Securing corporate endpoints is increasingly important in today’s business environment. As threats to endpoint devices continue to grow, long gone are the days when all you had to worry about were viruses and malware. Today, securing endpoint devices means accounting for new types of issues such as USB devices, outdated patches, more covert malware that includes rootkits, unauthorized programs, and threats involving remote endpoints like credential hijacking. Complicating matters is the increasing mobility of endpoint devices. Executives fly here. Managers drive there. Everyone is on the go, necessitating a security strategy that keeps mobile devices locked down and mobile data protected. Industry analysts estimate that between 1,500 to 3,000 laptops are stolen each day. And the number of companies reporting stolen laptops containing sensitive data increased 81 percent from 2005 to 2006, according to the Ponemon Institute 2006 study on data breaches. These figures do not even consider laptops lost in airports, taxis, or elsewhere.
By adopting technology that takes a centralized, unified approach to critical endpoint security needs, businesses can ensure control of their endpoints.
While threats continue to increase, so do the number of endpoint security applications and management consoles used to stop them. It is not unusual for a typical enterprise PC to run separate security agents for antivirus, desktop firewall, anti-spyware, and file or disk encryption software, each centrally managed by a single-purpose console. The multi-agent approach makes it costly and time consuming for administrators to update, monitor, test, and manage security policy for these applications, including all the required software and signature updates. In addition, multiple agents can consume excessive CPU and memory resources, creating unpredictable or degraded system performance, often disrupting employee productivity and generating an abundance of low-priority helpdesk calls.
There is a better way. By adopting technology that takes a centralized, unified approach to addressing critical endpoint security needs, businesses can ensure control of their endpoints once and for all. Here are six endpoint security essentials for companies to shore up their defenses:
Mitigate malware
According to Kaspersky Labs, nearly 20,000 new malware outbreaks were
reported from January to July 2007. Potentially, that means 20,000 new,
hard-to-find endpoint security problems. These problems aren’t limited
to viruses, rootkits, and proxies. Distributed denial of service
attacks fall into this category, too. The best ways to limit these
destructive processes are to block attacks with heuristic and
behavioral-based antivirus and anti-spyware, complemented by effective
program control, which is important to mitigating malware because not
only can it block known malicious programs running on endpoint PCs, but
it also can help control programs such as peer-to-peer file sharing
applications that are increasingly targeted to compromise endpoint
systems. However, controlling programs is often more easily said than
done. With hundreds of thousands of programs on the Internet that could
wind up on corporate PCs, defining and enforcing a security policy
regarding which programs to allow or deny can be very time consuming.
Therefore, an essential function of program control is the ability to
automate most policy decisions, so IT staff does not have to spend time
researching programs. Ideally, this is done via a knowledge base of
known good and known malicious programs from which a best-practices
policy on whether they should be allowed or denied can immediately be
applied.
Protect data
With workers constantly on the go, lost equipment is an inevitable
reality that should drive companies to deploy full-disk encryption and
keep endpoint data locked down and secure. This practice not only
secures corporate secrets, it keeps sensitive information completely
protected in the event of loss. And this is even more important today
with strong personal privacy laws now requiring disclosure of security
breaches when personal information is breached. If a laptop is lost or
stolen with a fully encrypted drive, companies can avoid disclosure of
the breach, as well as damage related to corporate reputation if the
news makes the headlines. Encrypting hard drives is not enough, though.
Enterprises must also consider threats posed by removable media such as USB flash drives, iPods, and Bluetooth
devices. First, these devices can carry viruses or other malware.
Second, they can be an easy way for sensitive data to leak outside the
business if not properly protected. Some of the best practices for
endpoint security are to apply policy for both: controlling device
access, scanning the content of allowed devices to ensure there are no
viruses present, and encrypting data on these devices so the data
remains protected.
Enforce endpoint policy compliance
Even if you
have the best technologies to mitigate malware and secure data,
endpoints can still be compromised if virus signatures or service
patches are out of date. That's where network access control (NAC)
comes in. This technology helps secure networked endpoints prior to
allowing them network access. It does this by including preadmission
endpoint security policy checks for endpoint devices to ensure that
they meet the predefined security policy, such as having current
antivirus software or the latest patches. If protection is adequate,
access is granted. If not, the technology quarantines endpoints and
facilitates remediation to help install the proper updates.
Enable secure remote access
With computing devices more mobile than ever, it's critical to lock
down the connections by which users are logging into the corporate
network. The very best endpoint security solutions incorporate this
kind of secure remote access effortlessly—through the same interface
with which users log in. The best approach here is a remote access
agent—users log in once, and everything they do from then on occurs in
a secure space. Storing credentials in this agent also makes it easy
for users to access sites with different connectivity requirements. And
there are other reasons to consider a solution that offers a remote
access agent with essential endpoint security functions:
- Minimizing overall agent footprint, including CPU and memory utilization, to help ensure endpoint systems run smoothly
- Eliminating duplicate management tasks and engineering test cycles associated with software updates—standard for two or more agents
- Ensuring interoperability between remote access and NAC functions, helping streamline policy checks for remote users authenticating through a gateway
Streamline security management
On the back end, it's important to centralize endpoint security
management so that administrators can use one console to configure
endpoints, administer policies, monitor performance, and analyze data
from the network as a whole. This isn't only about making life easier
for administrators, it's also about reducing maintenance costs of
managing and updating a multi-agent solution. Unification also helps
improve security audit support by unifying, standardizing, and
automating reporting functions. In best-case scenarios, administrators
can even deploy baseline security policies using predefined policy
templates.
Minimize end-user impact
Finally, even the most hardened and efficient endpoint security
solutions shouldn’t sap bandwidth or processing power from other
important end-user functions. With this in mind, the best strategies
embrace centralized agents with small footprints and low memory
utilization. Transparency in other areas is also important—ideally, an
endpoint security solution should be so silent in its protection that
users dont even see an icon in their system trays. For users, the
bottom line is functionality and ease-of-use. For administrators,
security should be paramount.
The Check Point approach
In addition to mastering these six endpoint security essentials, it's
critical for administrators to keep their network security posture
current. One way is to task specific personnel with the job of keeping
tabs on the latest threats. An easier way is to use a service that
charts threats and potential problems automatically. Check Point has a Security Research & Response team
that handles both, reducing the resources and time needed to maintain
endpoint security. What's more, a focused, professional effort
improving security posture improves the quality of application-policy
decisions while minimizing the need for end-user involvement. In winter
2008, Check Point is unveiling a single agent for endpoint security. The solution has data security based on the market-leading Check Point Endpoint Security Full Disk Encryption and Media Encryption
technologies and incorporates protection against malware, viruses,
spyware, rootkits, and more. In addition, it has a fully integrated
remote access agent, streamlined console with an intuitive GUI, and the
option to appear completely invisible to users. Putting it simply, the
solution simplifies endpoint security management.