Internal Security Threats
Aside from regulatory compliance are the escalating security threats that manifest themselves within your organization.
According to a survey conducted by the Ponemon Institute, nearly 70 percent of the threats to network security and integrity come from malicious employee activity or non-malicious employee errors. One reason for the increasing number of internal threats is the rise of increasingly diverse storage technologies. There are many ways by which data can enter and leave a system, from USB flash drives to seemingly innocuous MP3 players.
In particular, USB flash drives represent a new threat that nearly every computing environment faces. At first, we all loved USB drives for their size and simplicity, but now, as the tiny devices have become very affordable and ubiquitous, USB drives now have become surprisingly threatening. Who knows what your users are doing with those USB drives when they're not connected to your network? RedCannon Security extends security policy beyond the network perimeter to manage the USB drive's entire lifecycle, from provisioning to remote destruction. RedCannon keeps track of all online or offline device activity and history to help provide evidence in support of regulatory compliance.
As you know, data can swiftly enter and leave a system without anyone knowing. In fact, according to a recent FBI Computer Crime Survey, 44 percent of organizations reported that they had themselves been responsible for network intrusions. Theft of sensitive data is only one part of the problem. Many removable media devices upload viruses, spyware, or software that can affect the entire infrastructure.
Security-policy management solutions can help you implement policies in your organization to safeguard the devices that you allow in your network. However, security policies don't typically allow for managing and monitoring endpoint devices. Therefore, it's important to take a look at the solutions in this market that focus strictly on endpoint security. For example, GFI Software's GFiEndPoint-Security helps you manage, access, and log activity to many kinds of devices, including PDAs, memory cards, CDs, and mobile phones. The product also helps you protect against infiltration through such devices as Bluetooth cards and network cards.
Layton Technology's similar solution, DeviceShield, lets you control access to ports, device types, and even specific device models. It lets you assign read and write permissions to removable media devices at every level of your organization, whether across the company or for individual users. Check out our review of DeviceShield on page 35.
Of course, when you're making buying decisions in this market, you should always consider Symantec, a company that offers a number of solutions in this space. And to check out one more endpoint security solution, see "SmartLine DeviceLock," June 2006, InstantDoc ID 49916.
For some organizations, managing and controlling endpoint devices might not be enough—and that's where a company such as NetSupport comes into play. NetSupport adds an additional layer of security on top of endpoint security solutions to protect against unwanted or malicious changes to your system.
A Least-Privilege World
Much of security-policy management is connected to privileges, so it's important to know who has privileges to a certain file server or who has privileges to a specific application. Winternals Software's Protection Manager uses the principle of least privilege to provide users with just the permissions they need to perform their jobs efficiently. To comply with best practices and regulatory-compliance directives, this solution allocates only the necessary privileges to users and provides four security levels, including Allow, Run with administrative privileges, Run as limited user, and Deny.
Desktop Standard also offers a least-privilege solution: PolicyMaker Application Security lets you use Group Policy conventions and Policy Maker's own per-setting filters to attach permission levels to applications.
Emerging Technologies
If you're unfamiliar with Network Access Control (NAC) or Network Access Protection (NAP) technologies, you'd better listen up. NAC is an emerging technology that many vendors such as Cisco, Trend Micro, Still-Secure, and Mirage Networks are starting to adopt. NAC solutions determine a computer's state of health and perform a series of checks (e.g., antivirus signatures, patches) before granting computers access to your network. Microsoft is also adopting NAClike technologies; however, Microsoft refers to this technology as NAP and is building it into Windows Vista and Longhorn Server.
Only the Beginning
Expect a deepening of security at all levels of the infrastructure. This market is growing, and organizations are starting to make policy management their first priority. Remaining compliant with regulatory compliance and industry best practices will continue to be vital, and you'll need to make sure you have the appropriate solutions in place.
We'll continue to see security-policy management solutions that once focused on reactionary approaches move more toward proactive approaches. Time is money, after all, and beleaguered IT managers can't afford to be constantly interrupted to react to the latest security problem. Although increasing security often means new difficulties in learning to adapt, the current security-policy management solutions on the market are well on their way to adapting to future trends.
Register
