|
 |
|
General Information
|
Add To My Personal Library |
June 6, 2008
• Vol.30 Issue 23
Page(s) 26 in print issue
|
New Security Strategies
Manufacturers Are Staying Ahead Of The Game To Keep You Safe
|
Security manufacturers are constantly inventing new ways to secure the enterprise. It seems like new strategies, technologies, and product combinations are hitting the market every day. This is a good thing, considering the fact that Symantec (www.symantec.com) just released its Global Internet Security Threat Report, which indicates that the United States, for example, accounted for 31% of all malicious activity (up from 30% from the first half of last year). Here are a few manufacturers that are offering ways to battle the onslaught of security threats that are an issue for the small to midsized enterprise.
 Safend
One security item that is prevalent among small to medium-sized enterprises lately is endpoint security. Gil Sever, founder and CEO of Safend (www.safend.com), says the need for endpoint security is becoming more prevalent due to a lack of proper training. “A recent study conducted by the Computing Technology Industry Association showed that nearly 80% of respondent organizations allow their mobile workers remote access to data on corporate networks, and less than one-third have implemented any security awareness training for those staffers,” Sever says. “Furthermore, only 10% of organizations plan to offer new security training in the coming year related to the use of PDAs, smartphones, laptops, or other mobile devices.”
According to Sever, IT managers are seeing that there is a new kind of interoperability challenge that organizations are facing as a result of deploying multiple agents on the endpoint. He explains, “Oftentimes organizations utilize a variety of vendor solutions to secure the information housed on their networks. A company may use one vendor for antivirus protection, another for their encryption needs, and yet another for device control and other endpoint data leakage prevention solutions.” Sever says many companies overlook whether these products will work well together within their organization.
Sever says Safend has a quality assurance and interoperability lab to ensure Safend’s solutions are interoperable with not only the operating systems customers and partners use but also other vendor solutions. Safend ensures compatibility with hardware, software, and operating systems by testing solutions against 32 different Microsoft operating systems and more than 120 different software applications.
Sever says organizations today need to expand their perimeter security to the unknown, mainly due to the fact that you don’t know where your workers are and what they are using. He says one of Safend’s products includes encryption and compliance features central to endpoint data leakage prevention. Sever says the technology includes new features, including built-in compliance policies for HIPAA, PCI, and Sarbox; file shadowing; enforceable external storage and removable media encryption capabilities; as well as protection against hardware keyloggers.
Sophos
Mike Haro, senior security analyst at Sophos (www.sophos.com), says his company recently released the industry’s first fully unified endpoint security and NAC solution. “Historically, it’s been challenging for endpoint and desktop managers and IT administrators to know if their users’ computers are safe, protected, and compliant with corporate policies,” Haro says. “NAC has been seen as the answer to this problem, but the technology has often been beyond the reach of most companies in terms of budget and resource.” Haro says Sophos addresses this pain by providing products that offer preventive protection and are simple to roll out.
Fortinet
Jason Wright, senior product marketing manager at Fortinet (www.fortinet.com), says his company is offering a new way to deploy security throughout the enterprise network. Fortinet has developed a security appliance with an abundance of ports (10 ports as a base model and 14 ports with an expansion card) and high throughput so that enterprises can deploy security throughout the LAN instead of only at the perimeter. He says the appliance is able to inspect at line rates so it does not slow down LAN traffic on Gigabit-per-second links.
Wright says deploying in this fashion requires several ports to place inspection at several points throughout the LAN. “Large enterprises have been doing this for some time because they can afford high-speed devices with high port count. Until now, midrange devices (under $10,000 list price) have never offered enough ports or throughput to do this, historically leaving midrange networks to deploy security only at the perimeter, leaving LAN segments vulnerable to each other,” he says. “Deploying protection at LAN segmentation points enforces a more granular policy, isolates security events introduced from the LAN side (think traveling salesperson who plugs into the LAN with an infected laptop), increases security, and gives IT administrators more control and visibility over their network.”
In Wright’s opinion, Fortinet devices offer an evolved way to deploy security in a network. “Many organizations have deployed multiple security devices (firewalls, IPS, antivirus gateways, antispam, and Web-filtering gateways, etc.) to leverage new technologies against new threats,” he notes. “This leaves a customer with five security products, five management consoles, [and] five vendors to deal with and also creates difficulty when trying to troubleshoot. Let’s not forget high operational costs, as well as the high capital expenditures to buy all that equipment.”
eEye
Morey Haber, vice president of product management for eEye (www.eeye.com), says his company is offering a new way of thinking about security and integrated threat management for the SME. eEye offers a standalone tool (fixed appliance) in a small form factor that allows you to place the tool in a closet without the need for a rack. Haber says when an enterprise combines the native capabilities of the tool with another product called Iris Network Traffic Analyzer, it can perform vulnerability assessment and analyze traffic patterns all in one host. He says the appliance has dual gigabit NICs, so looking for abnormal traffic is “a breeze without repatching the device.”
Haber says eEye solutions have traditionally been available only as software. He says eEye presently offers vulnerability management in any form factor to meet a client’s needs. The software and appliances are fully compatible, and clients can mix and match a vulnerability assessment architecture to meet individual needs. As security needs change, client needs change, as well. It’s all part of keeping the enterprise locked down. 
by Chris A. MacKinnon
Cross-Platform Server Isolation
Apani Networks (www.apani.com) has developed a security concept where servers, endpoints, and business-critical data are isolated into security zones. After computers are isolated in zones, Apani’s EpiForce controls access to these zones and encrypts communication between the computers in the zones (the platform type and the physical location of the computers do not matter). This is a layered approach that mitigates risk if a breach occurs.
Apani’s EpiForce solution provides cross-platform server isolation through a software-based architecture that enables the following disciplines:
Logical Security Zoning: Enables a large, flat corporate network to be separated into isolated security zones without reconfiguring the network and without regard to physical location.
Policy-Based Encryption Of Data In Motion: Enables encryption to be applied in a granular, port-level deployment, encrypting only those communications required to be confidential. |
Latest Endpoint Security From Safend
“Security professionals are wary of the uncontrolled endpoint access via convenient endpoint connections like USB and Wi-Fi,” says Gil Sever, founder and CEO of Safend (www.safend.com). “Business and security executives are always looking for solutions that maintain a balance between employee productivity and freedom [to] use removable devices in their computers, while still ensuring robust data security. Our solution provides small to midsized enterprises with the visibility and control needed to securely utilize new communication and removable storage technologies while maintaining increasingly stringent regulatory requirements.” |
|
|
