Gartner Blog Network


The Future Is Here … And It Is … Network? Endpoint?

by Anton Chuvakin  |  April 9, 2015  |  8 Comments

We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network! We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network! We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network!

Got a headache yet? As my security analytics research project is nearing its end, these conflicting messages have finally exploded my brain. Vendors (and, occasionally, security managers) pronounce either of the above two lines as “god-given truth” – without any awareness that the opposite message is just as powerful…

So, think about this:

We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network!
Anybody can connect to our network Malware everywhere – antivirus effectiveness low
Business partners connect entire other networks to our network Users click things, phishing just works, etc
Many connections to the internet, some with no controls Drive-by and browser exploits dime a dozen
BYOD wifi, 3G/4G, etc BYOD – no control over the endpoint at all
Our network spans 100 countries, managed by different people, etc Laptops are hard to manage remotely, patch, etc

The existence of this paradox is explained (IMHO) by one sad reason: silos!

People who “live” on the right side (let’s call them “the network guys”) know that their side is badly broken and they hope that the grass is greener on the other side – maybe the endpoint guys would block the attack. Naturally, people who “live” on the left (let’s call them “the system guys”) know that the endpoint is infected, the user incorrigible and that the malware is pervasive, but they hope that the network guys “got it.”

Surprise! The other side is just as fucked up as yours!!!

Hey, Anton, what is the point of all this?

  • Silos kill!
  • Generally speaking, we lost both sides :-(
  • Security must transcend IT silos (for example, incident response cannot be constrained to a silo)
  • Security analytics should also go across and incorporate logs, traffic (packets, session metadata) and endpoint data (EDR / ETDR style) – and also application monitoring data
  • Those who ignore today’s realities and insist on sticking to “just better netsec” or “just next-gen AV” (or whatever other false hope on the endpoint), risk losing their only advantage – see “Defender’s Advantage”
  • If you think that at your particular organization, security can never bridge this gap than either change the organization or change organizations.

Blog posts tagged “philosophical”:

Category: analytics  philosophy  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on The Future Is Here … And It Is … Network? Endpoint?


  1. […] The Future Is Here … And It Is … Network? Endpoint? “We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network! We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network! We lost the network – MUST focus on the endpoints! We lost the endpoint – MUST focus on the network! Got a headache yet? As my security analytics research project is nearing its end, these conflicting messages have finally exploded my brain. Vendors (and, occasionally, security managers) pronounce either of the above two lines as “god-given truth” – without any awareness that the opposite message is just as powerful…” Via Anton Chuvakin, Gartner […]

  2. Ronald says:

    So is focus on the application/service the solution?? (like OWASP appsencor)https://www.owasp.org/index.php/OWASP_AppSensor_Project

  3. Phil McCrackin says:

    @anton_chuvakin: Local grocery installed new PoS. I tried pay w phone. Failed! Fuck that shit – credit card so much easier! And it works!

    I agree, fuck that shit!

  4. Pete Vas Deferens says:

    Dr. C:

    Which side is fucked up as yours?

    PVD

  5. Matthew Gardiner says:

    Couldn’t agree more….to get out living in their security data silos first folks have to get out of their mental silos….

    “Security analytics should also go across and incorporate logs, traffic (packets, session metadata) and endpoint data (EDR / ETDR style) – and also application monitoring data”



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.