The endpoint security problem persists - MEAD offers a new approach

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

We spend a lot of time talking about gaps in cybersecurity, but weak points are often the bigger problem. Case in point: a recent TAG report found that 93% of cybersecurity teams have endpoint data controls in place, yet only 7% were confident that these controls were working — and 71% of CISOs said they wouldn’t be surprised if they had a serious data breach on their business PCs and laptops.

In other words, nearly all organizations have tools to cover their endpoint data security gaps. They just don’t work — and everyone knows it.

TAG report uncovers familiar issues with endpoint security

Despite plenty of attention over the last decade, endpoints remain a common source of data loss and data breach. So, the TAG study looked at how companies protect endpoint data today — and found some deficits that likely sound familiar to any CISO.

Beyond companies’ startling lack of confidence in their endpoint protection and recovery capabilities, TAG identified an overreliance on employee actions as the control to comply with cybersecurity policy (don’t get me wrong, people are great; but we make mistakes); additionally, TAG warned of increasing misuse of cloud collaboration platforms like OneDrive in place of purpose-built, automated endpoint backup and recovery.

Todd Thorsen

Chief Information Security Officer, CrashPlan.

Advancing cybersecurity maturity overshadows endpoint security problems

Perhaps most importantly, TAG noted that using more cybersecurity tools did not translate to less endpoint risk; it’s really about using the right tools for the right application. Moreover, as organizations have advanced their overall cybersecurity maturity — adding sophisticated cloud security tools, for example — this progress has produced a halo of overconfidence among CISOs that overshadows endpoint data security and resilience problems: “Many enterprise teams possess a false sense of security for endpoint data resilience and restoration post-incident,” TAG concluded.

MEAD: A simplified model of endpoint security

The TAG report wasn’t all bad news. The leading cybersecurity advisory firm proposed a new model that radically simplifies the approach to building a modern endpoint security program. The back-to-basics framework is called MEAD, comprising four pillars: Malware (e.g. Malwarebytes), EDR (e.g. CrowdStrike), Analytics (e.g. Tanium), and Data.

The MEAD model holds that CISOs should focus first on ensuring confidence in these four fundamental areas — in other words, focus on the fundamentals before spending time evaluating novel and niche technology promising to cover emerging gaps or edge cases.

Endpoint backup is the foundation of MEAD

Importantly, TAG puts endpoint backup as the foundational layer of endpoint security — enveloping all else with the confident assurance of data resilience. This shouldn’t be a surprise — backing up endpoint data has always been the most reliable way to ensure data availability, no matter what happens. But TAG highlights the need for “a purpose-built endpoint data protection and resilience platform,” as a distinct correction from the widespread trend of misusing cloud collaboration tools as an (inadequate) substitute for true endpoint data backup.

We need MEAD

Managing complexity is a common challenge in cybersecurity today. The enterprise ecosystem keeps getting bigger and more complicated. Threats and threat actors keep getting more sophisticated. It’s no surprise that the dominant response has been to add more to the security stack.

The biggest takeaway from the TAG report flies in the face of this complexity: The biggest risks are still some of the most fundamental (protecting endpoint data). And this isn’t a problem that requires elaborate technology or adding more layers to the security stack. We know how to fix endpoint security — it’s about getting back to basics, starting with putting a secure, purpose-built, and automated endpoint data backup and recovery platform in place.

We've listed the best cloud antivirus.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Todd Thorsen, Chief Information Security Officer, CrashPlan.