Debate: Is the best way to protect data on the network by locking down the endpoint?
by George Heron, vice president and chief scientist, McAfee
Prevention is the best medicine. Locking down the endpoint is one of the most effective ways to prevent the loss of corporate data. Three effective techniques can be used.
First, prevent attackers using viruses, spyware, key loggers, rootkits and the like from attacking an endpoint to steal data by deploying anti-virus, anti-spyware, firewall and host-based intrusion prevention.
Next, protect customer records and intellectual property with a host-based data loss prevention solution. Implementing this strategy will allow companies to control the way users send and transfer sensitive data over the network through applications and onto removable storage devices.
Finally, encrypt data at the endpoint. Even if a person has the ability to remove encrypted data, it cannot be accessed unless a person has the correct keys to decrypt the data.
The key to prevent data from being compromised is to take a layered approach. This begins by locking down the source of the data — the endpoint.
by John Peters, chief executive officer, Reconnex
Protecting your endpoints and leaving your network and file servers vulnerable to data loss is not a sound enterprise data loss prevention strategy.
Endpoint protection software is a good way to prevent users from storing sensitive information on removable devices and to protect against unauthorized transmission of information when a user is not connected to the corporate network. However, endpoint security cannot stand on its own.
To prevent data loss a company must account for its endpoints (data-in-use), its entire network (data-in-motion), and its file servers (data-at-rest).
Endpoint security software has a role in a complete information security implementation. However, due to the challenges of deploying yet another endpoint and the gap in security coverage caused by using only endpoint solutions, most organizations find it easier to start with locking down the network (data-in-motion) or server (data-at-rest). Safeguarding the endpoint (data-in-use) can be a third step to prevent a company from losing its data.
From the - January 2008 Issue of SCMagazine »