Ask The Expert: Securing Your Endpoints

please visit 7effects.com

BANGALORE, INDIA: The IT threat landscape has changed dramatically over the past few years. While yesterday's attacks were meant simply to make headlines, today's attacks have become more sophisticated and stealthy, targeting specific organizations to reap financial gain.

Although antivirus, antispyware and other signature-based protection measures were sufficient to protect organizations in the past, small businesses now need proactive endpoint security measures that can protect against zero-day attacks and even unknown threats.

They also need to take a structured approach to endpoint security, implementing a comprehensive solution that not only protects from threats on all levels but also provides interoperability, seamless implementation and centralized management.

What is end point security, what are these proactive endpoint security measures and how do they help SMBs to protect themselves from threats, Managing Director, Symantec India, Vishal Dhupar, explains in detail in an interaction with CIOL.

CIOL: What is an endpoint?

Vishal Dhupar: An endpoint is a server, desktop, laptop or notebook computer that connects to the corporate network.

CIOL: Why should endpoints be protected?

VD:Organizations today face a threat landscape that involves stealthy, targeted and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, organizations must advance their endpoint protection.

CIOL: How have endpoints traditionally been protected?

VD: While administrators understand the importance of endpoint protection technologies, this often translates into making sure each endpoint has installed on it an antivirus, antispyware, desktop firewall, intrusion prevention and device control technology. Deploying these security products individually on each endpoint is not only time-consuming but it also increases IT complexity and costs. Organizations then need to provide management, training and support for a variety of different endpoint security solutions. Also, differing technologies can often work against one another or impede system performance due to high resource consumption.
CIOL: How can endpoints be protected today?

VD: A new, more holistic and effective approach to endpoint protection has emerged today. This next-generation approach combines essential security technologies to proactively deliver a significantly higher level of protection against known and unknown threats, including viruses, worms, Trojans, spyware, adware, rootkits and zero-day attacks. This approach combines antivirus, antispyware and firewall with advanced proactive protection technologies in a single deployable agent that can be administered from a central management console. To ensure flexibility, administrators can easily disable or enable any of the technologies based on their organization's particular needs.

CIOL: How does endpoint protection benefit small businesses?

VD: The new, next-generation approach to endpoint protection significantly lowers risk and increases confidence that business assets are protected. It also reduces administrative overhead and costs associated with managing multiple endpoint security products by providing this protection in a single agent that is administered via a single management console. This simplifies endpoint security administration and provides operational efficiencies such as one-click software updates and policy updates, unified and central reporting, and a single licensing and maintenance program.

CIOL: How does endpoint protection differ from antivirus or antispyware?

VD: Antivirus and antispyware solutions generally employ traditional scan-based technologies to identify viruses, worms, Trojans, spyware and other malware on an endpoint device. Typical antivirus and antispyware solutions detect these threats by searching the system for files that match characteristics, or threat signatures, of a known threat. Once it detects the threat, the solution remediates it, typically by deleting or quarantining it.

The quality and level of protection provided by today's antivirus and antispyware solutions varies. The most advanced solutions provide high levels of real-time protection against polymorphic threats and complex viruses as well as superior rootkit detection and removal while working on a variety of operating systems and interoperating with other essential endpoint security technologies.

Next-generation endpoint protection builds on the capabilities of today's most advanced antivirus and antispyware and adds two critical components: network threat protection and proactive threat protection discussed in more detail below.

Better yet, these capabilities are consolidated onto a single endpoint security agent to enable operational efficiencies such as a single communication method and content delivery system across all security technologies. Service configuration and exclusions can be performed globally at a single point on the client or at the management server. Furthermore, automated security updates to the agent provide hassle-free protection from the latest threats.

CIOL: What is network threat protection?

VD: Network threat protection on endpoints is critical to protect from blended threats and to inhibit outbreaks. To be effective, it must also include a firewall that not only blocks internal network attacks from breaching any endpoint connected to the network but also prevents these threats from ever leaving the initially infected endpoint. Network threat protection must also include vulnerability-based intrusion prevention that can use one generic signature to block the hundreds of potential exploits that attack a vulnerability.

CIOL: What is proactive threat protection?

VD: Proactive threat protection technologies are non-signature-based technologies that address the growing number of unknown threats used in stealth attacks. These heuristics-based technologies automatically analyze application behavior to accurately detect threats while avoiding generating false positives. Proactive threat protection also incorporates device and application control capabilities that allow administrators to deny specific device and application activities deemed as high risk.

CIOL: How does endpoint protection work together with network access control?

VD: Next-generation endpoint protection is network access control ready, meaning that network access control technology is integrated into the agent and can be easily enabled. These technologies interoperate seamlessly to provide a comprehensive and unified multilayered endpoint security solution that enables IT administrators to strike a balance between end user productivity and security while simplifying endpoint security administration.



please visit 7effects.com