Blog

It’s a familiar refrain: organizations need to prevent malware. End users need to be productive. However, rather than being in alignment, these objectives can sometimes be mutually exclusive. And therein lays the epic struggle between organizations and end users for endpoint dominance; a struggle that has endured for decades, but has recently grown much more intense.

What has changed? It’s that the bad actors organizations face these days are no longer thrill-seeking script kiddies launching viruses to crash machines. Instead, they’re highly organized and well-funded criminal enterprises that are motivated by profit – like the multinational gang known as Carbanak, which since 2013 has stolen as much as $1 billion from up to 100 financial institutions around the world.

In Iight of this, some organizations have shifted into full-scale endpoint lockdown mode by blocking or severely limiting access to Internet-facing apps and features. They figured that it was the only way to avoid the costly consequences of a data breach. And while they knew the move would trigger plenty of frustration, they didn’t dream that end users would fight back by hacking their own employer — which is essentially what they’re doing.

And we aren’t talking about a small group of rogues here, either. A study by the public-private partnership MeriTalk found that 31% of end users circumvented endpoint security measures that they felt hindered efficiency and productivity. What’s more, it’s not as though end users had to learn how to do this by slinking into the dark alleys of the cyber underground under cover of an IP anonymizer. A simple Google search for “disable endpoint protection” leads to thousands of hits, including this popular post that has been around for years that boasts how easy this is to do. There are even helpful screenshots for non-techies!

So faced with this dilemma, what can organizations do to keep their network secure and their assets safe? First, let’s recap what they can’t do. They can’t have their IT staff lock down endpoints, because that’s perceived as “Big Brother” or “Draconian” and triggers circumvention. And they can’t trade IT security for end user productivity, because the consequences of a data breach are massive and scary.

Fortunately, there’s a solution that works for organizations and end users, and against the bad actors that are relentlessly trying to attack them both: BUFFERZONE.

BUFFERZONE creates a virtual container around Internet-facing applications on each endpoint. If malware makes it onto an end user’s computer (through drive-by-download, malvertising or other vector), it is trapped in the container and sealed off from files, the network, memory, registry, etc. As such, there is no way for the threat to transfer over to the organization’s network and lead to a full-scale breach.

Just as importantly, the virtual container is practically unnoticeable by end users, who continue using their preferred applications and tools as they always have, such as browsers, email, Skype and so on. Since there’s no invasive lockdown, there’s no incentive to circumvent. And if their computer is in fact exposed to malware, the user can continue working while IT wipes the container clean.

Now, with this being said, is BUFFERZONE going to unleash a golden era of peace, love and understanding between IT staff and end users? Not entirely; this struggle is ancient and epic.

However, it can do the next best thing, which is to give organizations the network security they need, and end users the productivity they need — instead of breaking bad.

Learn more about how BUFFERZONE works.