One of the smartest security guys I ever knew once said “It’s about the endpoint stupid.” Now that part about stupid was rhetorical, not directed at me. I think. But what he meant was that the most important things to protect were the endpoints. Not that other parts shouldn’t be protected, but that the endpoints were the critical pieces. And recent facts have backed him up. Look at the latest ISTR numbers. In 2009 four out of the top five targeted vulnerabilities were client-side vulnerabilities. The largest cause of breaches in 2009 were lost or stolen endpoints (laptops in this case). And even when information was stolen via hacking, the hacker was targeting the endpoints. It’s much easier to get inside an organization by planting malware on a client system, then to attack a well guarded server or break through a firewall. And if the Hydraq attacks taught us anything it’s that a targeted attack using a combination of social engineering and malware can easily fool an end-user. Then the endpoint becomes a stepping stone for the hacker to compromise an organization and steal intelliucal property. So it’s about the endpoint stupid. But remember I said this guy was one of the smartest security guys I know. He wasn’t suggesting that security only be placed on the endpoint. He knew that the endpoints needed to be protected at multiple tiers in an organization. The gateway needs protection. Mail servers need protection. Stopping threats before they reach the endpoint protects the endpoint. Layered security works. What always worries me is that some organizations think they can go without protection at every tier. It’s called going skinny. And just like for a supermodel, going skinny can be unhealthy. The good news is that the Enterprise product guys have managed to knock out all the objections I’ve ever heard about running multi-tier protection. The Symantec Protection Suites put everything together for you, providing a simple, affordable way to fatten up your protection at all the critical tiers. It won’t make you look like a supermodel. But trust me, your health is more important.
I agree that the endpoints is where majority of the exploits starts. I think it's the most logical approach for someone who wants to get into the system. It's one of the hardest to control due to its nature of having too many variables such as varying security requirements like having an admin account, a power user, a regular user and guest account. And that there is more emphasis on the servers, and I guess this is management's way of protecting their assests sorted by price value per piece or just because put a server down and no one can use it, whereas if one workstation goes down, it's business as usual less one frustrated employee.