Altiris makes security location-aware
Lock up your ports and limit your apps
Location-awareness will be the next big thing in device security, claimed Altiris as it became the latest vendor to jump into the increasingly crowded market for endpoint security software this week.
As well as all the usual capabilities to control USB and wireless usage, block keyloggers and spyware, and so on, the Altiris software can apply rules that depend on the device's current location.
"Organisations tend to try to control by saying that things are not allowed, but that doesn't work," says Altiris marketeer Chris Ewing. "So you need the ability to flexibly control policy depending on where the user is.
"Our control is more granular than Vista's, for example. We can define locations, types of devices, the type of wireless networks to connect to the level of encryption required, and so on."
So it might allow you to copy data to an encrypted USB stick, but not an ordinary one, enforce the use of a VPN on a public Wi-Fi hotspot, make a device read-only when it's out of the office, or block data transfers via infra-red or Bluetooth.
The client security software works with other Altiris applications that set security policies, scan for viruses and security patches, quarantine out-of-compliance systems for fixing, and so on.
Altiris also added software to centrally manage the administrator passwords for PCs. Ewing said that by generating randomised passwords and storing them in the main configuration management database, this avoids the risks inherent in admins using the same password for everything.
She added that next week the company will introduce application control software that prevents unknown or unauthorised programs from running. As well as blocking malware and preventing users from installing their own software, this will allow different applications to run with different privileges on the same system.
"You can demote privileges, for example to stop Internet Explorer running with admin rights, or promote older applications that need admin rights to run," Ewing said.®
Sponsored: Network DDoS protection