In 2007, I was part of a research team that introduced the Endpoint Protection Platform (EPP) for Gartner — essentially a modular framework that provides multiple styles of security protection and controls to endpoints delivered by a single vendor. For example, rather than purchase and install a separate product for firewalling, antivirus, antispyware, host intrusion prevention, application control, device control, patch management and so on, a single vendor and framework could provide all of this. This approach offers significant potential cost savings and reduction in complexity.
In my discussions with clients on their 2009 EPP strategy, one of the questions I am asked quite often is “Doesn’t using a single vendor for all of these capabilities reduce my overall security because of a loss of Defense-in-Depth?”.
To understand the answer, let’s dig a bit deeper. DID is a layering strategy for security policy enforcement controls such that a failure in one layer of security controls (either because the control is not functioning or if the malicious activity evades the control) is backed up by the capabilities of other layers using a different method (or style) of protection.
In this EPP example, if a piece of malware gets past the EPP firewall and evades a signature-based scan, the EPP solution may be able to catch it at runtime based on its behavior. That’s DID. The fact that the platform comes from a single vendor doesn’t reduce the effectiveness of the combined protection styles (each of which operates differently). Further, the platform should be adaptable to address new threats over time with additional capabilities that ‘plug into’ the platform.
DID does not mean having to buy lots of point solutions from lots of different vendors to address each new threat.
Security vendors may want this. We don’t. We can’t. Not in this year of tight budgets.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.