Taking a Layered Approach to IT Security
Smart patching and whitelisting combined with antivirus are a good way to ensure you are going beyond the basics.
Antivirus is a de factor product for all corporate IT. But antivirus (AV) is often reactive way seeking out and eliminating threats once they are already embedded. By then, though, it can be too late.
“Antivirus software is a great front end for your security, but it is not effective against zero day threats -- new malware for which an antivirus solution has not yet been developed -- or it may not be up to date,” said Ken Drachnik, director of Marketing at system management appliance company Dell KACE.
It might be too far of a stretch to turn off your AV protection completely, but you should certainly consider a layered approach to security that includes proactive application management. Smart patching and application whitelisting are two options that complement AV products and could save your IT infrastructure from some serious threats.
Smart automated patch management allows users to stay protected from security attacks by keeping up to date with all their software. We know that vendors release updates and patches from time to time, and it can be difficult to keep on top of this as downloading and distributing patches is a time consuming job. You can make patching more effective and less of a headache by automating it and there are tools on the market to help with that.
“The K1000 Systems Management Appliance includes patch management which saves organizations time and money by providing a comprehensive and reliable operating system and application patching that is also easy-to-use and affordable,” said Drachnik. “The K1000 provides one of the largest patch repositories including patches for Windows and Mac operating systems, as well as a wide range of applications from vendors including Microsoft, Apple, Adobe, Symantec and Mozilla.”
If you don’t want a solution that includes hardware, GFI LanGuard 2011 is a patch management solution from GFI Software, which also includes network and software auditing. It seeks out missing patches and plugs the gaps.
“We designed GFI LanGuard 2011 to be a virtual security consultant for our customers,” said Cristian Florian, product manager at the company. “Our last version of GFI LanGuard was the first network security solution to automate missing patch detection and remediation for the top five Web browsers running on Windows-based systems, and GFI LanGuard 2011 is now the first solution of its kind to integrate with 1,500 critical security applications.”
Where AV blocks the bad programs from running, application whitelisting only allows trusted applications to run. Keeping your software up to date with a longer and longer list of malware signatures is a tough job, so whitelisting reverses the process, blocking everything except those that are authorized.
“It is important to note that whitelisting doesn't prevent an authorized application from being exploited,” said Don DeBolt, director of Threat Research for Total Defense. “Once the whitelist policy has been defined, operational procedures are required to maintain the policy and ensure its uniform enforcement throughout the managed environment.”
This summer, Savant Protection launched its new whitelisting solution called Savant Enforcer. It’s whitelisting with access control, so you don’t have to lock down the entire estate for every user.
“Savant Enforcer allows organizations to provide key users, the ones who need access the most but often are the greatest targets of cyber criminals, to add software themselves without adding risk to the organization,” said Robert Kamsler, vice president of Engineering at Savant. “By providing the flexibility to control the ability to install software based on end-user type we can now help satisfy the business needs of the organization while maintaining the utmost security.”
Whitelisting products are also being combined with other toolsets to provide holistic approaches to security. For example, endpoint management company Lumension is integrating its application whitelisting technology with the VMware vShield Endpoint security solution.
"Our customers have challenged us to combine the power of whitelisting with the benefits of virtual environments,” said Mike Wittig, Lumension president and CTO. “By integrating with VMware vShield Endpoint, we are responding with a technology that is truly synergistic.”
Lumension also offers a patch management product.
Application whitelisting company Bit9 recently announced that it is integrating its Parity Suite product with the Symantec Protection Center. The alliance will enable Symantec users access to Bit9’s adaptive application whitelisting technology, which effectively means automated application management from a single product interface.
“To effectively mitigate security risks in their environment, our customers need visibility into proven third-party solutions like Bit9 Parity Suite. By providing single sign-on and data integration between our technologies, we are able to expand our customers’ view into local security events and enable them to more quickly mitigate endpoint security risks,” said Matthew Steele, senior director of product management at Symantec.
The best protected companies have a layered approach to security. Combining up to date AV software with automated patching and proactive configuration management is a good start. Add a robust firewall, excellent policies and limited system admin access and you’ll be covering responses to multiple threats.
Elizabeth Harrin is Computer Weekly's IT Blogger of the Year 2010. She is also director of The Otobos Group, a business writing consultancy specializing in IT and project management. She's the author of "Social Media for Project Managers " and "Project Management in the Real World." She has a decade of experience in IT and business change functions in healthcare and financial services, and is ITIL v3 Foundation certified.