You spent the time and money to balance productivity and security. You installed antivirus software at the firewall, at the e-mail gateway, and on all your endpoint devices — workstations, PCs and laptops. And your new headquarters’ wireless LAN is protected with encryption keys, providing a secure doorway to the network and the Internet.
Your secure endpoint strategy also includes mobile workers. You have provisioned all your mobile employees with laptops, and made sure those endpoints were protected with a VPN (when connecting back to the corporate network) and a corporate personal firewall and antivirus software.
Yet your network was invaded and crippled by the most recent worm outbreak. Worse, one of your telecommuters’ computers was hijacked to launch a denial-of-service attack. To make matters worse, just last week, one of your “road warrior” sales people brought her laptop into the corporate headquarters, connected to the LAN and introduced a virus that infected dozens of computers. And… And… And…
A Better Toolbox
What happened? Is your IT organization asleep at the wheel?
Hardly. Your organization fell victim to the big “If”: If your employees had done everything right, your enterprise would have been protected. But they didn’t — and they probably can’t, given the limited tools they currently have at their disposal.
“You just can’t count on all of your people to practice great security all of the time,” said Edward Gollod, CEO of Revenue Accelerators, an executive consulting firm in New York. “Your employees are too busy to understand every potential security threat your organization faces. They need automated tools that don’t require complicated end-user intervention.”
In an ideal world, the worm would not have been a threat because all your endpoint devices would have stopped it at the firewall. But only if your users had not right-clicked and turned off the firewall. And only if your users hadn’t answered “yes” when the firewall asked if they wanted to allow some obscure program to perform some obscure task — for the twentieth time that day.
In an ideal world, your telecommuter’s computer wouldn’t have been able to act as a zombie in a distributed denial-of-service attack. But only if the user had a firewall that ran at the operating system kernel layer, instead of the traditional application-layer firewall. Indeed, a firewall at the network driver interface level would have stopped a protocol attack before any damage was done.
Are You Updated?
In an ideal world, no users would turn off their antivirus software or fail to keep it updated. But there are a lot of ifs here, too: Antivirus software would succeed if you had a way to automatically enforce its use, without asking the user to take any action. And if you could ensure that the virus signature files were constantly kept up-to-date — without asking the user to do anything. And if you could check any of your endpoint devices whenever they tried to connect to the Internet or your corporate network, scanning to make sure it was protected and did not harbor any malware — and quarantine it if it is not up to corporate standards. And if you could ensure that your users never try to turn off (or succeed in disabling) their antivirus software in the pursuit of “better productivity.”
“You see the same problem over and over again,” noted Richard Clarke, former cyber security advisor to President Bush, during a recent security conference in Chicago. “People don’t keep their antivirus software up to date because it requires them to take some sort of action. The result is security inaction and more successful attacks.”
Getting Real
In an ideal world, your users would never leave their laptops — critical endpoints that provide access to your corporate systems — on and unattended while they enjoy a coffee break at an industry conference, and fall victim to a thief who inserts a small USB thumb drive into their laptop and steals local and corporate data.
This type of attack wouldn’t succeed if you could implement a policy that disallows writing to removable storage devices while outside the corporate network protections. And you’d be more fully protected if you had strong audit trails that showed any attempts to steal or communicate sensitive information in contravention of policy.
In an ideal world, hackers wouldn’t be able to masquerade as your trusted users and gain access to all the data and applications they are entitled to.
If only the users weren’t able to turn off their personal firewall, letting a hacker hijack the mobile or remote system and piggyback on the VPN, thereby gaining trusted access to the network. If only the user wouldn’t leave their wireless card turned on when they connect to the corporate network — thus allowing someone from the company next door to attack to their system in an ad hoc wireless network, and see everything the employee is working on. If only your users didn’t inadvertently connect, not to your secure wireless network, but to the one belonging to the competitor across the street, opening up your sensitive information to the wrong prying eyes.
Automated Endpoint Security
How would they make that happen? The only way is with a self-defending endpoint security solution that runs on every desktop and laptop — with invisible yet unavoidable protection against malware, bad practices, sloppiness and laziness. A solution that stops a user from turning off their antivirus software, and makes sure they always have the latest important virus signature files. A solution that enforces a stateful firewall at the operating system kernel level, to stop malware before it does its damage.
“If you’re using antivirus software without a stateful firewall, it’s like buying a house with locked doors but open windows,” said Gollod. “At best, you’ve got half a solution, and that’s no solution at all.”
Organizations are urged to look for advanced automated endpoint security solutions that provide enhanced protection. Such solutions ensure that your users connect only to known and authorized wireless access points. They provide flexibility and enhance productivity while safeguarding data. Advanced endpoint security solutions don’t let the user forget or neglect to run their VPN, and such solutions can’t be turned off or bypassed by the user.
Finally, advanced endpoint security solutions provide strong audit trails, ensuring policy compliance always and everywhere.
Now that’s a world without security ifs.
Tanya Candia is a consultant and expert on information technology (most notably data management and security), business management and marketing issues. As President/Founder of Candia Communications, she consults with companies and currently serves as Vice President of Marketing for Senforce Technologies Inc. Candia can be reached at [email protected].