Securosis Guide: The Beginning of the End(point) for the Empire

This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series.

endpoint security

For as long as we can remember, computer devices have been “protected” by the Evil Empire of Endpoint Protection. This Empire is made up of many companies that all rely on the same technology, deploying their agents on every device to stop attacks by keeping a very large list of bad stuff and looking for that bad stuff every time the device takes an action.

This approach is pretty resource intensive, forcing the Empire to build an army of clones to keep pace with the exploding number of attacks. This plays right into their hands because one of the biggest members of the Empire makes most of their money by selling faster chips to the other planets every 18 months.  

Given how dissatisfied everyone is with the draconian way of the Empire, Resistance has emerged through the years. First it came in the form of the free people, offering up protection without cost. Of course, this seemed too good to be true and it was. It turns out these free people turned to the Dark Side and started charging to manage all of their “free” agents.

Taking no chances, the Empire stood up a phony compliance organization called the PCI Standards Council, which mandated the use of old, ineffective technology provided by the Empire. Yet, the status quo remains ineffective. Devices continue to be compromised and citizens feel slighted. Their Governments become very irritated when they have to write a check for “protection” to the Empire.

Now there is a New Hope on the horizon. It comes in the form of advanced threat agents, which promise to protect these devices against advanced attacks. This resistance positioned as a complimentary solution to the Empire. They didn’t want to displace the Empire, rather make it work a little better.

The Empire didn’t take the threat seriously, since they haven’t innovated in close to a decade. Rather choosing to milk each planet of its natural resources without providing additional value.

But at this year’s RSA Conference we expect it’ll be very apparent that the days of the Empire are numbered. You see, the Resistance is a lot closer to being ready for prime time. They have built tools to provide better protection for the same price. They have tools to migrate the planets away from the Empire and to the Resistance. They have the ability to forensically investigate attacks on the devices, and they can leverage the built-in capabilities of the operating systems to provide disk encryption.

And everyone hates the Empire, so the entire Galaxy wants the Resistance to prevail. And they will, but it may take a few more years to truly render the Empire lifeless since it wasn’t built in a day—and it won’t be dismantled in a day either.

Yet, there are factions within the Resistance that worry we are just replacing one Empire with another. That a handful of the Resistance factions will rise in power and provide protection of the First Order. They will build yet another capability to lock in the planets and those that don’t renew their contracts will have their stars killed. Will that be better for the citizens of the galaxy?

In the end, there is always an Empire and there is always innovative Resistance. The names change, but the cycles remain the same. Yet given the issues with the existing Empire, getting First Order protection will be a lot better. Until it’s not, and then the cycle will start over again. 

Which, of course, means more sequels.

— Mike Rothman

Check out the complete series: Introduction
Theme posts: Threat Intelligence & Bothan SpiesR2DevOpsEscape from Cloud CityThe Beginning of the End(point) for the EmpireTraining Security JediAttack of the (Analytics) Clones
Deep Dives: All Threats, All the Time...Data Security Deep DiveCloud Security Deep Dive


Posted on February 15, 2016

Securosis Team

by Securosis Team


USA 2016

← View more Blogs

This document was retrieved from on Sun, 23 Oct 2016 13:58:42 -0400.
© 2016 EMC Corporation. All rights reserved.