Jun 23, 2008

An Integrated approach to Secure and Manage Endpoints

This article written by Richard Velasco, Symantec's Senior Technical Consultant for Philippines, was sent to me by Ardent Communications. Richard is responsible for strategic engagements with Symantec customers on their security infrastructure requirements.

Managing the dynamics of endpoint infrastructure is a challenging task. Organizations today need proactive endpoint security measures that can protect against zero-day attacks and unknown threats. With the current threat landscape which is full of stealthy, targeted, and financially motivated attacks, organizations are facing an increasingly complex security environment. Many sophisticated threats can evade traditional security solutions, leaving organizations open to data theft and manipulation, disruption of business, and damage to corporate brand and reputation.

Deploying security solutions individually on each endpoint is not only time-consuming, it also increases IT complexity and costs. Organizations then need to provide management, training, and support for a variety of different endpoint security solutions.

This article outlines a new approach to securing and managing the enterprise endpoint computing environment.

Business problems at the endpoint
The IT department at a typical enterprise these days finds itself fighting some pretty fierce fires:

* Endpoint management costs are increasing The cost of downtime impacts both productivity and revenue. According to a recent study by Infonetics Research, network downtime caused by security attacks is costing large enterprises upwards of US$30 million a year. In addition, the costs to acquire, manage, and administer point products are increasing, as is demand on system resources.
* Complexity is increasing as well The manpower required to manage disparate endpoint protection technologies is inefficient and time-consuming. Also, differing technologies can often work against one another or impede system performance due to high resource consumption.
* Growing number of new known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain. One gauge of the growing sophistication of attacks is the appearance of blended threats, which integrate multiple attack methods such as worms, Trojan horses, and zero-day threats.

An integrated approach
Antivirus, antispyware, and other signature-based protection measures, which are primarily reactive, may have been sufficient to protect an organization’s vital resources a few years ago, but not today. Organizations now need proactive endpoint security measures that can protect against zero-day attacks and unknown threats. They need to take a structured approach to endpoint security, implementing a solution that not only protects them from threats on all levels, but also provides interoperability, seamless implementation, and centralized management.

Symantec’s approach to endpoint protection provides advanced threat prevention that protects endpoints from targeted attacks as well as attacks not seen before. It includes proactive technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as administrative control features that allow administrators to deny specific device and application activities deemed as high risk for the organization. They can even block specific actions based on the location of the user. In the case of an infected endpoint, security products repair the damage by disinfecting or quarantining the system. The remediation process is then completed by deploying the necessary patch.

This approach calls for consolidating endpoint protection technologies in a single, integrated agent that can be administered from a central management console. The goal is to increase endpoint protection while eliminating the administrative overhead and costs associated with multiple security products.

Comprehensive protection
Organizations need a holistic approach to endpoint security that protects from threats at all levels. Traditional antivirus and antispyware solutions are no longer enough.

Symantec’s approach boosts protection and lessens overhead and costs of managing endpoint security by providing a single agent administered via a single console. It is an approach that can save organizations time and money while protecting their assets and business.

No comments: