Endpoint security software has evolved from traditional antivirus software in recognition of the fact that pattern based antivirus scanning alone is insufficient to protect our workstations and laptops against the types of attacks that can compromise your workstations. It is now necessary to employ “defence in depth” to defend against today's sophisticated attacks:

Antivirus
Antivirus scanning is still an important component of endpoint security, but with McAfee detecting more than 450,000 new instances of malware every year, signature based scanning is simply no longer able to keep up with the rate at which new malicious code is being released onto the internet. In addition, downloaded files are not the only threat to workstation security, so traditional antivirus technology needs to be supplemented by additional defenses to provide effective protection against all threats.

Anti Spyware
Spyware is software that is installed by a website without a consent which represents a threat to the user's privacy. There is no definition of the actions that spyware performs as each one is different and written by the author to perform specific actions, but spyware can track and re-transmit user browsing history and passwords and even download additional spyware. Spyware removal is therefore essential to protect user privacy and the confidentiality of personal information.
 

Anti Phishing
Anti Phishing software helps users to spot when they have been tricked into visiting a Phishing web site either by clicking on a link in a Phishing email or by visiting a compromised web site that has redirected them A Phishing toolbar tells the user that the web site that they are visiting is not the one that they intended to visit, which will hopefully stop them from inadvertantly giving their online identity to fraudsters.

Personal Firewall
Personal firewall protection is a vital component of endpoint security. Firstly, it provides traditional firewall protection to prevent attackers simply uploading malicious code to your PC while it is connected to the internet. Increasingly however, firewall security is more important to control which applications on your PC have access to the internet. The reason for this is that it is all too easy to accidentally download a password stealing Trojan that will install itself and then attempt to pass back your confidential information to cyber criminals over the internet using TCP Port 80 which is used by software such as Internet Explorer and Firefox for legitimate web browsing. To prevent this from happening, an application aware personal firewall can restrict those applications that are able to access the Internet via port 80 to those that you would want to be able to do so, which in most cases will be your web browser and a small number of applications that use TCP port 80 to download updates.

Intrusion Prevention
Intrusion Prevention is is becoming increasingly important as attackers are frequently using Java and ActiveX code to run an exploit against a specific vulnerability that they are looking for on your PC when you visit their web site. Once an attack has been seen, a signature is created for it and it can be blocked by the personal firewall when you visit a compromised web site. In addition it is possible to implement generic intrusion prevention by blocking the types of code that have been found to be malicious in the past or indeed stop them from executing in memory if they have already installed themselves onto your PC. The mechanism used to do this is quite complex, but in general terms good applications have help files, and create an entry in the Add / Remove Programs utility in Control Panel. On the other hand malicious applications often don’t create an entry in the Add / Remove programs utility and perform potentially dangerous activity such as monitoring keystrokes, and creating connection back out to the internet. By looking out for this type of behaviour, it is possible to identify malicious software and remove it from your PC.

White Listing
If it was possible to create a unique signature for every piece of software from every known reputable manufacturer and create a constantly updated signature file that PC’s could refer to over the internet, it would be possible to stop any other applications from running and remove the need (in theory) for virus scanning. In practice however it is questionable whether this can be achieved in the short term. It is however viable for individual organisations to employ white-listing to decide what applications their policy dictates will be permitted to run on any PC and then alert the administrator whenever a rogue application manages to exploit a vulnerability on the workstation and install itself.

Device Control
Many suppliers are now offering a form of device control either bundled into their Endpoint Security products or as an additional cost option. It allows network administrators to control what devices (e.g. USB drives, MP3 players) can be connected to corporate workstations and laptops. Device control is important as restricting devices that can be connected to company workstations to company owned USB drives can help to minimise the ways in which malicious code can infiltrate the organisation. In addition, if users synchronise their music libraries to company laptops, they can expose the organisations to issues of copyright infringement, as well as storage overheads of backing up users MP3 libraries on corporate backup systems. Device control can also plays a part in data leakage prevention by preventing users connecting I-Pods or similar devices that can be used to remove large amounts of potentially confidential data from company servers.

Endpoint Security is a critical component of an organisation's protection and data leakage prevention measures. Whilst it requires that network administrators have a broader skill set that are required for simple antivirus software, it is only through deploying the pre-emptive measures included in Endpoint security products that it is possible to protect your users against attacks that cannot be reliably prevented using antivirus scanning alone.

Clearview Systems are accredited partners for Sophos Endpoint Security and Control, Symantec Endpoint Protection, McAfee Total Protection for Endpoint and Trend Micro NeatSuite. Our engineers will be able to advise you which product is best suited to your needs, and can also help with product assessment, trials and deployment to your user base.

Endpoint security software has evolved from traditional antivirus software in recognition of the fact that pattern based antivirus scanning alone is insufficient to protect our workstations and laptops against the types of attacks that can compromise your workstations. It is now necessary to employ “defence in depth” to defend against today's sophisticated attacks:

Antivirus
Antivirus scanning is still an important component of endpoint security, but with McAfee adding more than xxxx signatures to their pattern files on a monthly basis, they are simply no longer able to keep up with the rate at which new malicious code is being released onto the internet. In addition, downloaded files are not the only threat to workstation security, so traditional antivirus technology needs to be supplemented by additional defenses to provide effective protection against all threats.

Anti Spyware
Spyware is software that is installed by a website without a consent which represents a threat to the user's privacy. There is no definition of the actions that spyware performs as each one is different and written by the author to perform specific actions, but spyware can track and re-transmit user browsing history and passwords and even download additional spyware. Spyware removal is therefore essential to protect user privacy and the confidentiality of personal information.

Anti Phishing
Anti Phishing software helps users to spot when they have been tricked into visiting a Phishing web site either by clicking on a link in a Phishing email or by visiting a compromised web site that has redirected them A Phishing toolbar tells the user that the web site that they are visiting is not the one that they intended to visit, which will hopefully stop them from inadvertantly giving their online identity to fraudsters.

Personal Firewall
Personal firewall protection is a vital component of endpoint security. Firstly, it provides traditional firewall protection to prevent attackers simply uploading malicious code to your PC while it is connected to the internet. Increasingly however, firewall security is more important to control which applications on your PC have access to the internet. The reason for this is that it is all too easy to accidentally download a password stealing Trojan that will install itself and then attempt to pass back your confidential information to cyber criminals over the internet using TCP Port 80 which is used by software such as Internet Explorer and Firefox for legitimate web browsing. To prevent this from happening, an application aware personal firewall can restrict those applications that are able to access the Internet vai port 80 to those that you would want to be able to do so, which in most cases will be your web browser and a small number of applications that use TCP port 80 to download updates.

Intrusion Prevention
Intrusion Prevention is is becoming increasingly important as attackers are frequently using Java and ActiveX code to run an exploit against a specific vulnerability that they are looking for on your PC when you visit their web site. Once an attack has been seen, a signature is created for it and it can be blocked by the personal firewall when you visit a compromised web site. In addition it is possible to implement generic intrusion prevention by blocking the types of code that have been found to be malicious in the past or indeed stop them from executing in memory if they have already installed themselves onto your PC. The mechanism used to do this is quite complex, but in general terms good applications have help files, and create an entry in the Add / Remove Programs utility in Control Panel. On the other hand malicious applications often don’t create an entry in the Add / Remove programs utility and perform potentially dangerous activity such as monitoring keystrokes, and creating connection back out to the internet. By looking out for this type of behaviour, it is possible to identify malicious software and remove it from your PC.

White Listing
If it was possible to create a unique signature for every piece of software from every known reputable manufacturer and create a constantly updated signature file that PC’s could refer to over the internet, it would be possible to stop any other applications from running and remove the need (in theory) for virus scanning. In practice however it is questionable whether this can be achieved in the short term. It is however viable for individual organisations to employ white-listing to decide what applications their policy dictates will be permitted to run on any PC and then alert the administrator whenever a rogue application manages to exploit a vulnerability on the workstation and install itself.

Device Control
Many suppliers are now offering a form of device control either bundled into their Endpoint Security products or as an additional cost option. It allows network administrators to control what devices (e.g. USB drives, MP3 players) can be connected to corporate workstations and laptops. Device control is important as restricting devices that can be connected to company workstations to company owned USB drives can help to minimise the ways in which malicious code can infiltrate the organisation. In addition, if users synchronise their music libraries to company laptops, they can expose the organisations to issues of copyright infringement, as well as storage overheads of backing up users MP3 libraries on corporate backup systems. Device control can also plays a part in data leakage prevention by preventing users connecting I-Pods or similar devices that can be used to remove large amounts of potentially confidential data from company servers.

Endpoint Security is a critical component of an organisation's protection and data leakage prevention measures. Whilst it requires that network administrators have a broader skill set that are required for simple antivirus software, it is only through deploying the pre-emptive measures included in Endpoint security products that it is possible to protect your users against attacks that cannot be reliably prevented using antivirus scanning alone.

Clearview Systems are accredited partners for Sophos Endpoint Security and Control, Symantec Endpoint Protection, McAfee Total Protection for Endpoint and Trend Micro NeatSuite / Worry Free Security. Our engineers will be able to advise you which product is best suited to your needs, and can also help with product assessment, trials and deployment to your user base.