What Happened
As we’ve seen, a bug in a CrowdStrike update caused worldwide havoc. Approximately 8 million Windows computers crashed at many companies, from airlines to broadcast news to hospitals. Desperate users took to forums, some entire organizations ground to a halt, and some problems persisted for days and longer.
While CrowdStrike was able to fix the issue quickly, recovery took a long time. This incident highlights the fragility and risks involved with endpoint-based security. They stem from a simple problem: we have many desktops and laptops scattered around the world, and it takes significant time and effort to get to each one. Even with remote centralized management, someone must physically get to systems that don’t boot up.
Benefits and drawbacks
Endpoint security is part of perimeter security, that along with firewalls, email security, physical security, and more, try to keep hackers out of the corporate network. While protecting every device on the network seems like a solid strategy, it’s not without serious drawbacks.
Manageability
Securing a large number of devices can be a complex and time-consuming task. Each device varies in many aspects, including hardware, operating system, installed software, and usage. Many tasks must be performed on each device individually, including updates, configuration, patches, performance and stability, security monitoring, problem resolution, and more. Centralized and remote management helps a lot, but devices get out of sync often. And as the CrowdStrike incident demonstrated, problems can be difficult and time-consuming to resolve, with catastrophic business impacts.
Cost
Endpoint security can be expensive as the organization and the number of devices in it grow. Licensing costs per device can be high, but the resources required to manage and maintain it adequately are significant.
Effectiveness
Endpoint security is not always effective in protecting against attacks. Some obvious examples are the internal threat that accounts for 20% of data breaches, insecure devices on the network (VPN logins, physically attached devices, unsupported OSs, etc.), or attacks that don’t compromise an endpoint (like XSS). However, cybercriminals are becoming more sophisticated and discover means of penetrating even protected devices.
Alternative Solutions
While perimeter security on all its components is valuable in reducing the number of attacks, it cannot stop them all. An easier approach is to focus our efforts on a few key servers rather than the endless sea of vulnerable endpoints. Performance management has been using this paradigm for decades, and the equivalent trend in security is the shift from perimeter to data-centric security.
That is where our technology comes in. By focusing on database and application security, we offer more effective security that’s easier to manage and maintain. While data-centric security is not without its challenges, it delivers stronger protection at lower costs with better manageability.
The CrowdStrike incident demonstrates that endpoint security carries inherent risks. Data-centric security offers a good alternative, allowing you to focus your resources on what really matters: protecting your critical data.
Are you ready for change?
If you’re looking for a more secure and efficient way to protect your data, contact us today at info@bluecoreresearch.com to learn how we can help you implement a data-centric security solution that meets your business needs.
