0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
35 Ansichten5 Seiten
Effective user end point security must address managed and unmanaged device. This requires centralised as well as on device controls. The best starting point is to focus on data.
Originalbeschreibung:
Originaltitel
Buyer's guide: belt and braces: covering all the endpoint security angles
Effective user end point security must address managed and unmanaged device. This requires centralised as well as on device controls. The best starting point is to focus on data.
Effective user end point security must address managed and unmanaged device. This requires centralised as well as on device controls. The best starting point is to focus on data.
Buyer's guide: Belt and braces: covering all the endpoint
security angles August 2014
Bob Tarzey, Analyst and Director bob.tarzey@quocirca.com, +44 7900 275517
Quocirca Comment: effective user end point security must address managed and unmanaged device, this requires centralised as well as on device controls. The best starting point it to focus on data.
Buyer's guide: Belt and braces: covering all the endpoint security angles August 2014 http://www.quocirca.com 2014 Quocirca Ltd
The question of how to "keep end user computing secure" is complex due to the proliferation of device types, the places users are when they use them and the networks they connect via.
Making matters worse is the issue of device ownership, a recent Quocirca report, Getting to grips with BYOD, shows that the majority of organisations now accept user-owned devices being used at some level for work purposes.
So, where to start with ensuring all end user computing as secure as possible? A Chief Information Security Officer (CISO) once told Quocirca that their organisations starting point was to regard all devices as potentially hostile, regardless of ownership thats not a bad idea, a good device once compromised can soon become a bad one.
However, other considerations must also be taken into account, in particular the degree of control that can be asserted over a device.
Managed and unmanaged devices
Managed devices are those an organisation owns and can do what it likes with even though the custodian is one of its users. Applications can be installed, software licence use is controlled and punitive measures, such a device wiping, can be taken out when devices are lost. A granular approach is necessary. The measures taken for a marketers laptop will be different to those appropriate to a field service engineers mobile device or a health workers tablet. Devices that stay firmly behind the firewall, including virtual desktops, will be treated differently to those than never come home.
Unmanaged devices are those owned by employees or users from third parties and are harder to impose control over. In some cases, permission may be sought to install software on user-owned devices, so they are part-managed, however, this cannot be open-ended as unknown numbers of licences will be needed and the chosen security measures may not be available for all the device types and operating systems required.
Data first
If controls are applied to data itself, then the device is less important managed or unmanaged. This requires that an organisation has a good knowledge about its data assets, in particular intellectual property (IP) and regulated data. Achieving this is a core capability of some of the product categories reviewed in this article. These fall in to two main groups: centralised controls and on-device controls.
For each, the level of protection that is applied to data and the applicability of each control to
Buyer's guide: Belt and braces: covering all the endpoint security angles August 2014 http://www.quocirca.com 2014 Quocirca Ltd
managed and unmanaged devices are discussed. No one technology or vendor provides all of the protections a given organisation will require; most will need a mix of approaches. As always with information security, when it comes to end user computing a layered approach is necessary time to tighten the belt and pull up the braces.
Centralised controls With centralised controls the aim is to protect data and/or devices, often without the need for any software to be installed on devices, when this is the case such controls apply to both managed and unmanaged devices.
Network access control (NAC) NAC is primarily a network defence controlling what devices have access. However, NAC has a role to play in maintaining the hygiene of user devices. Whenever a managed device attempts to attach to the home network its security status can be ascertained and necessary actions taken. NAC products that can operate without pre-installed agents can extend controls to unmanaged and unknown devices. Vendors include the network majors; Cisco, Juniper and Aruba and specialists such as ForeScout, Bradford Networks and Portnox. A 2013 Quocirca report, Next- generation network access control, looked at some of the real-world uses cases for NAC.
Data loss prevention (DLP) DLP monitors data in transit over networks to prevent it ending up where it should not be. The primary aim is to prevent the theft and careless usage of data. DLP also has a role to play when it comes to end user computing, as rules can be set for what users have the rights to access what data from which devices and where. All the leading DLP suppliers have been acquired by larger security vendors including CA, Symantec, Websense, EMC/RSA, McAfee and Trend Micro.
Digital rights management (DRM) DRM can apply controls to data even when it has been copied to a users device. This is achieved through linking access to an online policy server. For example, a user may be able to read a document on a device but not print it, forward it or copy. A recent Quocirca report, What keeps your CEO up at night? looks at the use of DRM to prevent data misuse by insiders. Microsoft has DRM capability embedded in several of its products. A host of smaller vendors take a broader end user-centric approach to DRM, such as Fasoo and Verdasys.
