what to think about when utilizing endpoint securities - 1327084272_537

E-Guide

What to think about when utilizing

endpoint securities

When it comes to selecting the proper endpoint security, a few

considerations need to be met before the final decision is made.

Majority of the time, the basics of security are overlooked due to the

constant flood of new tools. Companies need to remember that the

basics are what initially and firstly secured their networks. In order to

set the proper and correct set of priorities, read this expert E-Guide

and discover how to choose, keep, or upgrade your endpoint security

system.

Sponsored By:

SearchSecurity.com E-Guide

What to think about when utilizing endpoint securities

Sponsored By: Page 2 of 8

E-Guide

What to think about when utilizing

endpoint securities

Table of Contents

Think about performance, data protection when choosing endpoint security

suites

Three ways to prioritize endpoint security over perimeter defenses




Think about performance, data protection when choosing endpoint security suites

By Neil Roiter

Antimalware protection is no longer just about signature-based antivirus and antispyware. It

has evolved into the use of complex endpoint security suites with multiple malware

detection techniques and features, such as host-based intrusion prevention (HIPS) and full-

disk encryption.

This two-part tip will cover some of the key points you should consider in choosing, keeping

or upgrading your endpoint security software before your next subscription renewal. The

second part will focus on centralized management of endpoint security suites and

negotiations with vendors.

Performance Distinguishes Endpoint Security Suites

The shift to Web-based malware and the explosive growth in the sheer number of threats

has forced security vendors to move away from reliance on signature-based detection and

bundle in various forms of behavior-based and anomaly detection, HIPS and

whitelisting/application control.

"You should only buy what you need, however, malware is getting pretty nasty," said Ed

Skoudis, co-founder and senior security consultant with InGuardians Inc. "These packages

are pretty all-inclusive, and it doesn't cost vendors any more to put these capabilities into

the software."

Testing these complimentary technologies against various strains of malware and attack

techniques is very complex. It's tough to tell which vendors, if any, do a measurably better

job; the truth is they all miss more than they care to admit.

"Generally speaking, the market is commoditized," said Natalie Lambert, senior research

analyst at Forrester Research Inc. "In my opinion, in terms of detection, if you're looking at

individual technologies, is there a need to switch out? No."




Performance is another matter. You can and should test the client software's speed and how

it impacts performance on fully loaded company laptops and desktops. Run the products on

standard company PCs with all your applications.

"You really should evaluate performance, because users will notice the change and

complain," Skoudis said. "They will call the help desk, and you don't want that."

Endpoint Data Protection Considerations

Midmarket firms have to deal with many of the same security and compliance issues as

large companies do. That means you have to be concerned with the data on your laptops

and DVDs, USB drives and MP3 players, and perhaps guest access controls and hygiene

checks on devices coming onto the company network.

Not long ago, desktop protection was pretty straightforward: primarily signature-based

antivirus and antispyware and, probably, a personal firewall. Your business' requirements

have changed, and endpoint security suites are complex products designed to meet those

requirements. Here is more you need to consider:

Full-disk encryption. This is rapidly becoming must-have security for midmarket

companies that are concerned about data breaches and, in particular, state breach

notification laws, PCI DSS and other regulations.

Device control. Some companies have gone to the extreme of disabling USB ports, but

device control allows them to take a more flexible approach. This can range from prohibiting

all use of removable storage to policy-based controls that require use of corporate USB

drives, encrypting copied data, content-based controls over what can be copied, etc.

Application control. This is some form of whitelisting, a valuable approach that can

prevent malware from running on company PCs by limiting the number of authorized

applications. This can get messy in complex environments with many different desktop

images. Application control may also include blacklisting to enforce restrictions on IM, P2P,

Skype, etc. Whitelisting can be particularly effective if you run only a handful of apps.




DLP. Endpoint data loss prevention provides insight into what users are copying to their PCs

and what they are doing with it, but everything you add has an impact on performance, and

if it adds cost, consider passing on it, at least until you are prepared to deploy it as part of a

larger DLP project. "DLP [in an endpoint security suite] is using a sledgehammer to crack a

nut," said Lambert.




