Network intrusion protection tools guard against network-based threats such as worms. While some network intrusion protection solutions rely on signatures and, therefore, guard against known attacks, other solutions provide more advanced mechanisms such as vulnerability-based signatures and protocol anomaly detection to keep unknown threats out.
While these are more common security measures, other technologies, such as application control, host integrity checking, patch management, buffer overflow protection, and encryption technologies, complete the security framework.
Application control – goes beyond personal firewall technology by expanding the definition of allowable traffic.
Host integrity checking – evaluates various security attributes to ensure that the endpoint is defended against any threats it may encounter.
Patch management – identifies and eradicates weaknesses in software code.
Buffer overflow protection – monitors endpoints for known and unknown threats that attempt to exploit buffer overflow vulnerabilities.
File and disk encryption – guards against information loss in the event that an endpoint such as a laptop is stolen or lost.
In addition to protecting managed endpoints, protecting unmanaged endpoints is critical to reduce the risk of information exposure. Since these devices are outside an organization’s control, they require “on-demand” security that does not require changes or limitations beyond the length of a specific interaction.
With this in mind, organizations can leverage several on-demand technologies, including host integrity checking, firewalls, cache cleaning, malicious code protection, and a secure virtual workspace.
On-demand host integrity checking and on-demand firewalls – provide much the same protection as their agent-based counterparts. On-demand cache cleaning – removes information remnants from browsers and application-specific caches when a session ends. On-demand malicious code protection – leverages behavioral analysis techniques to identify keystroke loggers and other malicious code that may reside on an unmanaged endpoint. On-demand secure virtual workspace – guards against information leakage by creating an encrypted workspace on the unmanaged endpoint.
Cooperation is Key
The vacation is over. Gone are the days when just a firewall or antivirus provided adequate protection. Now organizations have to choose from a wide range of tools in order to keep their information secure as it breaches the old network barrier on a daily basis. All of these resources provide realistic solutions, but no information protection strategy is effective without the cooperation of the people actually using the managed and unmanaged endpoints.
Corporate and employee security accountability is a fundamental and demanding element in a typical information security strategy. Organizations can greatly enhance their strategy’s effectiveness by itemizing corporate and employee responsibilities and implementing automation to simplify enforcement. By using these concrete responsibilities effectively, organizations can leverage technology to maintain control over both the systems under their immediate control and the devices their partners, employees, and customers rely on to conduct their affairs in today’s interconnected world.