Is Your Information Really Safe - Security Steps 3 and 4
(
Page 2 of 5 )
3. ENDPOINT MANAGEMENT
In the past, discussions about the protection of endpoints, such as PCs and laptops, have revolved around anti-virus software. Recently, however, the focus has shifted to policy-based enforcement that offers more complete protection. Policy-based endpoint management should cover configuration management, patch management, access management, application management and even anti-virus applications.
“If you start to control your endpoints from a policy perspective, then suddenly you’ve got the ability to manage your endpoints much more effectively than you can with a single technology or a couple of technologies,” says Scott Johnson, business line executive for host solutions at IBM Internet Security Systems (ISS).
Sonnenschein’s Hansen says protecting endpoint systems is a cornerstone to his approach because once you prioritize information, you’ll likely realize that much of it is stored on these systems. That’s why it’s critical to ensure that endpoint devices are a safe place to house data.
“If you think about it, this is where more of a systems security approach comes in,” says Hansen, who makes use of IBM ISS technologies to carry out that approach. “I think we’re obligated to look at the systems that we can manipulate and manage.”
4. APPLICATION WHITELISTING
As hackers continue to develop more sophisticated techniques to evade detection and flood anti-virus technology with thousands of variants of the same malware in order to get past signatures, you might want to consider changing your protection models.
Some enterprises find that application whitelisting is a good alternative to the traditional anti-virus model. The idea is that instead of blocking the known bad elements, you will allow only the specified good applications to run and will block everything else.
According to Josh Corman, principal security strategist for IBM ISS, whitelisting can be appropriate in some use cases, but in other instances, it will drive up operational costs so high that it will become untenable. The best cases are in static environments in which workers will not need to install applications on the fly to get work done. He mentions call center environments as an example.
“One of the best applications we ever saw for application whitelisting was a retail environment with Windows XP-based cash registers,” Corman says. “They modified the image only once every six months, so anything new had to be bad.” In that case, whitelisting was so effective that there wasn’t a need to install anti-virus protection on those machines.
