Endpoint Security As PriorityBy Ericka Chickowski | Posted 2008-06-18 Email Print
Many security experts decry the death of traditional perimeter security. While they warn against the dangers of deperimeterization, they rarely tell you how to manage. As an extremely mobile organization, the International Fund for Animal Welfare must deal with security on a major scale. Baseline gets a glimpse at how this organization is coping.
The users are scattered over the globe, across 15 countries. This makes endpoint security a top priority because each desktop or laptop must be fortified for use outside the network and remain clean enough to return to the network without causing damage.
“About four years ago, after a period of extreme duress in terms of desktop security issues, ranging from viruses to even worms and Trojans—the gamut of desktop security problems—we realized that that part of our security equation was lacking and that we needed to put some more effort into that,” Ponte says.
He is more aware than most security administrators of the shortcomings of relying solely on anti-virus software for endpoint protection. Because IFAW has fallen victim to custom attacks, Ponte has seen how little protection a common anti-virus solution offers for unknown malware.
Anti-virus and anti-spyware programs generally depend on defensive signatures that are based on known viruses that security researchers discover. If a virus remains undiscovered by the researchers, no signature is made and the customer remains unprotected.
According to Gartner, signature-based technologies such as anti-virus software have less than a 50 percent chance of catching completely new threats and can miss up to 10 percent of old threats in the wild.
To protect IFAW from the “exotic” threats it faces, Ponte decided to augment his anti-virus protection with whitelisting technology. Rather than blocking out the known bad programs and missing all of the unknown bad programs, IFAW now only allows in the known good programs, keeping all bad programs from launching. Because IFAW had already used Checkpoint technology elsewhere in the infrastructure and it stacked up well against the competition, the organization decided to use Checkpoint Endpoint Security to implement whitelisting.
“We were able to use it to identify and segregate unknown malware–malware that was simply not recognized by any anti-spyware, anti-virus program that’s out there, which was shocking to us, frankly,” Ponte said. “We’ve since implemented a much more restrictive program control. We know every application that needs to be run on any of our user’s laptops, so we use a whitelist system. If it’s not white listed, it won’t run until someone in our IT department allows it. Of course, we only allow those things that we trust.”
Whitelisting has also helped IFAW get control of desktop settings by clamping down on user privileges on the desktop. This ensures users don’t inadvertently muss up desktop settings, which can also negatively affect security.
“We have strongly tightened up our user rights and privileges on the desktop,” Ponte says. “We haven’t completely locked down all of our end user workstations, but we have reduced privileges quite a bit.”
The decision to do so caused an “immediate and initial reduction in the number of infections and exploitation of security vulnerabilities” on his laptops, Ponte says. He noted that security incidents dropped off by at least 75 percent after IFAW harnessed the power of whitelisting technology.