computerwoche.de

Archiv

Endpoint security without the pain

23.01.2006

Easy on IT

Creating policies that determine what can and can't run on endpoints requires IT managers to figure out what software is really running in their organizations and which of those applications are really critical. Managers often don't realize how long it takes to create policies that reflect how employees actually use their systems and thus underestimate the cost of implementing security software, says Forrester Research Inc. analyst Natalie Lambert.

Implementing lock-down tools that rely on a "white list" of approved applications, for example, requires knowing and listing every application employees use. Locking down physical access to a machine by denying the use of a USB flash memory device, for example, might prevent a virus from spreading but also keep a user from legitimately sharing a file with a co-worker, says Lambert. Even when using a host-based intrusion-detection system that builds knowledge about normal network traffic, "you may need to run the program in learning mode for over a month to learn about what's going on in your environment," she says.

Then there's the ongoing work of watching for attacks and fighting them. When a virus took over student notebooks at the University of North Carolina at Chapel Hill and used them to spew spam, Mike Hawkins, associate director of networking, "stopped it dead in its tracks" by blocking such traffic at switches at the edge of the network. Using Enterasys Networks Inc.'s Dragon Intrusion Defense System, he was able to change the configuration of each switch without having to log into and out of each one. "I don't have enough people, and nobody has enough people" to make such changes manually, he says.

"Robust management is absolutely critical, because in a very large environment, you could be talking about 70,000 desktops you're managing," says Kelley. She recommends security tools that make it easy to not only deploy, monitor and reconfigure agents, but also do so over low-bandwidth connections or when the device is frequently disconnected from the network.