A posting from Dark Reading in there Endpoint Security section:
Even though many of the most troublesome and advanced threats hitting enterprise networks originate from the endpoint, most organizations today aren’t investing in the same kind of visibility and control over these devices as they spend on network-based controls. This disparity is leaving organizations with a huge blind spot where they need it most, experts say.
“We’ve seen this advancement in techniques for network-based detection, but we haven’t seen quite that much advancement on the endpoint,” says Scott Crawford, research director for Enterprise Management Associates. “And, yet, if you look at what the target is in most of these cases, the strategic target may be the users’ privileges to sensitive data, so the tactical objective in a lot of cases is the endpoint. You’re going to focus on compromising endpoint functionality to gain visibility into the users’ activities and get access to their credentials.”
According to Crawford, enterprises are missing this to a large degree, with most organizations maintaining a huge dependence on legacy techniques, such as antivirus. Part of it is the scale and distribution of endpoints — it is much more difficult to deploy technology that will give centralized views of what’s happening across the endpoint infrastructure, compared to network visibility. But if organizations don’t try, they’re going to miss a lot of the threat detection picture.
To read more click here: