You Got Your Security in My Endpoint

Call that laptop or PDA what you want — the client, the supplicant, the endpoint — the fact is, it could be a big threat to a corporate network. That’s especially true of mobile hardware which goes off campus and is used in the field, even at home, then comes back. That’s why network security providers have been spending more and more time over the last year pushing endpoint security solutions that enforce network policies on laptops at home or abroad, no matter how they try to connect to the network. Three companies with updates to their endpoint security services made announcements today, but no two handle things exactly the same way.

Take, for instance, Credant Technologies. The Dallas-based company bills itself as a provider of mobile data protection on all types of devices, from cell phones to laptops. This week, it announced a new version of its centralized management platform, Mobile Guardian, upgrading it to version 5.1.

“Users can’t impose security on themselves,” says Richard Stone, Credant’s Vice President of Marketing. He says that wrists shouldn’t be slapped, that security is more of a social issue, and that it needs to cover the full gamut of products employees use, from notebooks to phones to MP3 players — anything that stores important data. They call it Collaborative Mobile Data Security, and use it to encrypt data moved to removable devices such as thumb drives and iPods, do on-the-fly encryption of data sent via e-mail or IM, support for two-factor authentication, and “over the air” deployment. The software can force the encryption of all data made with business applications just in case it gets exposed.

Credant’s solution requires use of the Mobile Guardian Shield software on most endpoints. The company says the latest version works with third-party devices, even RIM’s Blackberry.

Credant’s latest Mobile Guardian is ready now and costs $42 per user; Collaborative Mobile Data Security will be out in the second quarter of this year.

Senforce Technologies has updated its endpoint security enforcement with the launch of Senforce intelligent Network Access Control (iNAC), which the Draper, Utah-based company says adds extra protections not found in the current Senforce Endpoint Security Suite (ESS) by tackling products beyond the laptop. “We had symbiosis between notebooks and a synchronizing PDA or smartphone, but nothing on the more mobile devices themselves,” says Kip Meacham, Director of Product Management at Senforce.

While ESS has support for the Cisco flavor of NAC, Meacham calls iNAC the “next evolution.” Instead of “inward-facing” endpoint checking when a computer logs on (via Ethernet, wireless or VPN) using an agent on the laptop, iNAC is “outward-facing,” in that it keeps the network infrastructure safe from threats.

Senforce can offer an agent, but also offers an agentless solution (assuming the endpoint has the okay in some other way, such as MAC address filtering), and one that simply requires running an ActiveX control to run a users’ experience when accessing the Web (good for use with guest access). As with any endpoint security, iNAC makes sure computers meet IT policies before they are allowed on the network by checking the system’s baseline configuration — what versions and patches of software it is running — and tries to remediate problems automatically, forcing upgrades as needed. The iNAC solution will be available in mid-March, at a price of $65 per user.

Highwall Technologies of Sarasota, Florida wants to distinguish itself by having a software-only solution that takes on big names like AirDefense and AirTight.

The new Highwall Enterprise 4.0 is all about software. That includes agents installed on endpoints (laptops only for Highwall) and different agents for wired networks — even agents for wireless sensors, which Highwall also sells. The company is focusing the new software on protecting networks from what  it believes as the five biggest threats: rogue APs, dual homing (where laptops are used as a gateway to bridge into a network), ad hoc networks between wireless laptops, unauthorized connections by clients to unauthorized WLANs such as those of neighbors; and, like Senforce and Credant, overall security and policy enforcement for mobile users.

Highwall CEO Rich Swier says that sensors are really only needed for securing the air around the WLAN — he thinks that the latest steps in encryption and authentications keep most WLANs safe, but they don’t always solve for the five threats above.

“We’ve seen, more and more, a shift toward concern over the mobile user,” Swier says. Agent software is deployed on every single laptop in the enterprise, just like a firewall or anti-virus program would be. It runs in the background to make sure the laptop stays up to date with company policy — even if it has a no-wireless policy, in which case the agent deactivates the Wi-Fi adapter. However, it will turn the Wi-Fi back on if the user tries to connect at home or on the road.

Highwall Enterprise 4.0 is out now and priced “per agent” at $45 per laptop ($299 per network subnet for wired agents).

News Around the Web