Productive Corporation

Download

P-guide--Endpoint Security 5 Relevant Tools Secure Your Environment.pdf (1.58 MB)

March 30, 2010 - Endpoint security has never been more critical. Here's a comparison of the top five security suites, along with a look at a handful of key management tools.

Executive Summary

While the economy is showing signs of recovery, times continue to be challenging for many mid-market IT staffs. On top of increased demand and tightened budgets, you're dealing with the ever-present specter of new malware threats. Worst of all, your long-time best defense-antivirus (AV) software-is having an increasingly difficult time protecting your network's endpoints. There is hope, however, in the form of new and updated management tools and security suites that can help you shore up your malware defenses.

This P-guide takes a look at some of these tools and offers insight on what you need to know about them.

Introduction

Here's an unsettling thought: Right now, waves of new and sophisticated malware are probing your endpoint security defenses, looking for ways to wriggle into your network. As unnerving as that can be to think about, it gets worse: By themselves, your antivirus (AV) programs probably aren't up to the task of keeping them out.

Why? Traditional AV defenses are excellent at blocking attacks. The problem lies in today's strains of malware, which are growing and mutating at an astonishing pace. Even a quick scan of the headlines will confirm that notion. The amount of malware zipping through cyberspace hit an all-time high earlier this year and shows little signs of retreating. The threats also come in a wide range of flavors. There is, for instance, the Gumblar virus that exploits vulnerabilities in Adobe's PDF reader and Flash player software. There are hundreds of malicious anti-malware programs and fake security applications designed to hold individual workstations hostage. There are fast-flux botnets that manipulate DNS information to evade detection. And then there is Operation Aurora, the cyberattack which illustrated that even deep-pocketed corporations-Google, Adobe, and Dow Chemical, among others-aren't immune.

It's not that AV shouldn't play a key role in endpoint security. It's just that, given the state of today's threat environment, it can't do it alone. It needs to be part of a more comprehensive endpoint defense strategy.

How can you build such a strategy? Start thinking of security in terms of a puzzle.

Additions to the security puzzle

As with any puzzle, the key to effective endpoint security is to find the right pieces and arrange them into a coherent whole. In the last few years, as threats have intensified, security vendors have responded with multilayered security suites that combine a variety of proactive management tools-i.e., puzzle pieces-designed to block, sniff out, and kill malware. Here's a look at some of them.

Application whitelisting

While whitelisting (or application control, as it's sometimes known) isn't necessarily new, it's getting plenty of buzz as an antimalware solution these days. The term itself refers to a simple concept: You only allow approved or whitelisted applications to run on a system, and block everything else. As the polar opposite of antivirus blacklisting, it has several unique advantages, such as eliminating the need to continually scan for malware and manage the signature updating process, along with built-in protection from zero-day attacks. The newest generation of whitelisting products is also customizable, allowing IT administrators to create different privileges for different end users and determine what applications they want to whitelist.

Full-disk encryption

In a nutshell, full-disk encryption (FDE) uses unique algorithms to encrypt all of the data-including the operating system and all system files-on an individual hard drive to block unauthorized endpoint access. It also gives IT professionals a convenient way to control all of the workstations on a network, particularly if the FDE allows you to oversee deployment, management and logging from a central administrative portal. It does have some potential drawbacks, however. For instance, not all FDE systems encrypt data when it is being shared between devices, stored on external drives, or being transferred via e-mail. Another downside is speed-or rather, the lack of it. Because FDE encrypts everything on a hard drive, it can take longer than typical for users to perform everyday tasks such as opening up word processing files.

Device control

As the use of laptops and portable devices such as flash drives, PDAs, SD cards, MP3 players, and the like have grown more popular, so have the chances that they can introduce malware onto a network. With that in mind, some vendors have been adding device control options that allow IT professionals to view and manage all of the portable devices connected to a network's endpoints. The tools allow administrators to set group and individual configuration policies and control device access for each endpoint, often from a single management console.

Data loss protection

Not all threats come from external sources. Data loss protection (DLP) solutions use a variety of techniques to secure endpoint data, whether it's in use on an individual PC, being transmitted externally over a network, or housed in storage. The techniques themselves vary from content scanning to communications monitoring to contextual security analysis to the encryption of stored data. The bottom-line goal is the same for all of them, however: Allow administrators to identify risks and lock down sensitive data before it can leak outside the organization.

Web filtering software

In a sense, Internet access is a necessary evil in today's business world. Employees need it, but as numerous recent surveys have revealed, they're also likely to abuse it and offer malware convenient points of entry into the corporate network. Hence the rise of Web content filtering. These types of software typically compare a Web page's content or point of origin against a predefined set of rules. The best of them allow IT administrators to customize thresholds, restore text from e-mails and instant messages, and analyze Web traffic at the granular level, providing automatic notifications of, for example, unusually high bandwidth usage, employee violations of acceptable usage policies, and other types of questionable Web-related activity.

The top five endpoint security suites

Today's integrated endpoint security solutions incorporate numerous puzzle pieces, making life easier for mid-market IT pros. The best offer some combination on the above-noted defenses to streamline the process of completing the puzzle.

CA Total Defense

As its name suggests, CA's Total Defense is a multilayered offering. It incorporates three of the company's products-Gateway Security, Threat Manager, and Host Based Intrusion Prevention (HIPS)-into a single suite designed to shield a network and its endpoints from malware, spyware, and intrusion attempts. CA Gateway Security also uses e-mail and Web traffic scanning and filtering to stop content threats before they get past the endpoint, and features signature-based AV tools to block and remove malicious code. The suite bundles an endpoint firewall, intrusion-detection prevention, and application control functions with a Web-based management console that allows administrators to set access rights and policies for groups and individual users. Total Defense also works with a range of platforms, including Windows (32- and 64-bit), Linux, Mac OS X, Novell NetWare, and more.

