Patrick Evans, regional director for Africa at Symantec, explains why the security industry is moving towards a unified proactive approach to endpoint protection.
The IT threat landscape has changed radically over the last few years.
In the past, the majority of attacks were largely attention-seeking from hackers and malcode writers. Today businesses and individuals face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices.
With the current threat landscape and the mobile workforce extending the perimeters of organisations' computing infrastructures, endpoints have become a primary target for exploits and attacks. A threat often first infects a single laptop while outside the network perimeter, and then when the laptop connects to the internal network, the threat spreads to other endpoints.
One gauge of the growing sophistication of attacks is the appearance of blended threats which integrate multiple attack methods such as worms, Trojan horses, and zero-day threats to obtain sensitive information.
Many of these sophisticated threats can evade traditional security solutions, leaving organisations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation.
With the industry's increased attention on endpoint security, a variety of products have recently entered the antivirus and antispyware market.
While many of these first- and second-generation solutions provide a level of security, they often fall short of full protection. Many technologies only work on one operating system, while others lack the ability to interoperate with other essential endpoint security technologies, such as personal firewall, device control, and intrusion prevention.
To stay ahead of this emerging breed of stealthy and resilient security threats, the security industry has shifted its focus on infrastructure endpoint protection, which includes proactive security measures that can protect against zero-day attacks and unknown threats. However, this often translates into ensuring that each endpoint in an organisation has antivirus, antispyware, desktop firewall, intrusion prevention, and device control technology installed on it. Deploying these security products individually on each endpoint is not only time-consuming, but it also increases IT complexity and costs. Additionally, organisations then need to provide management, training, and support for a variety of different end point security solutions. These differing technologies can often work against one another or impede system performance due to high resource consumption.
Symantec has taken the lead to reduce the complexities and costs associated with deploying and managing multiple solutions by taking more of an holistic and unified approach to protecting endpoints, therefore providing interoperability, seamless implementation, and centralised management. A single, multilayered approach significantly lowers risks of viruses, spam, known and unknown threats and eliminates the administrative overhead and costs associated with multiple security products.
The consolidation of capabilities into a single endpoint security solution also enables operational efficiencies such as a single communication method and content delivery system across all of its security technologies. Service configuration and exclusions can be performed globally at a single point on the client or at the management server. Furthermore, automated security updates to the agent provide immediate protection from the latest threats.
These features give administrators flexibility and control to protect endpoint devices in a manner that meets their organisation's unique requirements, where features and options can be easily turned on or off by the administrator at any time.
For example, device control technology allows administrators to determine and control what devices are allowed to attach to an endpoint.
It can lock down an endpoint, preventing removable drives, CD burners, printers, and other USB devices from connecting to the system. The ability to block device connections helps prevent viruses spreading through these types of devices and minimises the risk of data compromise or data theft.
Unified endpoint security is the only viable solution to stay protected.
An increasing number of organisations, particularly financial institutions and telecommunications companies, are changing their information security infrastructure in total. It is anticipated that end point security will be one the fastest growing investment areas among businesses in the coming years as they realign their security strategies with the latest security trends.