The systems management imperative: Achieving more effective perimeter security from the inside out
David Kloba, general manager, Endpoint Systems Management, Dell
To stay relevant in a highly competitive market and remain compliant in a complex regulatory environment, companies rely on IT to support rapid modernization of infrastructure and business processes. Resource-limited IT teams, however, often find themselves fighting an uphill battle when it comes to protecting data from security threats.
A new generation of cyber attacks stemming from megatrends, such as BYOD, mobility, cloud computing and Internet of Things, introduces new risks that are compounded by a rise in both accidental and malicious internal threats. While traditional firewalls and intrusion prevention solutions are a critical component of and are highly effective at preventing outside threats from infecting—and affecting—corporate networks and critical data, these solutions are only one part of an organized and effective security strategy. Even a well-maintained firewall can become irrelevant if threats arise from within an organization and leave endpoint devices and systems vulnerable.
A combination of inventory and asset management, patch management and configuration enforcement, is an essential layer of security that helps protect companies from the inside out. Through a wide variety of reporting and remediation capabilities, it's essential to safeguard corporate networks and data from internal threats, such as unknown devices accessing the network, unpatched systems, out-of-date software with known security issues, improper security configurations and unauthorized users with administrative privileges, as well as mobile users accessing data from both corporate-issued and personally owned tablets and laptops.
Though many companies recognize that effective inventory and asset management is important for eliminating unnecessary spending on software licenses and hardware, they may not realize that it is also essential for preventing unwanted access to internal systems.
Let's consider the following scenario: A harried administrator quickly configures 10 laptops to be used as spares and for new hires. Over the next few weeks, some of these laptops are given to new hires and some replace broken computers. Several employees resign and turn in their laptops, but the busy administrator inadvertently gives out one as a replacement that has access to highly sensitive data as a replacement system. Additionally, the beleaguered IT person fails to discover that one laptop is missing. As a result, no matter how strong the perimeter is, the company is now at risk—and may not know it until it's too late.
Understanding the current state of a hardware asset, such as a laptop, can ensure that it is properly checked for sensitive data before it is decommissioned or given to another employee with different access rights. Similarly, properly tracking software assets can provide IT with the detailed information needed to ensure compliance with internal security policies and governmental regulations. In addition to the potential for introducing threat vectors to the network, compliance failure can result in costly fines and even more costly damage to an organization's reputation.
Additionally, A single unpatched machine on a network can open an organization to significant risk. While it may be easy to manually track patches from Microsoft, which are issued on a regular schedule, it is far more difficult to ensure that the patches have been installed on every one of the 50, 500 or 1,000 laptops that IT manages. Equally tough is tracking the release of patches for any Mac and Linux machines along with the glut of new printers, scanners and other devices that now connect to a network.
Today, it's imperative that companies track all the relevant patches that have been issued and installed. Relying on manual IT processes to handle patches can be cumbersome and ineffective. Relegating this task to end-users can be dangerous, as unpatched systems and out-of-date software can create an open invitation for malware to enter an organization.
While patches come from vendors and should, as a matter of good security policy, be applied rapidly and universally, configuration settings and the enforcement of those settings are determined by IT to meet the needs of a particular organization.
Is there one standard browser used by the organization? If so, how is it configured? Does it go through a proxy server? Are the anti-virus definitions up to date on every device? Does every device have the latest and safest version of Java, Flash and Acrobat Reader? These are important yet often overlooked questions that can lead to unnecessary risks.
Inconsistent configuration enforcement across an organization can create vulnerabilities to security breaches just like an unpatched device or a hole in a firewall. Take the recent Heartbleed incident as an example. One of the remediation steps your organization might need to take is revoking or replacing SSL certificates across all of your endpoints. Having a system in place that allows you to review what machines have what configuration and then update that configuration to the new corporate standard quickly will reduce the time attackers have to compromise your systems.
By approaching security from all touchpoints, organizations can strengthen corporate security by eliminating the potential for “inside” breach vectors that make it possible to circumvent an effective firewall. Effective security ensures that each device is properly configured with the latest versions of software and up-to-date virus protection—and alert an administrator when problems arise. Through automation, centralization, reporting and alerts, it will be easy for even a resource-strapped IT department to track and manage the thousands of potential threat vectors that exist in every business.