Key marketplace differentiation

• Highly customizable HIPS compared to many stringent, out-of-the-box solutions on today's market.
• Currently offering a free remote deployment service for new product purchases-a $10 per node value.
• Competitive pricing to displace incumbent endpoint security products.
• Scheduled release of version 12 in Q2 of 2010 will combine interfaces of AV, antispyware, and HIPS software.
• Version 12 is being built on brand-new, best of breed SDKs.

Relevant resources

• 30 day trial download
• Request for custom quote
• Request for custom demo
• View CA Threat Manager webinar recording
• View CA HIPS webinar recording
• View CA Gateway Security webinar recording

Find out more here: www.productivecorp.com/ca-security.

Sophos Endpoint Security

Like CA's Total Defense, Sophos Endpoint packs multiple endpoint security solutions into a customizable offering that includes AV and anti-malware; FDE; fully integrated DLP; and application, device, data control capabilities that can be managed from a single console. It also features remote-management tools and whitelisting application control, and allows IT administrators to control individual access to portable storage devices, instant messaging, file-sharing programs, and the like. One unique component: Sophos' Genotype protection, which assesses Web traffic against known malware definitions to help with zero-day attacks. If there are hints of malware variants, Sophos Endpoint will automatically quarantine the offending items and send out alerts. Also like CA's Total Defense, Sophos Endpoint works seamlessly on Windows, Linux, Unix, Mac, Linux, and even OpenVMS systems.

Key marketplace differentiation

• One of the most robust feature sets combined into one interface on today's market.
• 24/7, native English-speaking support facilitated by level-two support engineers.
• Receive a dedicated support engineer with your trial download if you facilitate through Productive.
  

Relevant resources 

• 30 day trial download
• Request for custom quote
• Request for custom demo
• View Sophos Endpoint Security and Data Protection webinar recording
• IT Professionals Forum comparing CA Threat Manager and Sophos Endpoint Security

Find out more here: www.productivecorp.com/sophos.

Trend Micro OfficeScan

Unlike the Sophos and CA offerings, Trend Micro's OfficeScan is a Windows-centric product. Aside from that, however, it shares multiple similarities, including antimalware protection, device control functions, endpoint DLP, and multilayer HIPS functions. It also has a single, Web-based console interface that allows users to update all necessary files and update or set new policies for endpoint clients. While the software doesn't have built-in application control features, users can employ the company's Intrusion Defense Firewall plug-in to manage devices at the network level. Another plug-in, Trend Micro Security for Mac, can be added to safeguard Mac endpoints on the network.

Key marketplace differentiation

• The OfficeScan product can be deployed with cloud architecture (Reputation Technology) for protecting endpoints and servers. This provides a light endpoint footprint and minimizes network bandwidth usage.
• Comprehensive virtualization support and protection.

Relevant resources

• 30 day trial download
• Request for custom quote
• Request for custom demo
• View Trend Micro OfficeScan webinar recording to learn more about their Reputation Technology

Find out more here: www.productivecorp.com/trend-micro.

McAfee Total Protection for Endpoint

McAfee Total Protection is another suite that combines multiple functions, including AV, anti-spyware, network access control, and a newly redesigned firewall. It also uses McAfee Active Protection, a single scanning engine that offers on-the-fly analysis and blocking of new and emerging threats, and which also helps keep memory usage at manageable levels. In addition to 32- and 64-bit Windows platforms, the suite works with numerous operating systems (Linux, Unix, NetWare, Mac OS X, and Citrix MetaFrame). It also features McAfee's ePolicy Orchestrator, a platform-agnostic management console that allows users to manage all of a network's endpoints from a central location.

Key marketplace differentiation

• Highly robust and fully integrated centralized management console, ePolicy Orchestrator (ePO).
• Flexible Network Access Control defines appropriate network access policies and provides automated remediation capabilities-regardless of how endpoints connect to the network.

Relevant resources

• 30 day trial download
• Request for custom quote
• Request for custom demo

Find out more here: www.productivecorp.com/mcafee.

Symantec Endpoint Protection

Symantec Endpoint Protection is another bundled package that features a firewall, AV, anti-spyware, HIPS, application and device control, and proactive threat scanning. The core feature of the suite is SEP, Symantec's unique AV/anti-spyware detection engine that combines multiple scan engines to detect and intercept malicious code. It also offers something called TruScan Proactive Threat, a feature similar to Sophos' Genotype offering that guards against zero-day threats by observing program behavior and looking for similarities-no matter how minute-to the known universe of threats.

Key marketplace differentiation

• Offers CPU throttling so scans can run in the background with minimal effects on endpoint performance.
• Offers TruScan, proactive protection feature that detects network behaviors of unknown applications without the need to create rule-based configurations, which can save you time identifying all known and unknown applications in your environment.

Relevant resources

• 30 day trial download
• Symantec Endpoint Protection Data Sheet (PDF)

Find out more here: www.symantec.com/business/endpoint-protection.

Conclusion

All of these emerging technology puzzle pieces and endpoint suites offer serious security upgrades over AV alone. Better yet, many have been coming down in price in recent years, as vendor competition in the space continues to heat up. One result is that digging through the various offerings can be a time-consuming challenge in itself. How can you find the right fit? There is no one-size-fits-all solution. The key, as always, to making a smart buying decision is to match your firm's unique needs against each offering's unique capabilities.

For more information on Endpoint Security, contact Productive Corporation:

Phone: 1.800.726.4099
Email: help@productivecorp.com

About the Author

Chris Mikko is a Twin Cities-based writer and editor who specializes in technology topics.