CISOs and Security Breach Management - The Challenges of Failing End-Point Security!
Posted by: Mel Morris
CISO s are being tasked to implement improved procedures surrounding breaches in end-point security. I am sure this comes as no surprise but it does point to a growing acceptance that end-point security is struggling to keep companies and their data safe.
I'd like to ask how CISOs expected to know if and when a breach in end-point security has occured? There are three scenarios to consider. The first and most common scenario will be that an antivirus scan detects an infection probably as a result of a signature update allowing it to detect a prior breach. The second is where a user or support team member discovers a breach that was undetected by the end-point product set. The third is that a breach has occurred but has yet to be discovered.
However a breach is discovered, it is virtually impossible to discern when most breaches actually happened. This leaves CISO s exposed. Without knowing when the breach occured it is impossible to accurately assess the exposure to, and potential for data leakage. There is a massive difference between a keylogger that has been active for a day and one that has been active for months.
This brings us to the crux of thoughts on this. Surely, we need to be checking for breaches continuously. Frequent monitoring for end-point security breaches allows us to find more breaches, reduce the window of exposure to malware and more accurately assess when the breach occured. As end-point security is focussed on preventing breaches it is a condradiction to expect the same product to monitor itself for breaches. Sure signature updates will allow end-point products to detect some prior breaches but this is quite hit and miss. Then there are further practical issues like the convenience and performance impact of performing ever more frequent antivirus scans.
There is a good article from Forrester Research that sheds some other interesting angles on Security Breach Measurement and Management.
CISOs looking for tools that can monitor, identify and fix breaches in end-point security should also take a look at Prevx CSI-Enterprise, this is exactly what it was designed to do.
