Real Endpoint Security Ensures Protection and Compliance

By Tom Schmidt

The way we do business today is radically changing the way we approach network security.

Think about it: whether it's allowing your teenager to do homework on your company computer, providing a partner with guest access to the corporate network, or accessing email on corporate servers via handheld devices, the number of entry points with the potential to compromise network security is increasing every day.

At the same time, threats to network security are becoming more sophisticated and damaging. Long gone are the days when hackers launched threats that were noisy, indiscriminate, and randomly disruptive. Today's threats are the work of cybercriminals, and they are silent, highly targeted, and motivated by profit.

This combination of increased entry points and more sophisticated threats has prompted many enterprises to reassess their endpoint security efforts. Their conclusion: true endpoint security must combine endpoint protection and endpoint compliance. This article explores such a combination in-depth.

Traditional security measures are being circumvented
Even a cursory examination of today's threat landscape is enough to show how thoroughly the situation has changed. For example, in the last six months of 2005:

• 1,896 new vulnerabilities were documented, the highest recorded number since 1998.
• More than 10,992 new virus and worm variants were discovered, a 49% increase over the same time period in 2004.
• On average, 49 days elapsed between the disclosure of a vulnerability and the release of an associated patch, down from 64 days.
• It became easier for attackers to modify currently existing malicious code than it was to create new code from scratch. To give just one example, 6,542 new variants of the Spybot threat were documented in this time period.
• 1.5 billion phishing attempts were blocked, a 44% increase over the first half of 2005. An average of 7.9 million phishing attempts were detected per day.

It's also the case that new threats are more elusive. Blended threats are becoming the norm rather than the exception, and attention is increasingly being focused on application and system-oriented weaknesses as opposed to network-layer vulnerabilities.

Given this unprecedented rise in threat activity, it's no surprise that traditional enterprise security measures are being circumvented. For example:

• Perimeter firewalls -- These can't block access to ports used for legitimate purposes. Packet scanning is only effective against recognizable signatures.
• Network intrusion detection -- It can only reliably detect worms after they have compromised some systems and are actively spreading.
• Basic personal firewall -- It can't lock down the system enough to prevent a worm from acting like an authorized application.
• Patch management solutions -- These don't address the window of vulnerability before a patch is applied. These are also ineffective against unknown attacks.
• Antivirus alone -- Damage is done by the time the virus definition is deployed.

Ensuring compliance
Establishing a comprehensive endpoint security solution is a complicated undertaking. A number of factors, such as accounting for unmanaged nodes, increase the scope of the challenge.

Nevertheless, a comprehensive solution will help to ensure that corporate networks, branch offices, telecommuters, and mobile workers are protected and compliant with security policy when accessing enterprise networks and information assets from managed as well as unmanaged devices. Specifically, such a solution must block or remediate non-compliant devices with automatic software and patch updates before granting any network access. In addition, antivirus and firewall software must be enabled and antivirus signatures brought up-to-date. This will bring a compromised or infected system into compliance so that all company information and IT systems are insulated from information theft, violation, and disruption. The ability to validate and manage the security posture of unmanaged devices without endangering sensitive information assets is essential for business initiatives such as e-commerce and outsourcing.

Ensuring protection
A comprehensive endpoint security solution also provides protection against known and unknown attacks by combining host intrusion prevention, desktop firewall, and peripheral device control. That's essential for eliminating exposures from home computers, kiosks, and guest laptops. Such a solution creates a virtual desktop environment offering a protected network session that includes the ability to detect and kill malicious code such as keystroke loggers from capturing username and password information and screen scrapers from spying on user activity. At the end of the virtual desktop session, all Web browser information, such as auto-complete, stored passwords, and temporary files, needs to be erased.

Ultimately, endpoint protection offers a perimeter of defense to ensure that all devices are current with security software before entering the corporate network. Such persistent enforcement enables IT to address the task of protecting corporations from exposure of intellectual property, costly network downtime, and possible regulatory fines that can undermine a company's brand integrity.

Conclusion
It goes without saying that security and compliance governance policies are only useful if they are enforced 100% of the time. After all, determining security compliance after granting any network access is too late.

Comprehensive endpoint security solutions defend against zero-day attacks, malicious insiders, and actions that do not comply with corporate security policies. Such solutions enable organizations to actively evaluate, protect, and remediate managed and unmanaged systems as they connect to corporate assets. Given the nature of the current threat landscape, today's enterprises require nothing less.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.