[sidebar]

AV Alternative: Endpoint protection

The options for anti-virus protection are growing. The big players face competition from smaller guys who are offering solutions that approach the problem in differing ways.

“Symantec may have an old-school approach to anti-malware, meaning, put all the signatures on the endpoint and update it as necessary. With the rate of new malware emerging -- Symantec reported more than 1,900 daily new malware instances for 2007 -- soon the updating signature approach will no longer be fast enough or scalable enough. It is without question the time to look for alternative approaches,” says Chenxi Wang, principal analyst, security and risk management, Forrester Research.

While many vendors continue to evolve their anti-virus products, pushing out updates to try and keep up with unending assaults, the folks at Sanctuary have taken another approach.

“Since anti-virus relies on a signature match to identify malware, it offers no protection against targeted attackers using new or ‘boutique' malware to infect individuals and organizations,” says Don Leatham, director of solutions and strategy at Lumension Security. “The anti-virus model was founded, and still operates, on the notion that everything on an endpoint should be allowed to run unless there is a known reason to disallow it. It's a pretty simple idea and it worked fairly well a decade ago when evolution and totality of malware was slow and manageable. In today's world, the number of unique malicious applications is growing geometrically and is by some accounts over six million known variants. Keep in mind that this is just the ‘known' bad stuff out there.”

Lumension Security is the first to combine two important whitelisting security technologies into a single console and agent, namely endpoint protection and data protection, adds Leatham.

Lumension Security's approach to data protection mirrors endpoint protection, in that it allows devices to be accessed only in ‘known good' situations, as defined by policy. Lumension Security's Data Protection policy structure allows for very granular policy definitions that ensure that USB drives, CD/DVD drives, etc. are only available for use in approved, known-good data transfer scenarios.

Whitelist protection via both endpoint protection and data protection, all within a single implementation, is a powerful security tool that offers great value to customers, he says.  – GM






« Previous 1 2 3 4 5 Next »