Three ways to prioritize endpoint security over perimeter defenses

By Joel Snyder

In the security business, we spend a lot of time looking at tactical perimeter defense tools

to help secure networks. But sometimes, we get so caught up in these tools that we forget

some basics of security; we can't see the forest for the trees.

Remember that perimeter defenses are only there for one reason: to protect devices that

are poorly protected. In other words, if a system, device, application or service wasn't

vulnerable to attack, then there would be no need for a firewall, much less an IPS or other

tool.

Many times we let the presence of perimeter defenses distract us from a fundamental

requirement: The systems should be secure all on their own, without any additional edge

devices. We can get sloppy because we know there's a firewall, and therefore we practice

poor security within our corporate networks. Midmarket businesses, with small IT budgets

and "Jack-of-All-Trades" technical staff, have an even more difficult problem with security

because there's never enough time to sit down and really study the problem -- only enough

time to run to the next fire that needs extinguishing.

First and foremost, the most important part of security is keeping the desktop (and the

servers, of course) secure. That's a difficult job, and lots of IT staff members have thrown

up their hands in frustration -- relying on secondary defenses, such as perimeter firewalls,

for protection. But that's not a good approach. Even if it seems a nearly impossible task,

you have to concentrate on endpoint security management to have a truly solid security

foundation.

Here are some tips that will help you refocus your efforts on the weakest point in network

security: the endpoint.

1. It's not enough to install a desktop security package on every system; you have to

take the extra time and effort to also put in an enterprise console. Why? Without

that overarching management tool you won't be able to control the desktop tools,




and more importantly, you won't have any idea which systems are compliant with

your security policy. All of the major players in desktop security offer a centralized

management console, and these consoles are often free when you go for the

professional or commercial version of the tool. Yes, handling desktop security this

way is going to be more expensive than caving into the crapware subscription

demands of the preloaded software that came on your laptops and desktops. But

you'll have a consistent view, consistent software, and a way of managing desktop

security. Together, these three will help close the biggest hole in your network -- and

help you keep it closed.

2. Group Policy Objects (GPOs): A strange name for a simple idea, but one you should

be using. GPOs are the building blocks of Group Policies; a feature built into Windows

Active Directory domains. With GPOs, you can manage many aspects of security

across all systems in your network from a single place. Make a change to a GPO, for

example, to change the IP addresses of your DNS servers. Apply the GPO to your

entire Windows domain, and you've changed the DNS servers on 100,1000 or even

more computers without touching any of them. There are nearly 1,700 GPO settings

you can adjust. The key benefit here is the ability to standardize configuration on

every system joined to the domain, which lets you roll out security and other

changes with a minimum of fuss. There are plentiful resources, both from Microsoft

and other sources, on how you can use this free feature to simplify your desktop

configurations and reduce the amount of time you spend on non-productive tasks

like reconfiguring desktop systems. Use GPOs -- you'll be glad you did.

3. Don't forget why they call them "viruses." You get them by having contact with

someone who's infected. Yes, the Internet threat is a significant one, but you also

need to worry about the virus that waltzes in your front door attached to the laptop,

MP3 player or USB thumb drive of your own employees. Employ the approach

popularized by Soviet Russia during the Cold War by creating a buffer zone around

your own network you can exert control over. You may think your budgets are tight

and your staff is overworked, but a little bit of free antivirus software and a touch of

technical support for the laptops and home computers of your own staff can go a

long way towards keeping malware out of your building. You don't want to be the IT




support for everyone's home computer, but helping people -- and their families,

sometimes -- practice "safe computing" will pay off with fewer problems and less

self-inflicted damage. Combine training, some technical support, antimalware

software guidance, and a tiny bit of lecture on being responsible, and you'll have a

low-risk and high-value way to keep those desktops more secure. You might even

help IT get a better reputation in the organization!

About the Author: Joel Snyder is a senior partner at Opus One, an IT consulting firm

specializing in security and messaging.

Table of ContentsThink about performance, data protection when choosing endpoint security suitesPerformance Distinguishes Endpoint Security SuitesEndpoint Data Protection Considerations

Three ways to prioritize endpoint security over perimeter defensesResources from SymantecAbout Symantec

what to think about when utilizing endpoint securities - 1327084272_537

Documents