Measuring Security Shift: Where are You on Endpoints?

Cyber security pros conceptualize a linear continuum of protection strategy: The left portion of the line represents security measures that tend to be more preventive of cyber threats, and the right portion represents more reactive approaches. In the early days of cyber security, it was believed that any shift to the right was a concession to the adversary. More recently, however, shifts right are often viewed as showing justified respect for the adversary.

Whether to shift left or shift right tends to be controversial in the security community, and participants are biased. Companies selling tools that use early indicators to prevent attacks will suggest shifting left, whereas companies that provide detection and response will tend to suggest the other direction. In the end, it is likely that improvements in both directions are warranted, but it is instructive to use the continuum to analyze strategic options.

To that end, principals from TAG Cyber in conjunction with a group of capable cyber security experts from Bitdefender sketched a linear continuum. You can see the diagram we came up with at the top if this article. We then asked two dozen enterprise security experts the following questions about their endpoint security:

Question 1: Which point from 1 through 5 best represents your 2017 endpoint strategy? Question 2: Which point from 1 through 5 best represents your 2019 endpoint strategy? Question 3: Which point from 1 through 5 best represents your 2021 endpoint strategy?

To illustrate the type of responses we expected, an answer of 2, 3, 4 would be interpreted as a shift right in endpoint strategy over a five year period from 2017 to 2021. An answer of 4, 3, 2 would be interpreted as a decision to focus more on prevention via shift left. Answers that did not change such as 3, 3, 3 would be interpreted as a strategy that has not and does not require adjustment for any reason (or that cannot be adjusted for some reason).

To help responders answer our questions more accurately, we allowed them to use decimals between 1 and 5 to represent points on the line between two integers. All of the responses came back quickly (which implied that the topic is top-of-mind). Some answers came with explanatory narrative, but all came with a request of non-attribution. (Participating industries included ISPs, Non-Profits, Finance, Consulting, Pharmaceuticals, Tech, and Private Equity.)

The results of the survey thus included exactly one dozen responses of the form X, Y, Z – as outlined above. None of the responses included a score of 5 in any position. Two included a score of 1. The average of the X, Y, Z responses was this: 2.0. 2.6, 3.0 - which can be obviously interpreted as a gradual four-year shift to the right, presumably to achieve more meaningful balance between preventive and reactive security.

It's rare that a small survey would provide such a uniform trend, but this one certainly did. Every responder (except one) reported a shift to the right and all backed this up with enthusiastic explanations of rationale. And I guess this shift-right would seem to match up with one’s sensibility of the best strategies for addressing endpoint cyber risk over this 2017 to 2021 period: Cyber attacks are happening, so learn to respond!

As always, please share your own thoughts on these hopefully-useful results. If you would like, please share your personal X, Y, Z responses in the discussion forum below. Let’s see if your endpoint security strategy matches what we discovered in our survey. Maybe with a bigger sampling of responses, we will see some other trend. It will be interesting to see - and I look forward to hearing from you.