What are organisations and vendors doing to provide for the security of systems behind the Internet perimeter?
Host security can be broadly defined in a comprehensive host security system that encompasses configuration management, virus scanning, host intrusion detection/protection, and firewall capabilities. However, the deployment of these technologies may still fail if not updated or improperly configured. Thus, organisations are looking to validate host/endpoint security through checking the correct configuration and operation of host security controls before allowing connections to internal systems. When the workstation connects, whether attached directly to the corporate LAN or remotely via a VPN tunnel, endpoint security verifies that the system is hardened, properly patched, running up to date anti-virus software, and that the host firewall is up and running with the proper rulebase before allowing it to connect to the internal network.
The validation of security controls is being done today by vendors such as Sygate and Zone Labs through open integration with networking vendors such as Enterasys, Nortel, and Cisco. There are currently several large organisations that are working with these vendors to validate endpoint security in their enterprises. Recent announcements from Cisco and Checkpoint further validate the market demand for endpoint security.
Cisco has recently announced Network Admission Control, with support from leading vendors such as Network Associates, Symantec, and TrendMicro. However, this solution is not in place today. Cisco NAC is built upon proprietary technology that will require network infrastructure software upgrades, lacks openness, a breadth of operating system support, and is futuristic with promises for code to be released in mid-2004. With the infrastructure support for NAC so far off, it will be 12 to 18 months before infrastructure code is upgraded and we begin seeing adoption of NAC solutions. While Cisco offers host intrusion protection today, it is not the complete solution that organisations are looking for today and does not extend to the validation of the configuration of the system and its security components.
The announcement of Check Point's plan to acquire Zone Labs further validates the market for endpoint security. Through this acquisition Checkpoint will have a broad and complete firewall solution from the gateway to the endpoint. This will allow organisations to define and centrally manage security policies from the perimeter to the desktop. The challenge for Check Point is that the responsibility for this breadth of offering may fall within different IT domains. Often the network team is responsible for network and firewall security while the systems administrators are responsible for host security controls.
Endpoint security is here today, and it is more than personal firewalls and anti-virus. Organisations looking for endpoint security solutions should evaluate the offerings from Sygate and Zone Labs. These, when combined with other security agents such as anti-virus and intrusion prevention, offer robust solutions validating the secure configuration and operation of endpoints.
Organisations feeling the business impact because of insecure endpoints, waiting 12 months or more to develop an endpoint security strategy should be approached with caution. However, those few who already have a strong handle on security configuration management and validation of security controls on endpoints may want to wait as this market irons itself out over the next year.