Endpoint security reaches across the network perimeter
The economy may be on the upswing, but increasing global competition combined with a multitude of compliance issues such as regulatory audits continue to pose a costly problem for organizations.
That's why a number of companies are implementing security programs in order to prevent any and all security threats from entering their core network.
In a study published by IDC on endpoint security management, an estimated 60 percent of all serious security threats come from internal sources that have been granted privileged access to an organization's network resources. These sources can be anyone from employees, contractors, consultants, systems integrators, business partners, distributors, customers, and other visitors.
This ever expanding perimeter, combined with the surge of technologies such as wireless networks and mobile devices that broaden access, create an extremely challenging environment to effectively manage the security of the endpoints accessing your network.
For most IT administrators, the highest risk areas within the network through which new threats can enter are the conference rooms, mobile laptop computers, visitor work areas and the wireless network. When systems are not securely maintained and vulnerability exploits are introduced, rebuilding systems from scratch can be a frustrating chore for IT as well as for the end user.
According to the recent studies, the cost associated with computer viruses penetrating the corporate network infrastructure outpaced all other security related costs by more than two to one.
No network is totally secure because no matter how aggressive your firewall rules, how secure your data encryption methods, or how stringent your authentication procedures, your entire network can be compromised by the introduction of a single 'unclean' endpoint by a privileged individual. For this reason many enterprise customers are actively seeking a quarantine solution that can mitigate this threat.
The core idea behind a network quarantine process is to ensure the automated enforcement of network security policies. By ensuring that each computer is blocked, scanned and remediated prior to connecting to the network, the quarantine system can automatically ensure that security policy templates are applied, and that up-to-date configurations are resident on the machine. Scanning after a connection is established is really too late, since attacks from a corrupted system can begin immediately after connection.
Essentially, the quarantine process identifies new machines that are attempting to access the core network, isolates them to a 'safe zone' or quarantine area, scans for patch levels, anti-virus signature update level and evaluates the end-point for other threats and remediates as necessary. Once remediation is complete and the end-point meets security policy standards, the endpoint is granted full access to the core network.
An effective quarantine solution will also ensure the automated enforcement of other applicable network security policies such as installation of anti-virus, restrictions on USB plug-in devices and so forth.
For organizations that have an uncontrolled environment where visitors can access the network in multiple locations – or where users typically have administrative access rights, a quarantine solution must also be capable of isolating a node regardless of where it was attached from.
Today, the most widespread area of concern in the quarantine world is that of the remote user working from home or on the road. With the rise in telecommuting and business travel, most companies have a significant percentage of computers accessing the network through VPN technology.
Clearly the deployment of an effective endpoint quarantine solution will result in a number of benefits to the organization, ranging from the proactive elimination of new vulnerabilities to the network to the reduction of IT operational costs and improved business productivity.
An effective quarantine process can also ensure the automated enforcement of network security policies. When an organization can automatically implement and enforce consistent security policies, the number of security related incidents and the overall risk of the organization will decline.
The author is Managing Director of PatchLink