Securosis Guide: The Beginning of the End(point) for the Empire

Posted on by Securosis Team

This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series.

For as long as we can remember, computer devices have been “protected” by the Evil Empire of Endpoint Protection. This Empire is made up of many companies that all rely on the same technology, deploying their agents on every device to stop attacks by keeping a very large list of bad stuff and looking for that bad stuff every time the device takes an action.

This approach is pretty resource intensive, forcing the Empire to build an army of clones to keep pace with the exploding number of attacks. This plays right into their hands because one of the biggest members of the Empire makes most of their money by selling faster chips to the other planets every 18 months.  

Given how dissatisfied everyone is with the draconian way of the Empire, Resistance has emerged through the years. First it came in the form of the free people, offering up protection without cost. Of course, this seemed too good to be true and it was. It turns out these free people turned to the Dark Side and started charging to manage all of their “free” agents.

Taking no chances, the Empire stood up a phony compliance organization called the PCI Standards Council, which mandated the use of old, ineffective technology provided by the Empire. Yet, the status quo remains ineffective. Devices continue to be compromised and citizens feel slighted. Their Governments become very irritated when they have to write a check for “protection” to the Empire.

Now there is a New Hope on the horizon. It comes in the form of advanced threat agents, which promise to protect these devices against advanced attacks. This resistance positioned as a complimentary solution to the Empire. They didn’t want to displace the Empire, rather make it work a little better.

The Empire didn’t take the threat seriously, since they haven’t innovated in close to a decade. Rather choosing to milk each planet of its natural resources without providing additional value.

But at this year’s RSA Conference we expect it’ll be very apparent that the days of the Empire are numbered. You see, the Resistance is a lot closer to being ready for prime time. They have built tools to provide better protection for the same price. They have tools to migrate the planets away from the Empire and to the Resistance. They have the ability to forensically investigate attacks on the devices, and they can leverage the built-in capabilities of the operating systems to provide disk encryption.

And everyone hates the Empire, so the entire Galaxy wants the Resistance to prevail. And they will, but it may take a few more years to truly render the Empire lifeless since it wasn’t built in a day—and it won’t be dismantled in a day either.

Yet, there are factions within the Resistance that worry we are just replacing one Empire with another. That a handful of the Resistance factions will rise in power and provide protection of the First Order. They will build yet another capability to lock in the planets and those that don’t renew their contracts will have their stars killed. Will that be better for the citizens of the galaxy?

In the end, there is always an Empire and there is always innovative Resistance. The names change, but the cycles remain the same. Yet given the issues with the existing Empire, getting First Order protection will be a lot better. Until it’s not, and then the cycle will start over again. 

Which, of course, means more sequels.

— Mike Rothman

Check out the complete series: Introduction
Theme posts: Threat Intelligence & Bothan Spies, R2DevOps, Escape from Cloud City, The Beginning of the End(point) for the Empire, Training Security Jedi, Attack of the (Analytics) Clones
Deep Dives: All Threats, All the Time..., Data Security Deep Dive, Cloud Security Deep Dive


Securosis Team

, Securosis

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs