Feeds

End point security attracts new vendors

Start-up securing market share

  • alert
  • submit to reddit

SANS - Survey on application security programs

Quocirca's changing channels End point security is a fast maturing market and is becoming big business. Many of the major vendors have products, or at least future plans. But it is still worth resellers looking at some of smaller vendors who have interesting new products and ideas.

End points include everything from desktop PCs, printers, wireless access points through to some of the most vulnerable; mobile devices such as laptops, PDAs and smart-phones.

On any network the key is making sure devices that are supposed to be there are, that they are safe, and remain safe, and are used by users authorised to do so. Obviously, mobile devices are the most vulnerable - they regularly reattach to networks having been who knows where. But it is not just mobile devices: printers with their own operating system and storage capacity can be added to networks on an ad-hoc basis and, if not secured, can be compromised. A wireless access point can be added to a network with ease and who knows who might be accessing it. Once you get down to the level of USB devices the nightmare of monitoring activity on a large network becomes clear.

Giving employees the benefit of the doubt (for the time being), let's assume their threat to the network is benign. If this is the case, all we need to do is to make sure that their devices, especially mobile ones, start off and remain secure. This requires having a personal firewall, anti-virus and other content security software installed on each device. But just as important is ensuring this remains up to date. To do this the device needs checking each time it reattaches to the network. This is the driver behind Cisco’s Network Admission Control initiative (NAC).

NAC validates a device when it attaches to the network, whether from a local or remote location, making sure security software is up to date – it can also check the patch level of the operating system. While this is a Cisco initiative, it has attracted a high level of interest - 22 other vendors are already shipping compliant versions of their products and many more are in development. This means your anti-virus or patching software, if NAC enabled, will be able to interface to the Cisco Trust Agent when it attaches to the network and any required updates can be automatically applied. If the Trust Agent identifies something it is unable to fix, the device can be quarantined. NAC is not the only show in town; Microsoft is working on something similar called Network Access Protection (NAP) to be supported in the next versions of its desktop and server operating systems. Microsoft and Cisco have been mumbling about co-operation.

For NAC to work there needs to be software on the end point that can communicate with the Cisco Trust Agent, although it can be enabled third party software. But, what about all those less intelligent end points and other activity that might go on? Let's put less trust in the employee and assume they may be up to no good. What if they try to use mass storage USB devices to steal company information or send confidential attachments via an instant messenger? What if a printer is installed with an already compromised operating system? This requires constant end-point monitoring.

Symantec recognised this and, in October 2005, bought one of the early leaders in this market – Sygate. The Sygate product can monitor all end points - from PCs to printers and photocopiers. It knows what is authorised to be on the network, when something new appears, and what sort of state it is in. Similar products are available from other vendors, like McAfee’s Policy Enforcer, SecureWave’s Sanctuary and StillSecure’s Safe Access.

With all this activity in a fast maturing market it would be brave to be a start-up. But that is just what an Israeli company Promisec is doing. Having launched its Spectator Professional product just a year ago, it is now going to try and crack Europe.

Promisec has some advantages - it has learnt from what has gone before and has produced a completely clientless product. This means it can be used to monitor any device on the network and report on its behaviour. Currently, it can only fix Windows devices, uninstalling applications, reversing registry changes, killing processes etc. Working with white-lists and black-lists, Spectator can be used to define what behaviour is and isn’t allowed on a network. Use of instant messaging can be banned or controlled, the use of certain USB devices can be prevented or reported on. However, perhaps one of the most interesting initiatives from Promisec is one that could really help resellers with their day to day work.

The trouble with all IT security is convincing the customers it is something they need to invest in, especially cash strapped small businesses. Resellers and vendors alike can (perhaps unfairly) be accused of scaremongering. Promisec will licence its product to resellers to sell as an auditing service. For a fixed fee a reseller can use it to audit a customer’s network for a period of time and show them just what is going on. Of course, Promisec hopes this will lead to a sale in the longer term, but once a business gets a better view of exactly what is happening on its network, it may decide it has more urgent investments to make first – still an opportunity for the reseller though.

Bob Tarzey is a service director at Quocirca focused on the route to market for IT products and services in Europe. Quocirca (www.quocirca.com) is a UK based perceptional research and analysis firm with a focus on the European market.

Copyright © 2006,

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.