A Sense of Security Blog

So much focus on the endpoint at RSA Conference US 2017 means more breaches to come

Authored by Reggie Best, CPO (January 27, 2017 – Somerset, NJ)

Our team just returned from RSA Conference in San Francisco. Every year we see vendors converge on similar security themes and buzzwords whether it be “Mobility”, “Cloud”, “Intelligence” or “Visibility”. Like last year, this year many of the booth signs, sessions and pitches are focused on “endpoints”.  This can be a focus on EDR, HVM and the hottest of them all, IoT.  Whether it’s vulnerability assessment, behavior assessment, user assessment or even end-end encryption, everyone is pitching with a focus on endpoints. And even as security offerings are concerned with “visibility”, it is often visibility of the endpoint that they have in mind – think NAC offerings like Forescout in those terms. Though, I will say there are plenty of other vendors and categories of security companies that also focus exclusively on "network connected" endpoints.


The fundamental problem with this myopic approach is that true “visibility” needs to apply to the network too – the infrastructure elements, the topology, the dynamic edge, the routed domain and control plane (BGP, OSPF, DNS, etc.), and segmentation. Worse than that, the number of vendors that claim “network visibility” or even “network discovery” are still just talking about endpoints connected to a network.  As the network is becoming increasingly “soft” and is effectively an application being run in software, virtually on private/public cloud infrastructure the risk to an organization in focusing on endpoints based on questionable vendor claims is creating opportunities that malicious attackers are exploiting and preventing security teams from detecting threats much sooner before a breach is successful.  The visibility of the endpoint is necessary, but no longer sufficient for understanding the holistic threat surface.

At Lumeta, we have firmly established our flagship product, Lumeta Spectre, as truly providing visibility into networks that even extend into the cloud and connected endpoints. Our ability to discover rogue and shadow networks and endpoints, including VMs even in the darkest corners of an organization's infrastructure is the first piece of the puzzle that sets us apart from the myriad of companies with lots of promises in preventing breaches. When we take that unique level of visibility and combine that with threat intelligence we achieve a new level of what we call Cyber Situational Awareness to help security and network teams identify potential malicious or harmful activity on the network and have the context and intelligence to detect and stop threats before a breach.


To learn more check out Lumeta Spectre and see how we can help you eliminate all the blind spots in your network that exist today and help you secure your networks AND endpoints effectively.