Integrated Endpoint Security

Download

P-Guide Integrated Endpoint Security.pdf (54.47 KB)

Date published: February 24, 2009
Length: 1,968 words
By almost any measure, e-mail and Web-based security threats have become more common over the last few years. Consider:

The Pingdom uptime monitoring service notes that 53.8 trillion e-mails in 2008-or 70 percent of all messages sent-were spam.
In its 2008 Trend and Risk Report, IBM's X-Force Threat Analysis Service notes that more new malicious Web sites were created during the fourth quarter of last year alone than in all of 2007.
And Symantec's MessageLabs service reports that the number of targeted Trojan attacks that were intercepted rose to 53 per day in 2008, compared to around 10 per day in 2007 (and one to two per week in 2005).

The threats are also getting far nastier to deal with. Blended malware is now commonplace. Sophisticated assaults such as SQL injections are making their way into the news; last April a mass SQL injection attack specifically designed for Microsoft IIS Web servers infected half a million Web sites around the world, including such high-profile names as the United Nations, various U.K. government sites, and even the U.S. Department of Homeland Security. And then you have the Conficker botnet worm, which surfaced last November and quickly infected more between 2 million and 15 million (depending on which estimates you believe) PCs around the globe.

Software providers have been responding with a range of new endpoint security solutions that bundle together antivirus and antimalware protection along with a number of other features. In the last few years, they've grown in popularity and become an increasingly popular alternative to standalone solutions.

That unified nature is a key advantage. One of the challenges with standalone solutions has long been the inherent juggling act of managing different products. Bundled solutions eliminate the need to need to master multiple management tools, keep track of numerous update schedules, and deal with different licenses. What's more, they also greatly reduce the chances of security gaps or overlaps. The net result: Bundled solutions can make life significantly easier for the average time-strapped mid-market IT staff.

Key Questions

In the last few years, a number of new bundled solutions have come onto the scene. In fact, there are now so many to choose from that finding the right one can be a challenge in itself. With that in mind, here are some questions to ask to help you find the right solution for your unique needs.

1. What services do you bundle into your solution/suite?

This should be the first question that you ask. It's certainly the most important one. As noted above, the best solutions blend together intrusion detection and prevention options, antivirus/antimalware, and firewalls that control network connections to and from individual users' PCs. Many also offer some form of network access control, preventing individual computers from accessing a network until the solution can check their configuration, update level, and overall compliance with preset standards for malware protection.

2. How effective are the solution's defense capabilities?

Ask the vendor about the product's signature-based defenses that allow it to detect and block real-time attacks. Does it offer zero-day prevention against recently launched threats? Does it provide multilayered security against blended malware? Best-in-class solutions offer both. Does it have a Host-Based Intrusion Prevention System (HIPS) that can scrutinize the network for signs of signs of potentially malicious activity and react appropriately and quickly? Does it offer a device control option, one that will allow you to set policies as to the types of peripherals that can be connected to a machine and how they are used?

Also consider: How often does the vendor provide updates? And how simple are the updating capabilities?

3. How well will it work with your existing system?

The diverse functionality offered by bundled solutions has the potential to be an Achilles heel. The suites are complex pieces of software that manage thousands of different processes. Key points to consider: A) Can the solution integrate seamlessly with your existing system's settings and not cause any conflicts?

B) Does it offer a range of configuration settings? You also don't want to waste time on false alarms. With that in mind, will the solution allow you to take a baseline reading of your existing system characteristics and then customize its defenses to them?

4. How easy is it to use?

The solution should be an efficiency-booster, not something that gobbles up extra staff time. How simple will it be to configure, deploy, and maintain? What is the updating process like? Is the user interface simple to read and understand? Are the alerts and error messages unambiguous and easy to decipher? Does it offer integrated visibility of a wide range of threats, including blended malware? Does it feature a graphical user interface (GUI) that allows you to access and manage it from a standard Web browser?

The ideal solutions will have user-friendly GUIs that provide at-a-glance details on everything from overall system/network status and performance to problems such as expired signatures. They also will allow administrators to quickly address security issues, configure endpoints, and perform related tasks.

