IDC Opinion:

Endpoint security must be accomplished holistically from silicon up through application layers

The business criticality and cyber-risk of endpoint devices could not be greater. With the COVID-19 pandemic, many employees rapidly shifted from a protected business work location to work from home (WFH). Post-pandemic, evidence points to WFH being more prominent than pre-pandemic. According to IDC’s COVID-19 Impact on IT Spending Survey, respondents said that 6% of their employees worked from home prior to the pandemic. During the pandemic, that number jumped to 53% of employees; and, in 2021, respondents expect that 30% of employees will WFH. Yet, operating outside the guarded network of the enterprise, threat actors have escalated their attacks on end users and their devices; these actors know from experience that compromising endpoint devices and manipulating human behaviors is their golden pathway to steal sensitive information, ransom business continuity, and divert funds.

IDC’s research shows that the importance of endpoint security, already high, increased with the sudden WFH migration (see Figure 1).

Figure 1:
For Security Decision Makers, Relevance of Endpoint Security in Risk Management Across Multiple Threats Is High, and the Pandemic Drove Relevance Even Higher

Q. Please rate the relevance of endpoint security products in mitigating the following risks.

For many organizations, their current approach to endpoint security is insufficient. Despite advancements and inclusion of machine learning and artificial intelligence (ML/AI) into endpoint protection platforms, and the layered addition of endpoint detection and response, organizations are not fully removed from operating in a reactive mode. In addition, organizations are also reliant on endpoint security software products to thwart the next new or unknown threat. This reliance, however, has a structural limitation as endpoint security software products lack visibility into firmware integrity. Inferences on the actual state of firmware integrity may be possible but are subject to error.

A better alternative is to approach endpoint security holistically, starting with devices equipped with hardware-based root-of-trust (RoT) technologies that deliver security below and in the operating system (OS).

This will address the inherent blind spots of bolted-on endpoint security software, and device self-healing will also be possible if deviations from a known good state occur. In addition to producing an immediate reduction in risk, self-healing also reduces IT desktop operations (IT-involved reimaging) and minimizes disruptions to end users’ productivity. Hardware-based security can also lessen SOC analysts’ alert fatigue, the number of incident investigations, and post-incident remediations by inoculating through isolation the prominent endpoint attack vectors of web browsing, file downloads and email attachments. Finally, hardware-based root-of-trust devices fold nicely into organizations’ zero-trust architectures.

PC buyers should, however, tread cautiously as manufacturers differ on the breadth, depth, experience, and certification of their hardware-based security capabilities. A little homework will pay dividends. This iView explores the context around security professionals’ expectations of endpoint security solutions as well as the threat landscape that crystalizes the justification for folding PCs equipped with hardware-based security into an organizations’ PC inventory.

Endpoint Security's Situational OverviewAnalyst Perspective