Fending Off AttacksBy Bob Violino | Posted 2012-03-13 Email Print
Enterprises need to deploy a layered defense and make data protection everyone’s business.
Fending Off Attacks
A layered security approach has helped the University of Georgia’s Small Business Development Center significantly cut down on malware attacks, such as viruses and spyware. Prior to implementing a more in-depth security posture about three years ago, the department was experiencing attacks via the Internet that forced its IT department to rebuild computers on a weekly basis. Following the improved security, the center has seen just two incidents in the past two years, says Rick Lanard, senior IT manager at the department.
Among the security products the department is using are an Edge router firewall from Juniper Networks that protects the entire university’s enterprise network. In addition, the center has deployed separate firewalls from Microsoft and Watchguard Technologies that protect individual operating systems and applications used within the department.
The department doesn’t use antivirus software, Lanard says, but instead uses a host intrusion protection system (HIPS) and application whitelisting from LANDesk Software for endpoint security. Application whitelisting allows only specific, approved applications to run on a client computer.
The initial whitelist is created by giving end-user devices a sufficient “learning period” to account for applications and tasks a user performs during a specific work cycle. After the initial learning period, the whitelisting setting is placed into block mode.
When a device is placed into this mode, it’s locked down so only approved applications are permitted to run. Because only whitelisted applications can run, the department significantly reduces the likelihood of attacks by malware.
Putting in place multiple levels of security is the best way to thwart the variety of potential attacks, Lanard says. “We’ve found that running a high level of security is a better way to manage IT,” he says. “We’re not out rebuilding machines daily, so we can, instead, do things that benefit the organization. There’s no reason for us to have super-layered security—we just wanted to have the ability [be able to] chose the type of problems we have to deal with and where we devote our resources” by improving security.