Musings On The Threat From Within

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

2016_03_Threat-from-Within

It never ceases to surprise me how much effort organisations take to protect themselves from external threats outside of their network with sophisticated intrusion prevention systems and firewall solutions, when much of today’s evidence points to the fact that the threat is far more likely to lurk unknowingly within. I was recently contacted by The Times to comment on this very topic and I summarised that it is indeed the organisation’s endpoints that pose the biggest threat to security and require ultimate planning and caution. Even harder to anticipate, plan and isolate, is the fact that the internal endpoint breach is most frequently totally unintentional – likely caused through careless or curious downloads or through some form of social engineering. Our remit at AppSense remains strongly to provide you with encompassing solutions that inherently secure your endpoints but do not compromise, curtail or restrict end user productivity with forced policy restrictions and lock-downs.

I also noted in the commentary that the landscape has been muddied further still with our insatiable desire to bring an ever greater number of heterogeneous endpoint devices into the work environment. No longer is a desktop or company laptop the only ‘in-point’ to the corporate network, yet our attention to secure new mobile devices seems to outweigh the need to secure the traditional windows laptop.

With this in mind, we continue to advise customers for the need to move toward a mindset of actively deploying a protection layer for ALL user endpoints, internal and external. It would be a perilous, brave and somewhat ill-advised IT department that focuses on mitigating risk and achieving compliance externally without taking a deep, hard look at what’s happening within their walls and clouds. We continue to advise concerned customers to evaluate at AppSense’s Application Manager that runs locally at the desktop or virtual desktop level; with a kernel-level driver that controls through a configuration file locally installed that the user cannot stop, remove or modify. This encompassing endpoint protection layer needs to allow full access to authorised applications without compromise and needs to provide IT with full visibility of who is doing what, should an audit trail be required. More on Audit Trails, (specifically discussing the impact of forthcoming EU Data Regulation Data Breach Legislation), in my next blog. v