The increased sophistication and resultant impact of security threats has become a main talking point, enjoying strong and well-deserved media coverage, writes Tich Mugwara, Symantec enterprise security product specialist at Drive Control Corporation.
And, while some topics do tend to be over-publicised, security can always do with more exposure as it is a very real issue that impacts all organisations, irrespective of their size or industry.
As professional hackers continue to develop new tactics, so we should evolve with them; becoming more vigilant and educated, thwarting their best efforts while protecting our valuable information assets.
The reality is antivirus, anti-spyware, and other signature-based protection measures are not enough anymore. And while they do still play a role in protecting notebooks, desktops, and servers, they are now part of a bigger picture and solution.
In order to effectively protect organisations' security endpoints (individual devices) against sophisticated threats-including unknown threats and zero-day attacks-companies must implement a proactive endpoint security strategy.
Unfortunately for many organisations, implementing proactive endpoint security means installing multiple products from a variety of vendors, which is not only time consuming but increases costs and complexity.
Furthermore, this array of applications can actually create security gaps – as they are not designed to work together – and may require high resource consumption that can impact overall system performance.
The key is to partner with one security vendor that offers a comprehensive, multi-layered endpoint solution that mitigates the above challenges and risks while protecting your company 'endpoints' in a comprehensive and industry leading manner.
There are currently offerings available that consolidate multiple endpoint protection technologies into a single integrated agent that administrators can control from a unified management console.
These solutions also offer the best of both worlds, if you will, as they combine strong antivirus and anti-spyware signature-based protection with firewall, device control, and proactive intrusion prevention software. In addition, they employ threat prevention to protect the organisation against not only known but also unknown malware, including viruses, worms, Trojan horses, spyware, and adware.
Importantly, these solutions fortify the organisation against sophisticated attacks that evade traditional security measures such as rootkits, zero-day attacks, and mutating spyware.
Looking at rootkits (stealth applications or scripts used by hackers to gain undetectable administrator-level access to a system) it typically requires thoroughly analysing and repairing the OS (operating system), a function which an antivirus solution won't be able to do.
Endpoint solutions, however, are designed to provide a deeper inspection into the file system, enabling the analysis and repair processes necessary to remove even highly difficult rootkit attacks.
Endpoint firewalls are a critical part in an organisation's suite of armour as they not only block internal network attacks from breaching endpoints connected to the network, but prevent these threats from leaving the initially infected endpoint.
Critically, endpoint solutions increase proactive and defensive security management as it enables administrators to create custom rule-based intrusion prevention signatures tailored to a specific environment.
This, for example, eliminates the need to wait for an OS or application vendor to create patches for known vulnerabilities, thus providing administrators with comprehensive, proactive control over endpoint security.
A comprehensive endpoint security solution offers the following important benefits to organisations that cannot be ignored:
* Comprehensive protection-integrates best-of-breed technologies to stop recent and sophisticated security threats;
* Proactive protection which scores both good and bad behaviours of unknown applications, enhancing detection and reducing false positives without the need to create rule-based configurations;
* Single agent which means an array security technologies are integrated into a single agent and a centralised management console; and
* Lowers TCO as it reduces administrative overhead as well as the costs associated with managing multiple endpoint security products.