Feeds

End point security attracts new vendors

Start-up securing market share

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Quocirca's changing channels End point security is a fast maturing market and is becoming big business. Many of the major vendors have products, or at least future plans. But it is still worth resellers looking at some of smaller vendors who have interesting new products and ideas.

End points include everything from desktop PCs, printers, wireless access points through to some of the most vulnerable; mobile devices such as laptops, PDAs and smart-phones.

On any network the key is making sure devices that are supposed to be there are, that they are safe, and remain safe, and are used by users authorised to do so. Obviously, mobile devices are the most vulnerable - they regularly reattach to networks having been who knows where. But it is not just mobile devices: printers with their own operating system and storage capacity can be added to networks on an ad-hoc basis and, if not secured, can be compromised. A wireless access point can be added to a network with ease and who knows who might be accessing it. Once you get down to the level of USB devices the nightmare of monitoring activity on a large network becomes clear.

Giving employees the benefit of the doubt (for the time being), let's assume their threat to the network is benign. If this is the case, all we need to do is to make sure that their devices, especially mobile ones, start off and remain secure. This requires having a personal firewall, anti-virus and other content security software installed on each device. But just as important is ensuring this remains up to date. To do this the device needs checking each time it reattaches to the network. This is the driver behind Cisco’s Network Admission Control initiative (NAC).

NAC validates a device when it attaches to the network, whether from a local or remote location, making sure security software is up to date – it can also check the patch level of the operating system. While this is a Cisco initiative, it has attracted a high level of interest - 22 other vendors are already shipping compliant versions of their products and many more are in development. This means your anti-virus or patching software, if NAC enabled, will be able to interface to the Cisco Trust Agent when it attaches to the network and any required updates can be automatically applied. If the Trust Agent identifies something it is unable to fix, the device can be quarantined. NAC is not the only show in town; Microsoft is working on something similar called Network Access Protection (NAP) to be supported in the next versions of its desktop and server operating systems. Microsoft and Cisco have been mumbling about co-operation.

For NAC to work there needs to be software on the end point that can communicate with the Cisco Trust Agent, although it can be enabled third party software. But, what about all those less intelligent end points and other activity that might go on? Let's put less trust in the employee and assume they may be up to no good. What if they try to use mass storage USB devices to steal company information or send confidential attachments via an instant messenger? What if a printer is installed with an already compromised operating system? This requires constant end-point monitoring.

Symantec recognised this and, in October 2005, bought one of the early leaders in this market – Sygate. The Sygate product can monitor all end points - from PCs to printers and photocopiers. It knows what is authorised to be on the network, when something new appears, and what sort of state it is in. Similar products are available from other vendors, like McAfee’s Policy Enforcer, SecureWave’s Sanctuary and StillSecure’s Safe Access.

With all this activity in a fast maturing market it would be brave to be a start-up. But that is just what an Israeli company Promisec is doing. Having launched its Spectator Professional product just a year ago, it is now going to try and crack Europe.

Promisec has some advantages - it has learnt from what has gone before and has produced a completely clientless product. This means it can be used to monitor any device on the network and report on its behaviour. Currently, it can only fix Windows devices, uninstalling applications, reversing registry changes, killing processes etc. Working with white-lists and black-lists, Spectator can be used to define what behaviour is and isn’t allowed on a network. Use of instant messaging can be banned or controlled, the use of certain USB devices can be prevented or reported on. However, perhaps one of the most interesting initiatives from Promisec is one that could really help resellers with their day to day work.

The trouble with all IT security is convincing the customers it is something they need to invest in, especially cash strapped small businesses. Resellers and vendors alike can (perhaps unfairly) be accused of scaremongering. Promisec will licence its product to resellers to sell as an auditing service. For a fixed fee a reseller can use it to audit a customer’s network for a period of time and show them just what is going on. Of course, Promisec hopes this will lead to a sale in the longer term, but once a business gets a better view of exactly what is happening on its network, it may decide it has more urgent investments to make first – still an opportunity for the reseller though.

Bob Tarzey is a service director at Quocirca focused on the route to market for IT products and services in Europe. Quocirca (www.quocirca.com) is a UK based perceptional research and analysis firm with a focus on the European market.

Copyright © 2006,

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.