Foursys - specialists in network threat protection
Solutions Endpoint Security

foursys-solutions-endpoint-security

The traditional approach to computer security is to secure them using anti-virus technology. However from Foursys real-world experience gained implementing security solutions into our extensive customer base, we have concluded that this approach doesn’t provide adequate protection in the fast moving threat landscape now facing us all. The malware and security threats in today’s world often render anti-virus technology (on its own) helpless to prevent virus infection or network wide malware outbreaks.

Foursys approach to securing the endpoint is to layer the protection and mitigate the risk of malware actually reaching the file system of the computer. Using integrated technology (such as client firewalls, web scanners etc., network access controls) endpoint protection can be maximized around the computer and the risk of malware outbreaks minimized.

foursys-layered-approach 

The Foursys Layered approach

Here are a few points to consider:

  • Operating system and application vulnerabilities can be exploited over the network regardless of traditional anti-virus technology being in place.
  • An unprotected or guest machine could exploit device vulnerabilities over the network and potentially deliver its payload to networked machines (even those running anti-virus). Look at how Conficker infected so many networks regardless of people using anti-virus technology
  • How many network administrators can guarantee that 100% of their machine estate has up to date AV, up to date OS and application patches?
  • How many network administrators can prevent guests plugging in an unprotected laptop?
  • How many network administrators can prevent an unsupported web browser being utilised to bypass the proxy?

Foursys recommends the following layered approach to endpoint security:

  • Patch maintenance (Patch Assessment) should take place at and operating system and application level.  Always ensure the computers and devices on the network are patched up to date.
  • Anti-Virus with on access file scanning should be enabled on all workstations and servers (wherever possible)
  • Protect and surround the endpoint with a Client Firewall that restricts access to and from the machine to key systems and administrators.
  • Web access protection around the endpoint is critical to ensuring malware is prevented from reaching the file system of the machine.
  • Prevention of unwanted applications (through Application Control) being launched on network computers, preventing machines access to applications that could be a security risk (P2P, Instant Messaging etc.)
  • Device Control, can prevent removable media containing unwanted material being introduced to a network, exposing that network to risk of malware infection.
    Removable media is also a key control in Data Loss Prevention (DLP), controls to restrict only authorised or encrypted media access will assist in this area.
  • Compliance and Control (NAC) can be utilised to enforce network rules and access around machines on the network or machines connecting to the network.
    The ability to quarantine a machine that has a virus and in essence isolate it away from the live the network preventing that virus from ever being able to spread is a strong barrier of security.  Coupled with the ability to prevent a guest not meeting your security policy from gaining access to your network, helps to ensure all connected machines meet the organisations security policy.

 

Additional Considerations

Ease of use
Without a system that’s easy to use and monitor, security misconfiguration can occur. The security system is only as good as the person operating it or as good as the person operating it can understand/configure the system.

DLP
Data Loss Prevention is now an important part of safeguarding an organisation. 

Tamper Protection
If security can be bypassed by the end user disabling the technology, then there is a need to prevent such issues occurring by securing the technology from user interference.

Compliance and Control (NAC)
Nearly every organisation that utilises computers will have some kind of anti-virus technology to prevent malware outbreaks and to secure the network.

However what happens if a member of staff or contractor plugs their personal computer into the network?

Today’s malware only needs an address on the network to begin the process of attacking networked computers.  Can you be sure that their machine is as protected as the computers on the network?

Network Access Control allows organisations to set security policies for the known endpoint computers on the network and crucially for those guests machines that connect to the network.

As an example these security policies could be to ensure that Anti-Virus is running and up to date and that a client firewall is running.  Violating these policies could, if configured, result in the machine being denied access to the network.

Network Access Control solutions often feature a range of pre-defined security policies that can significantly enhance the networks overall security and help protect sensitive data, secure networks from misuse and help prevent malware outbreaks.

Integration with third party technology including DHCP is at the heart of software based Network Access Control and offers significant cost advantages over hardware reliant alternatives.

PIC Standard Lan, DHCP server with a guest contain malware being quarantined…then blown away by a shotgun spinning  mad man.

 

esdp-box-thumbnail_86

Foursys recommends you try
Sophos Endpoint Security and Data Protection

 

 

Foursys Live Chat

Achievements

websense-top-selling-uk-reseller-partner-2010

clearswift-partner-of-the-year-2010

Services To Help You With Endpoint Security

bullet-point Health Check

bullet-point Training

bullet-point Security Analysis

bullet-point Installation