This tip originally appeared on SearchSecurity.com.
What you will learn from this tip: Vendors are touting new products to manage endpoint security, but organizations can save money by effectively managing three technologies they already employ – firewall, antivirus and patch management.
The endpoint security market grows as more attention is given to the challenges of securing a dynamic digital perimeter. Organizations willing to pay a hefty price can choose from a variety of products that ensure that endpoint devices comply with policy before connecting to the network. However, effective endpoint security doesn't have to require a significant investment in new software or hardware. Most organizations already employ three effective endpoint security controls: firewall, antivirus and patch management.
Where is your endpoint?
The function of perimeter or endpoint security is to ensure that the infrastructure is protected against external threats. Before you can secure your endpoint, you need to define it. In the pre-Internet days of the mainframe, endpoint security was simple; things were either inside or outside of the data center. Despite the fact that more and more is being spent on information systems security, systems are becoming increasingly complex, and complex systems are much harder to protect.
Even the physical perimeter is not simple to define. The potential endpoints are many. Some of them include:
- Internet access
- Business Partner access
- External partnership access
- Internal employee access
- And more
Know your endpoint
The banking industry has a federal requirement known as Know Your Customer (KYC), which is part if the USA PATRIOT Act of 2001. The purpose of KYC requirements is to catch those laundering money or attempting tax evasion. Banks are required to determine the source of customer deposits, classify them according to pre-determined profiles and monitor their banking activity to detect deviations.
Those in information security can take a similar approach to securing the network perimeter. If you know your endpoint, and are able to detect and respond to anomalous activities, much can be achieved. Effective endpoint security requires an understanding of the infrastructure and a significant commitment to get the job done. Those who have management support and are willing to put in the time to get to know their endpoint have a real chance to create a highly effective information security infrastructure.
A firewall is often the first line of network defense, ensuring that only allowed traffic traverses the network. Firewalls are often pristine when initially configured, but after time, allow far too much traffic and too many protocols through. In addition, management often puts too much confidence in firewalls.
How do you obviate such a predicament? Make sure you have an effective and current set of firewall policies. A firewall can't be effective unless it's deployed in the context of working policies that govern its use and administration.
Viruses, worms, Trojan horses, spyware and more are a huge risk to information security. By deploying antivirus technology at the endpoint, organizations can ensure that malware does not infect the infrastructure.
But when it comes to antivirus software, organizations are only as good as their virus definition files. To ensure maximum protection, organizations must make certain that gateway devices and workstations have updated antivirus signatures on each device.
Until recently, patch management was something a system administrator did when he had time; now it is an elemental part of information security. Patch management is a strategic process where it must be decided:
- which patches to install
- the benefits and implications of implementing the recommended changes
- the business benefit of installing a patch
- the regulatory requirements
- the operational requirements
The year 2005 is no longer your mother's patch environment, where one can leisurely decide whether or not to patch. Microsoft's Patch Tuesday can easily turn into a Black Wednesday if not handled correctly.
Times are changing and information security must change with them. Endpoint security comes down to knowing what your perimeter is, knowing what your risks are and defending against them. When managed effectively, your firewall, antivirus and patch management products will help you do that.
- The biggest antivirus and antispam blunders exposed.
- Take this quiz to find out how well you play with fire(walls).
- Information Security magazine identifies the best patch management products of 2004.
About the author
Ben Rothke, CISSP is a New-York based security consultant with ThruPoint Inc. and the author of Computer Security: 20 Things Every Employee Should Know. He can be reached at firstname.lastname@example.org.