End point management and mobile device management (MDM) For completeness it should be pointed out that making sure the system and security software installed on managed devices is kept up to date is an essential part of securing end user computing. This is the role of end point and mobile management tools. This is especially important if automated operating system updates are not switched on.
Security information and event management (SIEM) SIEM is not an end point management technology in itself. However, it does have two important contributions to make. First, it allows behaviour of applications and users on end points to be reviewed in a broader context. For example, two access requests by the same user from different devices being made from widely separated locations in a short space of time can be identified as a potential issue. Second, many end user security tools can provide a feed to SIEM and forensics systems when investigations are being made following an incident.
On-device controls On-device controls are mainly applicable to managed devices. In many cases devices are compromised because they are lost or stolen. When a device ends up in the wrong hands the new owner will often just seek to reset and
Buyer's guide: Belt and braces: covering all the endpoint security angles August 2014 http://www.quocirca.com 2014 Quocirca Ltd
resell the device with little interest in the data stored on it. However, asserting that this is likely to be the case will not satisfy regulators when sensitive data has been involved, better levels of assurance are required.
Device access controls One of the most obvious protections that can be put in place is to require a password or stronger level of authentication (such as a finger print) for accessing a device. In differing ways, such controls are built into operating systems and they just need to be activated. However, a determined thief will generally find their way around device access controls.
Encryption When centralised controls (or lack of them) have permitted sensitive data to be stored on a device, local encryption should be used to provide protection. Encryption capabilities are embedded in most operating systems. Symantec PGP, SafeNet and others provide cross-system support. Encryption keys are often linked to device access controls, so if these are compromised so is the data. Furthermore, when the data is actually in use it is not protected, so users can still copy it and forward and malware writers often aim to get around encryption be accessing data in use by memory scraping. Encryption can be also turned against users; ransom-ware encrypts data and demands a fee for the key.
Traditional anti-malware Random and opportunistic malware is still finding its way on to many poorly protected devices aiming to steal personal data, recruit to botnets or extort a ransom. Traditional anti- malware products from the major security vendors and specialists such as Kaspersky, Panda, AVG and Avast all help protect devices from random malware, black listing known bad stuff. As well as defending against malware, many provide broader controls, for example limiting the use of USB devices.
Advanced malware detection Individual users are increasingly specifically targeted as part of broader campaigns to infiltrate organisations. Unique versions of malware may be used that are hard to detect using the signature based techniques of traditional anti-malware. So many vendors have developed more sophisticated capabilities such as detecting malware-like behaviour. One approach is to test anything suspicious in a sandbox; FireEye and Trend Micro are two of the leaders in this area.
White listing Why let anything run on a device unless it is known to be good? That is the philosophy behind white listing. Leading vendors include Bit9, Lumension and, for Windows only, Microsoft AppLocker. Where there is good reason to limit user activity, for example on point-of-sales devices and those of health visitors and field service engineers, white listing may make sense. For other users it will be too restrictive.
Isolation Another approach is to limit the resources a program has access to, termed isolation. Here all instances of applications run in their own virtual machines. Authorised applications are only granted access to the resources they need. Two vendors have emerged in this space: Bromium and Invincea. Another is Spikes Security, specifically focusing on isolating a users web browsing activity, one of the most common ways for malware to end up on devices.
Containerisation and secure desktops For mobile devices, especially user owned ones where a level of management control has been agreed by the user, it makes sense to partition a part of the device for specific activity. This is the essence of containerisation; the leading vendors
Buyer's guide: Belt and braces: covering all the endpoint security angles August 2014 http://www.quocirca.com 2014 Quocirca Ltd
include Good Technology and VMwares AirWatch. Virtual desktop technology is also being adapted for use on mobile devices, which provides a similar level of protection. A final approach is boot secure desktops from USB devices using Windows to Go, Microsoft certified suppliers include IronKey and Spyrus.
Buyer's guide: Belt and braces: covering all the endpoint security angles August 2014 http://www.quocirca.com 2014 Quocirca Ltd
About Quocirca Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real- world practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets.
Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisations environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to advise on the realities of technology adoption, not the promises.
Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocircas mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time.
Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocircas clients include Oracle, Microsoft, IBM, O2, T-Mobile, HP, Xerox, EMC, Symantec and Cisco, along with other large and medium sized vendors, service providers and more specialist firms.
Full access to all of Quocircas public output (reports, articles, presentations, blogs and videos) can be made at http://www.quocirca.com