The Many Myths of Endpoint Security
Page 1 of 2
You've got firewalls, intrusion detection and prevention, virtual private networks, and a perimeter that is as secure as can be. But the problem is that all this security apparatus can be made moot in a matter of milliseconds with one user bringing their infected laptop into your office and spreading its diseased little package around your network.
That's the sad state of affairs today. And not to worry numerous vendors are standing by to take your call and sell you thousands of dollars of endpoint security products that will stop this infected laptop and other problems in their tracks. Or so they say.
The problem is that endpoint security isn't easy, simple, or cheap. The products have a daunting array of features and fine print, and matching what you need, what inconveniences your users will tolerate, and what your network infrastructure will be able to bear isn't a slam-dunk.
Let's examine the six biggest myths of this marketplace and tell the truth wherever we can.
Not true. If you have the unfortunate circumstance to have a heterogeneous network composed of many different operating systems, embedded devices with their own IP addresses, and switches from three different vendors, you are in for some trouble.
The problem is that the software agents that root out the dirty work are very specific in terms of browser version and operating system. Some require initial administrator rights to be installed on the endpoint, while others are only present during the time an endpoint is logged into the network and disappear or "dissolve" when the session is terminated.
Then you have the situation of embedded devices. How do you protect those? Some endpoint solutions have "white lists" where you can specify that your Web cameras and print servers don't have to be scanned for them to attach to your network. That is all well and good, until the bad guys figure out a way to compromise these devices and then trouble begins. Some vendors, such as Forescout and Mirage Networks, have ways to monitor these embedded devices as part of their systems, so if you have a lot of them on your network you might want to start with them first.
Before you examine a product, understand the device protection portfolio that is offered by each vendor and also what they have promised for the coming year. Many vendors, such as Symantec and Consentry, are still lacking basic Mac OS support, for example.
Myth #2: It is easy to identify an unhealthy endpoint and block it from coming on your network.
Again, troublesome. Figuring out what ails that endpoint isn't simple. You need some sort of scanning routine done regularly to determine if its file system, registry keys, anti-virus signatures, OS patch levels, and whatnot are up to spec.
As you might imagine, all this scanning takes a bunch of time during the login process, so setting up enduser expectations is critical before those support calls come in saying, "I can't login to the network."
Some of the products require all kinds of specific information to check, such as particular anti-virus signatures or personal firewalls. Some products scan at different degrees of depth depending on what kind of agent is doing the scanning. It pays to check this out carefully before proceeding further.
Myth #3: It is easy to cure an unhealthy endpoint.
Also false. Any remediation needs to cover all the things that can go wrong, and do so as automatically as possible. Otherwise, your enduser support lines will light up like a Christmas tree the moment you turn on any solution. Some of the products are better at remediation than others. Some, like Cisco's solution, just send an unhealthy endpoint off to the network equivalent of Siberia without trying to fix the problem.
Next page: More endpoint security myths