Traditional client AV has been plagued with problems relating to performance, updates, and effectiveness. A new generation of endpoint protection is changing the game.
Antivirus software has not exactly been a favorite of either users or administrators for some time. Consumer PCs usually come with at least a trial of antivirus software but BYOD and a growing number of mobile endpoints has left IT in a pinch: How do you ensure that every employee’s phone, laptop, tablet, and/or desktop is adequately protected, especially when they aren’t sitting behind a firewall? More to the point, how do you install and update anti-malware software on heterogeneous clients, many of which are actually owned by end users?
For a while, the state of client antivirus became so bad that some administrators stopped bothering, relying exclusively on gateway and network-based protection. Even for desktop PCs that never leave the network, though, this hardly amounts to a best practice. If you keep your car parked in a secured garage, do you still lock the doors? Probably. Since those non-moving desktops are increasingly in the minority, this strategy makes even less sense.
Instead, as we’ve been saying (and as half the keynotes at RSA indicated last week), a comprehensive security strategy needs layers. And one of those layers should absolutely be endpoint protection. It’s worth noting the vernacular here. We’ve moved away from talking about “client antivirus” or “PC antimalware” and now refer to “endpoint protection”.
This shift is significant for several reasons. Most obviously, our definition of a client has changed dramatically. Organizations are looking for ways to protect mobile phones, tablets, hybrid devices, Windows PCs, and various Macs. Perhaps more importantly, though, is our need to look beyond mere antivirus and provide more robust threat prevention, detection, and mitigation technologies. Increasingly, we are also seeing successful integration of endpoint protection software with both cloud-based and on-premises hardware, allowing the client software to be leaner, easily managed, and far more responsive to emerging threat intelligence.
I’ll talk about Fortinet’s endpoint protection here because I use it regularly and it provides some good examples of the technology outlined above. Called FortiClient, It also happens to be a free download (the business version isn’t free but has a simple licensing scheme with new central management capabilities) with automatic, regular updates from Fortinet’s threat research division, FortiGuard. It includes complete anti-malware/antivirus, application firewall, web content filter and a VPN client, most of which are expected for endpoint protection.
Things get more interesting, though, when FortiClient is used as one of these layers we’ve been discussing. Fortinet just announced that FortiClient was being integrated with its Advanced Threat Protection Framework, meaning that endpoint protection could sit on the front lines, so to speak and seamlessly hand off potential threats to a FortiSandbox for analysis. It becomes a key component of the loop of threat intelligence from firewalls and endpoint protection to sandboxes and research teams and finally back to edges and endpoints with rapid updates.
This isn’t just about the Fortinet ecosystem, though (although, having seen it in action, I have to say we’ve come a long way from the big antivirus applications that rhyme with HackAfee). It’s about a much smarter, unified approach to security that takes trends like BYOD and mobility into account, while increasing the flow of threat intelligence between devices, appliances, researchers, and others. When endpoints have access to the very latest threat intelligence and powerful detection and mitigation tools (instead of just periodic updates), we’re ultimately far more able to protect our networks and data, regardless of where those endpoints go from day to day.