Is End User Security an Oxymoron?
On Behalf of Dell
Introduction
Reading the headlines in even the mainstream press these days is enough to give IT managers nightmares. Story after story on security breaches at organizations of all shapes and sizes have, unfortunately, become commonplace, and the extent of their impact continues to grow.
The highly toxic digital environment driven by spear phishing attacks, zero-day malware, and other security-driven concerns is the new reality for today’s IT managers, particularly those responsible for securing endpoint devices, such as PCs, tablets and smartphones. Plus, looking forward, it’s likely to get worse before it gets better.
In light of these nearly overwhelming concerns, it’s sometimes easy to lose sight that strong efforts are being made to fight against the digital bad guys. In fact, there are some encouraging signs of progress and technological development to report. But first, it’s time to dig a bit deeper into today’s harsh realities.

Real-World Issues
While there are no hard facts on the exact percentage, it’s widely recognized that an extremely large portion of these security issues start on employee endpoint devices. Getting tricked into clicking on an infected attachment or inadvertently visiting a rogue website and instantly triggering digital mayhem is an all-too-common story these days. Even the most well-intentioned (and often even well-trained) employees are getting fooled into enabling these attacks because of the increasing sophistication of the attackers.
This is particularly true now that the lure of large financial rewards for hacking into big companies is dangling enticingly in front of well-organized hackers. Ransomware, in particular, is becoming an increasingly common threat. This insidious type of malware demands payment from affected parties before it can be removed and its usage by nefarious individuals and organizations is skyrocketing.
Recognizing these challenges, many organizations are working to blunt the threat through a number of different methods. First, of course, is the installation and usage of a variety of anti-malware applications. While these can certainly help in certain situations, most can’t keep up with the full range of threats that most companies now face. Some tools are better than others, however, and new approaches, such as the machine-learning and AI techniques being used in Cylance’s technology — which is bundled as part of Dell’s Endpoint Security Suite Enterprise solution — are even finding success in blocking unexpected attacks. In fact, only Cylance and BitDefender were able to stop the recent WannaCry ransomware attack.
Second, many companies offer training courses designed to help make their employees more aware of the threats that exist, as well as offer advice and best practices on how to try and avoid them. Again, while these are certainly helpful, they can’t foresee or train for the rapidly evolving range of cyber attacks that continue to appear.
An even bigger problem is that despite the use of these tools and the various types of training, employees are actually putting their organizations into even more danger because of a simple, yet critically important fact of human nature: people don’t like to wait. This is particularly true for things they don’t feel are that important. Unfortunately, many of the malware solutions and best practice techniques add time and hassles to processes that people don’t want to spend their time on and, as a result, they proactively look for ways to get around them.
So, ironically, the best laid plans can often lead to the worst possible outcomes.
IT Solutions
In order to address these issues, it’s clear that IT needs to find solutions that can both effectively shield their organizations from the threat of cyber attacks, while at the same time avoid triggering the avoidance techniques that employees have shown that they will pursue. Some of this can come via smarter firewalls and other network-based traffic inspection tools that are essentially “unseen” by end users.
Another key element can be based on geolocation of the devices. If companies start to see traffic from unexpected locations, they can block it from entering their network. This has been true with mobile devices for a while thanks to embedded GPS radios, and now PCs are starting to capture more accurate information on their location as well.
Of course, it’s also important to remember that a large number of security threats occur from the inside — either via intentional efforts from malcontent employees or, more often than not, inadvertent actions taken via naivete. The truth is, in many situations, employees need to be protected from themselves and IT has to account for this as they deploy new security solutions.
What’s critical is to ensure that the security-focused tools and practices they deploy can’t be seen as negatively impacting workers’ productivity or they will be actively avoided by employees. If at all possible, in fact, IT should use tools or create practices that encourage their use by making employees feel more productive.
The Power of Encryption
A key element in all of these discussions around endpoint security involves the data. While most of the attention around security tends to focus on rogue applications or websites, data is by far the most important element in any kind of digital security effort. The guarding and protecting of that data, while it is at rest and while in motion, is key to creating a successful solution upon which companies can depend.
One of the best ways to ensure the safety of the data is through encryption. By leveraging strong encryption tools now available from things like Microsoft’s own BitLocker as well as other alternatives, companies can go a long way towards preventing the loss of critical or sensitive data to outside parties, even if their networks are breached.
In the past, many organizations have avoided using encryption, or had little success getting employees to use it, however, because of the negative performance impact it had on many common operations. In addition, managing encryption keys was a hassle with earlier generation tools.
Now, though, between the performance of today’s CPUs, the improved efficiency of encryption algorithms, and the wider range of higher-quality and easier management tools, deploying encryption across an enterprise is very doable. Dell’s Data Guardian suite provides strong encryption tools for Office documents and allows them to be tracked and monitored to ensure their safe use.
Conclusion
Securing endpoints in today’s enterprise environments is not an easy task and, as many have pointed out, there is no completely foolproof solution. Nevertheless, there are a number of tools now available that can help prevent the vast majority of security breaches in a very straightforward manner. Unfortunately, too many organizations aren’t even following basic best practice security principles and, as a result, are leaving themselves vulnerable to what could prove to be very costly (and very embarrassing) attacks.
By applying a multi-layered solution that can monitor network traffic, catch and stop even zero-day malware, and encrypt data — all of which can be achieved by Dell’s Endpoint Security and Data Guardian offerings — companies can feel confident that they are well protected in the ongoing battles of the digital domain.

