The National Hi-Tech Crime Report 2005 cites that 96 percent of the illegal and illegitimate use of computer resources occurs within the corporate network. This is not only a waste of resources, but can also be a source of extremely damaging activity for the organization.
The type of activity that can open the network to threats and vulnerabilities are mainly caused by innocent users who are unaware that their misuse of IT resources has made the corporate network non-compliant with regulations or policy. Unauthorized use of applications, services, processes and devices may quickly introduce malicious software into the network that will be hard to find once inside.
Consider a company with thousands of users, PCs, servers and various devices that employees use, iPods, MP3 players, digital cameras, etc. It is virtually impossible to keep track of everything and ensure everyone is compliant with regulations and policy. Solutions are therefore needed to protect the internal network and to monitor users activity to ensure they do not fall from compliance and compromise the security of the network. Threats originating from the endpoint not only compromise the compliance posture of a company but can also cause network slowdown, drastically reducing productivity and erode profitability.
However, the type of threats that can affect the endpoint or originate from the endpoint are too numerous to be solved by a single solution, especially niche solutions like device control or application control because it will only take a short amount of time before a further endpoint security solution is needed to address another threat that has become commonplace.
There are some technologies that give a very broad, comprehensive solution to a whole range of threats originating from endpoint misuse, malicious or otherwise. MacAfee, Symantec, Cisco and others all have solutions that offer a modularized suite of endpoint security products that can address many of these issues, involving the installation of an agent. Other solutions are available that offer comprehensive endpoint and server protection without the need to install an agent. The trade off is really between the use of an agent on each machine against the functionality offered by those which are client based and those which are not.
Full functionality that addresses all endpoint security needs is a must to avoid having to buy a further solution some time later to address another endpoint security issue. The trade off between client-based and clientless is for the user to decide according to their resources and budgets. However, a comprehensive solution that enables full visibility into user activity, along with automatic remediation capabilities, can go a long way toward making sure your endpoints are protected.
Network Admission Control (NAC) is another well-publicized technology that some industry analysts feel is the only solution needed to secure network endpoints. Although NAC is a popular idea the technology is still not quite mature and lacks some of the necessary functionality to be considered a fully comprehensive endpoint security solution. Although NAC includes elements of endpoint security, businesses should not make the mistake of believing that the two technologies are one and the same. NAC, by definition, ensures that only devices which are authorized and deemed clean from security threats are allowed network access. It does not handle the problem of non-compliant behavior intentional or otherwise once an endpoint device is connected to the network.
NAC can sit well with endpoint security solutions to enable a more rounded protection strategy, but as a stand-alone product it is only a partial solution to a very big security need. Comprehensive endpoint security products address the full scope of internal threats that niche products such as device protection, application protection and NAC cannot achieve on their own.