by_adr - Fotolia
BlackBerry Limited made changes to its unified endpoint security platform with the intention of bringing zero-trust security to device management.
The BlackBerry Spark enhancements, first announced at last week's RSA Conference in San Francisco, involve an improved unified endpoint security (UES) layer that will work in conjunction with unified endpoint management (UEM) products like its own to more fully protect a range of endpoints, among them desktops, mobile devices, servers and IoT devices.
The firm has emphasized the unified nature of BlackBerry Spark, which was released in 2018, noting its use of a single agent across multiple types of devices, a single console to manage those endpoints and artificial intelligence and machine learning to detect modern threats. Experts said this kind of approach seems to be a general trend in the market, and that BlackBerry would have to emphasize business cost savings to stand out.
"Historically, it was the desktop. In the last five to eight years, it was mobile," he said. "Now, we're starting to see the next wave of endpoints coming in, like smart speakers [or] people trying to get work done in their vehicles and [through] IoT devices."
Each device, Thompson noted, is another endpoint a business needs to secure. This, he said, has led to a security management jumble for IT -- several different security products, managed separately, running on devices that may or may not be owned by a company.
"We need a better way to think about doing security, not just from a technological standpoint but from an organizational standpoint," he said.
Security at the point of interaction
Thompson said BlackBerry Spark's zero-trust securitypresents a sensible way to handle the problem. As employees are authenticated continuouslyby checking user behavior against a profile of their typical actions while using these endpoints and applications, he said, the threat posed by such situations as someone picking up and using a misplaced device is minimized.
"Our philosophy is to bring security down to the point of interaction, the point where it really matters to protect your data," he said.
The ability to manage multiple kinds of devices through a single product, Thompson said, should prove a benefit to the IT professionals managing them.
"We've started to see security and IT not wanting to have multiple agents on the same device," he said. "It creates overhead -- overhead on the CPU or overhead from a management standpoint."
Nigel ThompsonVice president of product solutions marketing, BlackBerry
According to Thompson, having a single endpoint securityproduct can put a company on good footing to detect broad-based attacks. Thinking of security in a segmented way was missing the bigger picture; hackers, he said, do not have separate departments for different devices, and the malicious code used to attack a mobile device is also used to attack desktops as well, he said.
"If you want to do threat detection holistically, you want a single agent that is looking across all endpoints and is looking for the same threats," he said.
Part of a trend
Andrew Hewitt, an analyst at Forrester Research, said BlackBerry's recent announcement fits into a larger trend of UEM vendors adopting zero-trust security and continuous authentication.
"[BlackBerry] is focused on providing risk-based analytics that can look more at user behavior … than static device health conditions," he said.
UEM vendors, Hewitt said, have recognized that IT professionals who are managing devices need a single platformto deliver better threat detection and remediation capabilities.
Dion Hinchcliffe, vice president and principal analyst at Constellation Research, said a holistic and integrated view of potential threats will provide enterprises with a better command over their security -- and that such an approach will likely gain traction with companies. Yet it remains to be seen, he added, whether BlackBerry Spark will be a winner in the market.
"The issue is that most enterprises already have unified endpoint security and/or management solutions," he said. "BlackBerry would need to be able to switch out up to several endpoint products at once … if they want to fully deliver the cited benefits to a customer."