’s retail environment is rich in endpoint computing that encompasses core office activities, connections to manufacturing facilities, and sales assistants working within the retail network. Beyond this, there is a very active online customer engagement and sales process that often involves multiple channels. “We see the endpoint being right there on the perimeter,” Meakin says, emphasizing the importance of endpoints to his overall security strategy.

This is a view shared in the organization. “Interestingly, it’s never been easier in my experience as a security leader to make the risk-based cost-benefit equation, because there is so much evidence out there of what happens when things go wrong,” Meakin says. But just because it’s easier to enlist support and funding, that does not mean the task of securing endpoints is any easier. “The difficulty in achieving effective deployment of these technologies is still very high. It’s complicated. So my life’s a little bit easier, but it’s not a breeze,” he notes. These challenges relate to finding the right technologies to fit your endpoint activities, and being able to support them. Meakin offers this advice:

Don’t think about it as finding a single perfect solution for the endpoint. Meakin says you have to think carefully through the most likely threats that apply at the endpoint. For example, in Burberry’s case it has the core office environment, the manufacturing environment, and the retail network environment. Each presents its own usage patterns and threat scenarios, and they are complicated by frontline activities with customers inside and outside the store.

 

  • You need to think about how you are going to manage whatever you deploy.

 

“I have not yet found one product with the richness of functionality that gives me enough to address the variety of endpoint-threat scenarios,” he says. “Also, you need to recognize that the endpoint is one very important part in a bigger context of the other things you deploy across your network, because the endpoint-security solution is never going to be 100% effective.”

Look for the smallest number of solutions needed to address your threat scenarios. This is because implementing endpoint-security tools presents a management challenge. “You need to think about how you are going to manage whatever you deploy,” Meakin explains. “One thing that distinguishes the endpoint from other places in your IT estate is that the endpoint is multiple. Whatever you deploy to the network, you need to multiply by 1,000, or 10,000, or 100,000. Scale makes it more challenging to get every security technology deployed to every endpoint, operating fully effectively in line with the standard configuration, with every endpoint patched to the relevant level.”

Meakin believes the best approaches for securing the endpoint broadly fit into architecture where there’s an agent on the endpoint that it is fed actionable machine intelligence from a cloud service that comes along with that endpoint technology. Behavior analysis is a good example. “The only way you get behavioral analysis is if you keep feeding the analysis algorithms with new data,” he comments. “The only way you can practically get new data in a timely and rich enough manner, is if you’ve got the endpoint agent taking action based on analysis happening in the cloud.”

KEY POINTS

  • Rather than searching for the perfect endpoint solution, begin by carefully thinking through the most likely threat scenarios that apply to your endpoint estate.
  • The best approaches for securing the endpoint broadly fit into architecture where there’s an agent on the endpoint that it is fed actionable machine intelligence from a cloud service.

 

ABOUT THE CONTRIBUTOR

John Meakin

CISO
Formerly Burberry

Dr. John I. Meakin has recently retired as chief security and risk officer at Burberry, and now advises a number of businesses on cyber risk. He is a specialist in information and systems security with more than 25 years of experience. Most recently he was chief security officer for the luxury goods conglomerate Richemont International SA. Previously, he built and led security functions in a range of banks, BP, and Reuters. He has a PhD in experimental solid state physics.


Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.

TAGS: 7 Experts / cloud / Cloud-Based Endpoint Security / Move to the Cloud