what to think about when utilizing endpoint securities - 1327084272_537
DESCRIPTION
securityTRANSCRIPT
-
E-Guide
What to think about when utilizing
endpoint securities
When it comes to selecting the proper endpoint security, a few
considerations need to be met before the final decision is made.
Majority of the time, the basics of security are overlooked due to the
constant flood of new tools. Companies need to remember that the
basics are what initially and firstly secured their networks. In order to
set the proper and correct set of priorities, read this expert E-Guide
and discover how to choose, keep, or upgrade your endpoint security
system.
Sponsored By:
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 2 of 8
E-Guide
What to think about when utilizing
endpoint securities
Table of Contents
Think about performance, data protection when choosing endpoint security
suites
Three ways to prioritize endpoint security over perimeter defenses
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 3 of 8
Think about performance, data protection when choosing endpoint security suites
By Neil Roiter
Antimalware protection is no longer just about signature-based antivirus and antispyware. It
has evolved into the use of complex endpoint security suites with multiple malware
detection techniques and features, such as host-based intrusion prevention (HIPS) and full-
disk encryption.
This two-part tip will cover some of the key points you should consider in choosing, keeping
or upgrading your endpoint security software before your next subscription renewal. The
second part will focus on centralized management of endpoint security suites and
negotiations with vendors.
Performance Distinguishes Endpoint Security Suites
The shift to Web-based malware and the explosive growth in the sheer number of threats
has forced security vendors to move away from reliance on signature-based detection and
bundle in various forms of behavior-based and anomaly detection, HIPS and
whitelisting/application control.
"You should only buy what you need, however, malware is getting pretty nasty," said Ed
Skoudis, co-founder and senior security consultant with InGuardians Inc. "These packages
are pretty all-inclusive, and it doesn't cost vendors any more to put these capabilities into
the software."
Testing these complimentary technologies against various strains of malware and attack
techniques is very complex. It's tough to tell which vendors, if any, do a measurably better
job; the truth is they all miss more than they care to admit.
"Generally speaking, the market is commoditized," said Natalie Lambert, senior research
analyst at Forrester Research Inc. "In my opinion, in terms of detection, if you're looking at
individual technologies, is there a need to switch out? No."
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 4 of 8
Performance is another matter. You can and should test the client software's speed and how
it impacts performance on fully loaded company laptops and desktops. Run the products on
standard company PCs with all your applications.
"You really should evaluate performance, because users will notice the change and
complain," Skoudis said. "They will call the help desk, and you don't want that."
Endpoint Data Protection Considerations
Midmarket firms have to deal with many of the same security and compliance issues as
large companies do. That means you have to be concerned with the data on your laptops
and DVDs, USB drives and MP3 players, and perhaps guest access controls and hygiene
checks on devices coming onto the company network.
Not long ago, desktop protection was pretty straightforward: primarily signature-based
antivirus and antispyware and, probably, a personal firewall. Your business' requirements
have changed, and endpoint security suites are complex products designed to meet those
requirements. Here is more you need to consider:
Full-disk encryption. This is rapidly becoming must-have security for midmarket
companies that are concerned about data breaches and, in particular, state breach
notification laws, PCI DSS and other regulations.
Device control. Some companies have gone to the extreme of disabling USB ports, but
device control allows them to take a more flexible approach. This can range from prohibiting
all use of removable storage to policy-based controls that require use of corporate USB
drives, encrypting copied data, content-based controls over what can be copied, etc.
Application control. This is some form of whitelisting, a valuable approach that can
prevent malware from running on company PCs by limiting the number of authorized
applications. This can get messy in complex environments with many different desktop
images. Application control may also include blacklisting to enforce restrictions on IM, P2P,
Skype, etc. Whitelisting can be particularly effective if you run only a handful of apps.
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 5 of 8
DLP. Endpoint data loss prevention provides insight into what users are copying to their PCs
and what they are doing with it, but everything you add has an impact on performance, and
if it adds cost, consider passing on it, at least until you are prepared to deploy it as part of a
larger DLP project. "DLP [in an endpoint security suite] is using a sledgehammer to crack a
nut," said Lambert.
