Every computer that connects to the Internet must have some form of anti-virus protection installed. The number and type of virus threats increase every year, with new ones appearing at an alarming rate. However, threats to the desktop are not limited to simple viruses, but often come as a coordinated attack via drive-by installation of malware and spyware. Further, not all threats are from the Internet: Unprotected vendor laptops can inject malicious programs directly into the enterprise, or malicious employees can siphon secrets to USB thumb drives. Security applications must be able to protect the desktop from both internal and external threats.
Why does endpoint security matter? The security software we all run on our client devices may be one of the most important yet misunderstood areas of computing. “The great growth over the last decade has been for computing devices to leave the organisation. Not just laptops, but mobile phones and handhelds are all designed to be mobile and can carry a lot of corporate data and provide computing resources when on the move. Therefore, there has been a rise in problems caused by these devices being lost, stolen or misused and it’s therefore important for IT management to consider endpoint security as a major part of their security policies and infrastructure,” says Nigel Hawthorn, VP EMEA Marketing, Blue Coat Systems.
A recent trend in endpoint security has been the shift from stand-alone antivirus-style products to burgeoning software suits that combine antimalware, network access control and now systems management. Though dozens of competing vendors craft products for specific security and systems management functions — and many IT managers strongly argue they prefer it that way and fret about vendor lock-in — there's some cause to think the future may be dominated by endpoint suites.
“The move from stand-alone anti-virus to suite solutions has been driven in part by the continuous development and sophistication of the threats to which organisations are now vulnerable. Customers find comprehensive security suites appealing because they help their security solutions to work together and be easily manageable – with multiple point products, the resource overhead is greater and it is incredibly difficult to get a consolidated view of an organisation’s security status,” says Essam Ahmed, Team Leader Systems Engineer –MENA, McAfee.
Bulent Teksoz, Regional Technology Manager-MENA, Symantec, says the current Internet landscape clearly requires users to deploy a defense-in-depth strategy at every premises. Suites are easier to deploy and can easily by customized to meet every business need, no matter if it is a large enterprise or small business.”
The appeal in the security suits is also the fact that it has a single code base and smaller footprint than having five or six separate software agents. The push to pack more into the security endpoint is bringing in a wave of change in both the systems management market and the security market over the next years, according to IDC.
IDC predicts the worldwide corporate endpoint security market will hit $4.41 billion by 2012. The security suites are expected to comprise almost half of this market by then, eclipsing stand-alone antimalware and other categories such as endpoint threat management, which will be in sharp decline.
An endpoint is any intelligent, network-aware device that is under the control of an end user and can be accessed from outside the organization. The most obvious threat is the ubiquitous laptop with a wireless connection. But even networked printers and copiers have enough processing power and storage to launch an attack.
Counter measures begin with the basics: antivirus and antispyware software and a firewall on every endpoint computer. The next step includes products that allow administrators at a central console to lock down the applications or the physical devices a user can access on his machine and monitor attempts to bypass the controls.
The most ambitious and expensive strategy, usually used by larger organizations, is a network access control system that runs on servers or on network appliances and scans network traffic for attacks that enter the network through an endpoint. Such products may require a device to have the proper security patches and updates before accessing the network, determine when and how users can access a wireless network, and control the flow of traffic across the network to limit attacks. Whatever the approach, users don't want to be hamstrung — and IT managers don't want to be overwhelmed by the work involved in managing them.
“Managing security policies and endpoint security is a challenge that some organisations find quite complex. They need solutions that can maximize their ROI, give them visibility of their security status as it changes and even report on their compliance with policies. A strong management platform that integrates with multiple security technologies provides a central point to create and deploy security policy. This platform also enables customers to perform policy auditing and network access control,” says Ahmed.
Teskoz adds that a solid endpoint security solution must be multi-layered and be composed of multiple security solutions. It is important that the solution be managed and updated centrally.
Creating policies that determine what can and can't run on endpoints requires IT managers to figure out what software is really running in their organizations and which of those applications are really critical. Managers often don't realize how long it takes to create policies that reflect how employees actually use their systems and thus underestimate the cost of implementing security software. And IT managers need to keep in mind the fact that no security tool will work effectively without co-operation from users – and that requires educating them about the need for some limits on what they can do.