In this interview Marc Maiffret, Co-Founder and CTO of eEye Digital Security, discusses endpoint security and its ramifications on the enterprise. eEye is the developer of Blink – the first unified client security agent.
Introduce yourself to the readers.
I´ve always been interested in computer security and hunting down vulnerabilities and worked with a colleague to create eEye back in 1998. I´ve always been its chief hacking officer, and earlier this year, we added the more formal CTO title as well.
We´re really proud of our research team, which is pretty well known around the globe for our ability to discover some pretty critical vulnerabilities, such as Code Red and Sasser. We take all that knowledge and integrate it into our products, which cover vulnerability management and endpoint security for enterprises.
What do you see as the biggest security threats today?
The two biggest threats are zero-day attacks and client application vulnerabilities. In the case of zero-day attacks, we have seen a continued increase in vulnerabilities becoming public before a patch has been released by the affected software vendors.
This creates an interesting dynamic in that companies are being left vulnerable to attacks that affect most of their desktops and without any patch from the vendor, companies can only hope they are not targeted by attacks. Also, most of the new vulnerabilities being discovered today affect desktop applications and this compounds the need for improved security on each endpoint. Vulnerabilities within client applications create gateways into the internal parts of most corporate networks where successful attacks can take place regardless of what perimeter defenses are in place. The average corporate desktop has little-to-no security except for anti-virus, which, as a technology, is not capable of stopping zero-day vulnerability and client application attacks. These are just a few of the drivers and factors coming into security today and why eEye has focused so much effort on our Blink host-based security product.
In your opinion, what is the biggest challenge in protecting endpoint clients?
How do you protect an endpoint client without creating a management nightmare for the businesses using such software? Most endpoint security solutions require massive amounts of tweaking and rule creating, learning mode systems and related. In 2-3 years, the Gartner´s of the world will declare most of today´s concepts of endpoint security to be “dead” just as they did with IDS. IDS was a system that started out as a great idea but companies quickly realized the cost to manage systems like these was not worth the return on investment. Most host-based security software falls into this same “management vs. ROI” predicament that IDS did. There are some solutions, such as Blink, that do not fall into this trap, but solutions such as McAfee, Cisco and related are not exempt. Compounded to make matters worst you have companies like McAfee and Cisco, which truly are poisoning the minds of the IT security world with ideas on host-based security that are not factual or well thought out.
Instead, they´re based around ulterior motives such as McAfee not losing their host based anti-virus business to a new breed of host-based security products, and Cisco (who makes its money off of routers and VoIP) pushing concepts such as NAC that offer no real security benefits except helping Cisco sell you more new versions of routers that support NAC capabilities. These large vendors are abusing their powers as market leaders, not thought leaders, and will take a lot of this industry down the wrong path if people do not start to make these realizations sooner than later.
Where do you see endpoint security in 5 years from now? What kind of evolution do you expect?
In five years, endpoint security will be heavily focused around the behavior of users and what they can and can´t do. As software vendors become better at securing their software, the focus of security will move away from application vulnerabilities and become more focused around user-based vulnerabilities. In reality, this will be a rebirth of a lot of the thinking of what drove anti-virus, to protect the human element, as always technology “reinventing” itself every 20 or so years. Although the technology needed to protect the human element of security will be very different than the anti-virus of today. I could tell you all about it, but typically we just disclose a 1-2 year roadmap at the most. 🙂 But let´s just say Blink customers can be assured that eEye has already thought about the progression, and as we´ve been a thought leader on so many other topics, we will continue to be so in the area of endpoint security.
What are eEye´s strengths in the security industry?
We are an honest company not afraid to talk about both the strengths and weaknesses within our products. We are a company focused on understanding vulnerabilities more than any other organization. We do not simply focus on this idea but we have delivered on technology and research for over 7 years that proves without a doubt that we are one of the most well-equipped and educated security companies in our industry that does not simply try to keep up with the bad guys but in most cases has already thought what the bad guys will be doing before they have done it.