Security solutions compete

The ever-changing security strategies of enterprises

Aside from a flurry of beta releases, security updates, and the usual E.U. he said/she said dance, it's been a pretty quiet week in Redmond. In case you're wondering which betas to watch for (past, present, and near-immediate future), the list includes Vista RC2, Exchange Server 2007 Beta 2 Help, Virtual PC 2007 Beta 1, and PowerShell RC2. All that and the happy announcement that Microsoft will soon be ending support for Windows XP Service Pack 1. (Is it my imagination or was that awfully quick?)

So while you're waiting for the beta bounty or the desktop support complaints, what to do? With all the recent press about new zero-day attacks and software vulnerabilities, we decided to take a look at our overall security strategy. Right now, it's fairly basic. Our smaller businesses tend to rely on a perimeter firewall (or two for that all-important DMZ), desktop firewalls, and corporate-level anti-virus and spyware detection. Midsize customers usually get some kind of network intrusion monitoring thrown in, although the vendors in that space are really varied, even among just our customer portfolios.

Enterprises are the real squirrels. Security tools are constantly changing with those guys, and the two new hot buttons are end-point security and HIPS (host intrusion prevention systems) -- next to the never-ending challenge to make security compliance reporting effortless, of course. My smaller customers can't get on these wagons right now because neither technology is really all here yet, and I don't like customers that size experimenting with security. Our enterprise customers are more adventurous, but so far, only host intrusion is showing enough progress that we might start recommending it as early as next year for full implementations.

End-point security is characterized by systems such as Cisco's NAC (Network Access Control) or Microsoft's NAP (Network Access Protection) platforms. Basically, it defines a certain security state that clients must adhere to or they're quarantined off the network. Vendors have been trying to get some kind of standard going in this department, but so far that's vapor. There are third-party vendors, such as Altiris, who have complete end-point scanners embedded in their systems, but unless you're already using one to perform desktop or systems management, I can't see tying yourself to a third-party vendor simply for end-point perimeter muscle. Better to wait until the big platform boys get their acts together, and then take stock. Might happen next year; might not.

HIPS is a better bet -- and in some ways is related to NAC/NAP. This technology is pretty new, but there are bigger vendors working on it. McAfee has had a system for a while, called (imaginatively) Host Intrusion Prevention. ISS has one, called Proventa, and Symantec also has one called Critical System Protection. And, yes, there are more. Microsoft is undoubtedly working on its own in some Redmond tech dungeon, but right now, it's a third-party game.

The technology aims to combine AV, malware, and network intrusion detection into an intelligent overall security umbrella that covers your entire desktop -- and sometimes server -- landscape. The only problem with HIPS is the same problem you encounter with any "umbrella" technology: When the term becomes a buzzword, everyone scurries to get under and out of the rain -- no matter what they do.

For example, some vendors are trying to call their wares HIPS with single-application support -- a specific database, for example. That doesn't do it for me. HIPS needs to be broad. To keep me dry, the HIPS umbrella needs to be as diverse as possible, from desktop to network. That includes network-level scanning: port scanning and traffic scanning, preferably. The anti-virus/malware deal is a given, but how deeply -- and for which attacks -- is still evolving. Again, for me, that needs to be as deep as possible.

Perhaps most important for systems administrators is how much impact HIPS will have on network and network application performance. Scanning of any kind takes overhead, and something as broad and smart as a HIPS platform is going to be making some CPUs smoke somewhere. So the big question is, Where are those CPUs, and exactly how much smoke are we talking about?

As long as it's not coming out of my users' ears, I'm happy, but somebody needs to show me that in real life. Right now, that question is still up in the air, and as far as I'm concerned, that puts HIPS up in the air -- at least for production-level deployment.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Oliver Rist

InfoWorld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?