|
Assessing Endpoint Security Options
By Mitchell Ashley
There are three primary considerations when assessing endpoint security options
1) Are you seeking protection for just corporate assets or do you also need protection from endpoints not under the control of your organization (i.e., foreign endpoints)?
2) Are you willing to take on the burden of installing or downloading agents on each endpoint, or do you need an agent-less solution?
3) Do you only want to enforce endpoint requirements for software patches and anti-virus, or do you want to enforce a more comprehensive set of security requirements?
Many organizations need the flexibility to create security requirements beyond those that come out-of-the-box with most solutions.
Many organizations have experienced the pain of combating worms and trojans such as Download.Ject, JS.Scob.Trojan, Sober and MyDoom that enter the network from behind the firewall. These attacks are introduced through non-secure endpoint devices. Corporate-owned laptops and PCs are not the only conduit for such attacks; they frequently spread via the foreign endpoints belonging to visitors, contractors, partners and work-at-home employees. In fact, foreign endpoints pose a greater risk than corporate-owned machines because their security is unknown and likely to be inadequate or non-existent.
While most IT shops tend to focus on corporate-owned endpoints, both foreign endpoints and corporate-owned devices must be addressed as part of any enterprise endpoint solution. Although a number of solutions are available for securing internal endpoints, there are only a limited number of solutions on the market that focus on solving the foreign endpoint security problem.
Almost all of these solutions require the installation of an agent (similar to a personal firewall or VPN client) or are limited to SSL web-page-based applications. It’s not realistic, though, to assume you’ll have the resources or the level of control needed to install a client on every foreign device. Also, most organizations would prefer not taking on the administrative burden of doing so.
A recent development is agent-less, also called client-less, solutions that do not require the download or installation of any software on the endpoint device. Agent-less solutions offer significant advantages over agent-based solutions. Since no software runs on the endpoint, agent-less solutions do not suffer the deployment problems or the increased administration that arise when software has to be installed and supported on each device.
Software compatibility issues, upgrade deployment and support issues, and increased helpdesk calls are all avoided. Clearly, the agent-less approach offers a compelling solution for foreign endpoints as well.
To truly ensure that endpoints are secure, the selected solution should meet the following three requirements:
1) Deliver a full suite of testing capabilities. Most endpoint security solutions check endpoints for the latest software patches and for the presence of up-to-date anti-virus signatures, but much more is required to truly ensure endpoints are secure. A comprehensive set of tests should include checks for personal firewall, peer-to-peer software, Windows update settings, web browser and application security settings, services, registry settings as well as required and restricted software.
2) Verify that harmful software does not reside on the device. Endpoint security solutions should proactively check endpoint devices to determine if they have been compromised by any worms, trojans or Spyware, which ultimately is what endpoint security is all about.
3) Provide the ability to create custom tests. More advanced solutions have the capability to add user-created sets of endpoint tests, allowing you to check for requirements that may be unique to your organization.
In next month’s Cyber Insider, we will explore enterprise vulnerability management.
Mitchell Ashley is CTO and VP of Engineering at StillSecure. He can be reached at mashley@stillsecure.com
<< Previous Page
|
