Secure at the cloud - no, do it at the endpoint - Oh now, this is so confusing... Or is it?

Security, for a decade or so, didn’t see much in the way of true change – yes, firewalls got smarter, likewise AV products (well, some anyway), IDS became IPS so it could actually stop something happening, encryption became more encrypted and VPNs became more virtual, but typically same old vendor faces, same old product types with variations on a theme.

And initial cloud instances didn’t really change much at first. For example, I remember testing some early cloud-based products and it was essentially just the same technology OnPrem, moved to the cloud – and with a significant drop in performance capability at the time.

However, the general consensus suggests that the “traditional” security architecture is no longer sufficient protection against cybersecurity and, certainly, the pure signature-based method of resistance is indeed full of cyber-holes. New vendors such as Tempered Networks and vArmour are looking to protect in a micro-segmented way, rather than building secure gateways/walls, albeit in very different ways to each other. And, meantime, you have vendors insisting that prevention at the cloud is the answer, and others saying the endpoint should be the focal point.

I recently had the pleasure of back to back arguments from two vendors, one in the former camp, Menlo Security, and one in the latter, Cylance (but is it golden?). Of course, the answer is that there is no single solution for all – indeed, each vendor has specific focuses – but that’s to kill the fun before it starts… Menlo’s focus currently is on preventing malware intrusions and has opted for the isolation method (not a form of birth control) – basically to isolate user devices from web and email threats coming from t’Interweb, so only the “good” stuff actually reaches the endpoints. It’s a valid argument for what it does – i.e. it is not an “all or nothing” solution, but a definite revisit to those initial cloud instances I mentioned earlier, but clearly better thought out. Anyway, it will hopefully come under the Broadband-Testing microscope soon, so watch this space on that one…

Cylance then described why the endpoint is still vulnerable (not least from insider attacks) and why, therefore, you do need protection at the endpoint (again, this is NOT a form of contraception) which, again, makes total sense in isolation, even though it’s not a isolation technology, just to make that clear (as mud). I kind of think of it in terms of, well – if we had NextGen Firewalls, then now we have a kind of NextGen AV technology. Funny – at that point I just looked at the Cylance website and that’s how they are describing it -) Great minds and all that. Or stupid ones as my old history teacher used to counter with. I actually got a “B” in History so the debate is still raging…

What I have noted from several demo’s is that Cylance’s “DNA-matching” approach to identifying threats seems to a) work and b) at very high performance levels and with a relatively minimal footprint/impact. Kind of like replacing a slow-burning 3-litre V8 engine with a turbo-charged 1.6-litre alternative, that is half the size and weight, has twice the power, and is thrice as economical. Will that appear on Cylance’s website???

Anyway, there are still more questions than answers (sounds like a cue for a song?) which makes it all the more interesting. Me, saying security is interesting? Surely some mistake here… It’ll all come out in the washing (public or otherwise)…