Security solutions compete

The ever-changing security strategies of enterprises

Aside from a flurry of beta releases, security updates, and the usual E.U. he said/she said dance, it's been a pretty quiet week in Redmond. In case you're wondering which betas to watch for (past, present, and near-immediate future), the list includes Vista RC2, Exchange Server 2007 Beta 2 Help, Virtual PC 2007 Beta 1, and PowerShell RC2. All that and the happy announcement that Microsoft will soon be ending support for Windows XP Service Pack 1. (Is it my imagination or was that awfully quick?)

So while you're waiting for the beta bounty or the desktop support complaints, what to do? With all the recent press about new zero-day attacks and software vulnerabilities, we decided to take a look at our overall security strategy. Right now, it's fairly basic. Our smaller businesses tend to rely on a perimeter firewall (or two for that all-important DMZ), desktop firewalls, and corporate-level anti-virus and spyware detection. Midsize customers usually get some kind of network intrusion monitoring thrown in, although the vendors in that space are really varied, even among just our customer portfolios.

Enterprises are the real squirrels. Security tools are constantly changing with those guys, and the two new hot buttons are end-point security and HIPS (host intrusion prevention systems) -- next to the never-ending challenge to make security compliance reporting effortless, of course. My smaller customers can't get on these wagons right now because neither technology is really all here yet, and I don't like customers that size experimenting with security. Our enterprise customers are more adventurous, but so far, only host intrusion is showing enough progress that we might start recommending it as early as next year for full implementations.

End-point security is characterized by systems such as Cisco's NAC (Network Access Control) or Microsoft's NAP (Network Access Protection) platforms. Basically, it defines a certain security state that clients must adhere to or they're quarantined off the network. Vendors have been trying to get some kind of standard going in this department, but so far that's vapor. There are third-party vendors, such as Altiris, who have complete end-point scanners embedded in their systems, but unless you're already using one to perform desktop or systems management, I can't see tying yourself to a third-party vendor simply for end-point perimeter muscle. Better to wait until the big platform boys get their acts together, and then take stock. Might happen next year; might not.

HIPS is a better bet -- and in some ways is related to NAC/NAP. This technology is pretty new, but there are bigger vendors working on it. McAfee has had a system for a while, called (imaginatively) Host Intrusion Prevention. ISS has one, called Proventa, and Symantec also has one called Critical System Protection. And, yes, there are more. Microsoft is undoubtedly working on its own in some Redmond tech dungeon, but right now, it's a third-party game.

The technology aims to combine AV, malware, and network intrusion detection into an intelligent overall security umbrella that covers your entire desktop -- and sometimes server -- landscape. The only problem with HIPS is the same problem you encounter with any "umbrella" technology: When the term becomes a buzzword, everyone scurries to get under and out of the rain -- no matter what they do.

For example, some vendors are trying to call their wares HIPS with single-application support -- a specific database, for example. That doesn't do it for me. HIPS needs to be broad. To keep me dry, the HIPS umbrella needs to be as diverse as possible, from desktop to network. That includes network-level scanning: port scanning and traffic scanning, preferably. The anti-virus/malware deal is a given, but how deeply -- and for which attacks -- is still evolving. Again, for me, that needs to be as deep as possible.

Perhaps most important for systems administrators is how much impact HIPS will have on network and network application performance. Scanning of any kind takes overhead, and something as broad and smart as a HIPS platform is going to be making some CPUs smoke somewhere. So the big question is, Where are those CPUs, and exactly how much smoke are we talking about?

As long as it's not coming out of my users' ears, I'm happy, but somebody needs to show me that in real life. Right now, that question is still up in the air, and as far as I'm concerned, that puts HIPS up in the air -- at least for production-level deployment.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Oliver Rist

InfoWorld
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?