May 28th, 2020
Endpoint Security For Remote ScenariosChris Sherman
Senior Analyst
2
Cyberattacks are a
board-level
concern
• Security is shifting from a director/VP/CISO problem to a
CEO problem
• Data protection is a key concern
• The attack surface is expanding
• Mobile and IoT are presenting new challenges
• BYOD/user-owned devices are here to stay
3© 2020 Forrester. Reproduction Prohibited. 3
You are dealing with a rapidly expanding attack surface
Known, corporate-controlled digital footprint
Unsanctioned, rogue activity and occurrences of affiliated footprint
Fraudulent or malicious spoofing and impersonations
Nefarious threats, mentions, and sales on unaffiliated channels
Deg
ree o
f co
ntro
l
Third parties
Social
Mobile
Web (deep & dark)
Shadow IT
IT environment
4
Data breaches are
commonplace • 56% of enterprise respondents say they suffered at least
one breach last year
• 23% of breaches are due to insiders
• 44% were malicious in their intent
Base: 217-784 Security decision-makers with network, data
center, app security, or security ops responsibilities
Source: Business Technographics Global Security Survey, 2019
5
Why don’t
“perimeter only”
models work
anymore?
• Networks are broadly laid out – easy to find blind spots
• Data is mobile – perimeters are nonexistent
• Remote work increases chance of theft and/or loss
• Trust occurs, but verify is not followed up on
• Malicious insiders pose additional challenges
6
Agent proliferation
adds to the
complexity and
expense
Source: Forrester’s Proprietary Survey, 2017
The average enterprise has more than
six agents per endpoint.
7
Endpoint Security
Suites And UEM
Are Converging
54%
56%
56%
57%
57%
60%
62%
64%
64%
66%
67%
Add-ons to endpoint management for enhancedautomation and remediation (e.g., 1E, Tanium)
Enterprise mobility management (EMM) softwarefor managing mobile devices and apps only
(BlackBerry, MobileIron)
Unified endpoint management (UEM) that includesboth PC and mobile management
PC monitoring tools (e.g. Aternity, Lakeside,Nexthink)
Mobile application container for separation ofbusiness and personal data (e.g., Android
Enterprise Work Profile, BlackBerry Dynamics)
Mobile security tools for malware prevention,detection, and remediation (Lookout, Wandera,
Zimperium)
Online PC backup software that backs up to aremote service (e.g., Carbonite)
File synchronization service that enablesemployees to access files from PCs/devices suchas Box, Dropbox, Citrix Sharefile, or SugarSync
Client management software for PCs and Macs(e.g., Microsoft SCCM, Ivanti, Jamf etc.)
Full disk encryption to prevent data loss
Endpoint security suites for malware prevention,detection and remediation (e.g., Carbon Black,
Sophos, Symantec)
Base: 505 Infrastructure technology decision-makers (1,000+ employees)
Source: Forrester Business Technographics Global Infrastructure Survey, 2019
What are your firm's plans to adopt the following PC and mobile technologies?
Implementing/implemented + Expanding/upgrading implementation (4 5)
8
Why an integrated
Security/IT
approach is needed
• Reduces friction between the two teams
• Stops malware propagation
• Improves visibility throughout the network and reduces
time to breach detection
• Increases data awareness
• Stops the exfiltration of toxic data into the hands of
malicious actors
• Reduces both capital and operational expenditures on
security
• Reduces security agent fatigue
9
Poll Question “How would you rate the level of integration
between your security and IT management
tools?
10
Use Forrester’s Zero
Trust framework to guide
your integration strategy
11
Technology
requirements for
the Zero Trust
framework
• Must easily integrate with current security tooling
• Deploy quickly with little or no additional tech
• Work with any device, any browser, mobile or not
• Multiple isolation levels, aligned with
device/network/user/data risk
• Preserve native user experience
• Stop phishing and web-based attacks
• Enable forensics
12
ZT use case #1:
Enterprise data
theft from personal
deviceAttacker exploits
employee’s consumer mobile
app
Lack of enterprise/personal data segmentation allows attacker to access enterprise
app
Enterprise data exfiltration through
unprotected channel
13
ZT use case #2:
Phishing Attacker sends
spoofed company
login page to employee
Attacker attempts to use stolen
credentials to access
enterprise apps
Context has changed; attacker is
denied mobile access to
company IP
14
Recommendations
• Embrace the positive security model through on-device
segmentation of sensitive data, apps, and hardware
• Identify and enforce isolation levels based on real-time
risk
• Track risk levels associated with device configuration
and mobile behavior
• Correlate data, network, and user behavior telemetry for
context/improved risk identification and coordinated
control