Friday 15 May 2009

Lessons from endpoint security: Gartner’s Magic Quadrant

What can we learn from Gartner’s report on “Magic Quadrant for Endpoint Protection Platforms”? The unsurprising bad news is that “Traditional blacklist antivirus capability is insufficient” as “standard signature engines are rapidly losing effectiveness”.
Equally unsurprising is that Gartner recommend proactive management, white-listing and processes to constantly drive the vulnerability surface of systems.

First, let me congratulate the leaders in the End Point Protection (EPP) space who have been placed in the “MQ” – McAfee, Sophos, Symantec, and Trend Micro. EPP is a challenging area with a very dynamic threat landscape.

We know that signatures don’t work – particularly in environments where the items you are protecting are unique in their operating context. Take databases for example. One customer’s Oracle system does something completely different to the next customer’s deployment of the same Oracle database platform. This diversity means that any pre-defined signatures will fit no body accurately and will be effectively useless. (I won’t even bother to rant on about how using the wrong signature language only makes the task impossible.)

Building up accurate white-lists, as recommended by Gartner is a challenge. These must correctly categorize and suit each database and the way data is used from it. However, with third generation engine technology and intelligent deployment it is possible to control and actively secure all database interactions to protect data. This is what we do at Secerno.