By Al Hartmann

Cyber War Z, Part 3: Enterprise Clients are Crewed by Naïve Users

Datacenter servers run dedicated and tautly managed server images maintained by skilled datacenter IT staff. In contrast, client endpoints may begin life with a clean golden image, but rapidly devolve under daily user influences in a degenerative process described as “image drift” or “Windows rot.”

It is practically impossible to secure enterprise client populations in these later devolved stages, leaving the organization ripe for sinister exploitation. Having failed the management challenge, security is a lost cause.  Security, if it is to be found, is always a derivative benefit of sound client security management.

Traditional Security Management Toolsets Don’t Seriously Address the Client Security Management Challenge

Traditional security management toolsets lack the advanced analytics and the application knowledge base and the anomalous usage heuristics to provide comprehensive client population situational awareness with client security management key performance indicators (KPIs). In traditional security software the concept of process classification is simply limited to benign versus malicious, a black versus white world. This un-nuanced color blindness is exploited by modern malware that evades traditional signature-based detection, the most reliable way to classify something as malicious.

In reality most software is neither black nor white, but has some associated trust factors and some associated risk factors. If you don’t have an application knowledge base, aren’t tracking and aggregating application instances across your client populations, classifying processes as to their purpose and value, learning behavioral baselines for application and user activity, tracing user engagement with those applications, applying advanced analytics to make rational sense of it all – then that ocean of processes is opaque to you. You are essentially blind to the persistent coordinated actions of competent attackers operating in your own environment.

Check out this webinar to learn more:  Having A Tattletale Endpoint May Be a Good Idea!

Get the General Here