5. What sort of reporting capabilities does it offer?

In an ideal scenario, you'd be able to pull or create a variety of clear, and easy-to-digest reports on a variety of topics-everything from infection trends to security policy compliance to attack details/results to in-depth statistics. Another point to consider: Does the solution allow you to create custom reports or customize the reporting templates? If yes, how easy is it to do so?

6. Does it support Windows and non-Windows platforms?
7. What sort of system resources will it use? Is it a memory/bandwidth hog?
8. How scalable is it? Can you expand it as your company grows?
9. Does the solution offer an information leak prevention option that can monitor user behavior?
10. Does the protection extend to remote offices?
11. Is there an encryption option that can protect a hard drive, individual files, or e-mails in the event of an attack?
12. What kind of support do you offer?

Here's a quick review of some endpoint security solutions:

CA Threat Manager Total Defense

CA Threat Manager Total Defense is a multilayered package that combines multiple CA solutions, including antivirus and antispyware protection and HIPS. In addition, it features application controls, traffic and system monitoring capabilities (for both remote and mobile endpoint devices), e-mail/URL filtering, and a standalone firewall that identifies known threats and can instantly react to or lock out threats, including behavioral-based anomalies. The suite allows for centrally managed policy creation, deployment, and maintenance, and lets users generate more than 70 different types of reports. A particularly useful option is the CA Policy Creation Wizard, which walks administrators through the process of building group and user policies.

Kaspersky's Total Space Security
Kaspersky's Total Space Security is a comprehensive suite that unites several of the company's offerings. It features e-mail- and Web-based antivirus and antimalware tools and controls all data that enters or leaves a company's network, including all e-mails and Web traffic and any network interactions. It also uses the company's Proactive Defense tool, which scans for everything from suspicious program behavior to adware, rootkits, and remote access utilities and locks any targeted registry keys. The solution has several user- and system-friendly wrinkles, including automatic resource redistribution during full system scans, rollback options in the event of a system intrusion or corruption, and automatic database updating. The Kaspersky suite has a central administrative console that provides reports (including e-mail alerts) and a full set of policy tools. It also features a quick-start wizard that walks users through the administrative setup process.

Symantec Multi-tier Protection
Symantec's Multi-tier Protection rolls together a number of the company's offerings: Symantec Endpoint Protection, Symantec Mail Security, and Symantec Brightmail Gateway, all of which mesh together to defend multiplatform networks, mail servers, and mail gateways. Like the CA and Kaspersky products, it continually examines the behavior of applications and network communications to spot and block suspect or high-risk activities. It also uses Symantec's Proactive Threat Scan, which scores the characteristics and behaviors of unknown applications, features a rules-based firewall, and allows administrators to block specific actions based on an individual user's location. The suite has full reporting capabilities and an easy-to-navigate GUI that offers at-a-glance status checks and which also points out such issues as infections and signature problems, along with information on how to address each.

McAfee Total Protection Endpoint
In a sense, McAfee's Total Protection Endpoint is similar to the other solutions covered here-it offers a mix of antivirus, antimalware, intrusion prevention, and network access control technologies. That said, the company, which was one of the first vendors in this space, does offer some distinctive traits and features. For starters, McAfee's patented behavior-based technology setup blocks the insertion of malicious code into a system during buffer-overflow attacks. Then there's the McAfee Policy Enforcer, a unique network access control solution that provides host- and infrastructure-based access control, and the McAfee ePolicy Orchestrator, a Web-based console with customizable dashboards; administrators can use it to enforce policies, monitor security status, make updates, and generate reports.

This list is by no means exhaustive; there are numerous other bundled security solutions out there. By the same token, new security vendors will continue to emerge and existing vendors will continue to offer new variations on existing products. There's no choice, really. Security is shaping up as a never-ending battle and the enemy doesn't appear ready to back down anytime soon.

We Can Help You
Deployment Questions
Licensing and Technical Support
help@productivecorp.com
800.726.4099

Productive Corporation

800.726.4099 - We Are Here

Meet Productive In One Minute

Productive Concierge

Resolving Issues