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 6 of 8
Three ways to prioritize endpoint security over perimeter defenses
By Joel Snyder
In the security business, we spend a lot of time looking at tactical perimeter defense tools
to help secure networks. But sometimes, we get so caught up in these tools that we forget
some basics of security; we can't see the forest for the trees.
Remember that perimeter defenses are only there for one reason: to protect devices that
are poorly protected. In other words, if a system, device, application or service wasn't
vulnerable to attack, then there would be no need for a firewall, much less an IPS or other
tool.
Many times we let the presence of perimeter defenses distract us from a fundamental
requirement: The systems should be secure all on their own, without any additional edge
devices. We can get sloppy because we know there's a firewall, and therefore we practice
poor security within our corporate networks. Midmarket businesses, with small IT budgets
and "Jack-of-All-Trades" technical staff, have an even more difficult problem with security
because there's never enough time to sit down and really study the problem -- only enough
time to run to the next fire that needs extinguishing.
First and foremost, the most important part of security is keeping the desktop (and the
servers, of course) secure. That's a difficult job, and lots of IT staff members have thrown
up their hands in frustration -- relying on secondary defenses, such as perimeter firewalls,
for protection. But that's not a good approach. Even if it seems a nearly impossible task,
you have to concentrate on endpoint security management to have a truly solid security
foundation.
Here are some tips that will help you refocus your efforts on the weakest point in network
security: the endpoint.
1. It's not enough to install a desktop security package on every system; you have to
take the extra time and effort to also put in an enterprise console. Why? Without
that overarching management tool you won't be able to control the desktop tools,
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 7 of 8
and more importantly, you won't have any idea which systems are compliant with
your security policy. All of the major players in desktop security offer a centralized
management console, and these consoles are often free when you go for the
professional or commercial version of the tool. Yes, handling desktop security this
way is going to be more expensive than caving into the crapware subscription
demands of the preloaded software that came on your laptops and desktops. But
you'll have a consistent view, consistent software, and a way of managing desktop
security. Together, these three will help close the biggest hole in your network -- and
help you keep it closed.
2. Group Policy Objects (GPOs): A strange name for a simple idea, but one you should
be using. GPOs are the building blocks of Group Policies; a feature built into Windows
Active Directory domains. With GPOs, you can manage many aspects of security
across all systems in your network from a single place. Make a change to a GPO, for
example, to change the IP addresses of your DNS servers. Apply the GPO to your
entire Windows domain, and you've changed the DNS servers on 100,1000 or even
more computers without touching any of them. There are nearly 1,700 GPO settings
you can adjust. The key benefit here is the ability to standardize configuration on
every system joined to the domain, which lets you roll out security and other
changes with a minimum of fuss. There are plentiful resources, both from Microsoft
and other sources, on how you can use this free feature to simplify your desktop
configurations and reduce the amount of time you spend on non-productive tasks
like reconfiguring desktop systems. Use GPOs -- you'll be glad you did.
3. Don't forget why they call them "viruses." You get them by having contact with
someone who's infected. Yes, the Internet threat is a significant one, but you also
need to worry about the virus that waltzes in your front door attached to the laptop,
MP3 player or USB thumb drive of your own employees. Employ the approach
popularized by Soviet Russia during the Cold War by creating a buffer zone around
your own network you can exert control over. You may think your budgets are tight
and your staff is overworked, but a little bit of free antivirus software and a touch of
technical support for the laptops and home computers of your own staff can go a
long way towards keeping malware out of your building. You don't want to be the IT
-
SearchSecurity.com E-Guide
What to think about when utilizing endpoint securities
Sponsored By: Page 8 of 8
support for everyone's home computer, but helping people -- and their families,
sometimes -- practice "safe computing" will pay off with fewer problems and less
self-inflicted damage. Combine training, some technical support, antimalware
software guidance, and a tiny bit of lecture on being responsible, and you'll have a
low-risk and high-value way to keep those desktops more secure. You might even
help IT get a better reputation in the organization!
About the Author: Joel Snyder is a senior partner at Opus One, an IT consulting firm
specializing in security and messaging.
Table of ContentsThink about performance, data protection when choosing endpoint security suitesPerformance Distinguishes Endpoint Security SuitesEndpoint Data Protection Considerations
Three ways to prioritize endpoint security over perimeter defensesResources from SymantecAbout Symantec