As CISO, I hear a lot of product pitches about next-generation endpoint security products. They generally begin with a dose of Fear, Uncertainty, and Doubt (FUD). “Threat groups are gunning for you,” they warn. “You can’t hope to stop them, so your best bet is to add yet another layer to your security perimeter. Our Endpoint Detection and Response (EDR) solution gives you the visibility you need to react quickly enough to minimize damage!”
Never mind that an entire network can be compromised by ransomware in a matter of seconds, or that the vendor’s EDR “solution” generates more noise than actionable threat intelligence. Don’t be concerned either that you’re buying into a big data approach that’s extremely costly, resource-intensive, and difficult to manage. I call this the video camera approach to cybersecurity, “You don’t need locks on your doors if you have video cameras recording what criminals are stealing from you.”
Why, you may ask, has this fatalistic approach gained so much traction in recent years? The answer is simple. It’s because legacy security companies don’t have good locks to sell. They can’t prevent security breaches, they can only tell you that you’ve had one. So, they do the next best thing and sell video cameras.
About seven years ago, we realized that Fairfax County government needed better locks on our endpoints. We were spending way too much time cleaning and reimaging employee systems. I knew it was only a matter of time before our signature-based antivirus (AV) failed us entirely, so we began looking for a more capable solution.
We evaluated and stress-tested all the usual suspects. We found that most popular endpoint protection companies did a decent job of responding to a malware infection after it had already compromised one of our test systems. But only BlackBerry® Protect prevented the malware from detonating. The artificial intelligence-based technology was amazingly effective at detecting and thwarting all kinds of attacks.
We also discovered that the other products were dependent on the cloud and massive data collection to work properly. BlackBerry Protect didn’t need a cloud connection or even an Internet connection to function, collected only pertinent data, and was much easier to manage. After considering our options, we went with BlackBerry Protect.
The results speak for themselves. Since deploying BlackBerry Protect seven years ago, we’ve been fortunate to experience very few security incidents caused by malware, ransomware, and zero-day exploits. BlackBerry Protect secures our endpoints, frees up resources, and provides us with peace of mind. No other vendor can claim to do what BlackBerry Protect does.
My point is we shouldn’t give up on locks as our first line of defense. Sure, we also need video cameras for retroactive threat hunting and for attacks that avoid endpoints entirely or penetrate defenses with novel methods. HAFNIUM and SolarWinds are recent examples. But we shouldn’t abandon a prevention-first approach to security because vendors say we should. We know from personal experience that a prevention-first approach is both proven and practical. Thanks to our partnership with BlackBerry, I’m confident in our continued ability to protect our IT infrastructure and maintain the public trust.