Regrettably, this situation still exists at many organizations. IT operations handles endpoint security, deploys endpoint security software in some minimal configuration, organizations get breached, and pundits declare AV as "dead."
This is a pathetic state of affairs, and it needs to change. CISOs must take ownership of endpoint security and designate a group of specialists who own endpoint security controls as part of an overall responsibility for incident prevention, detection, and response. This group should gain an understanding of endpoint security requirements and product capabilities and then create a plan to tailor endpoint security controls to mitigate risk on various types of endpoint devices.
In summary, we've treated endpoint security as a PC provisioning and IT operations task for too long. By doing so, we are assigning endpoint security to staffers with the wrong skills and we aren't using our endpoint security tools correctly. I suggest we fix this organizational issue before making radical changes to our endpoint security technology strategies or throwing existing endpoint security technologies under the proverbial bus.
Sign up for MIS Asia eNewsletters.