Endpoint security is evolving.
While there is still concern for where laptops, PDAs and other mobile devices go when they are not linked to the network -- and the subsequent threats they could introduce later -- it is the more common devices that are starting to take center stage and raise eyebrows.
USB flash sticks, iPods, Bluetooth, Firewires and Wi-Fi connections, along with a host of other portable storage and removable media devices can wreak havoc on the network. They introduce worms, viruses, Trojan horses, spyware and other threats that can slow or take down networks.
For example, an employee uses a home computer and saves downloaded images and files to a USB flash stick not knowing that one of those files contains a virus. In the office, that USB stick is plugged into a computer on the network, and the infected file is opened, allowing the virus to start spreading.
Security vendor, GFI, hopes to cut down on those types of threats with EndPointSecurity, centrally managed software that lets administrators lock down more common devices by providing access to groups or individual users based on policy. Administrators can also monitor the use of removable devices and block access if they suspect a users' activity is compromising network security or the integrity of corporate data.
Stephen Nolan, director of American sales for GFI, said locking down, or at least limiting, the use of portable storage and media devices, gives administrators more control
Dianne McAdam, an independent industry analyst formerly with the Data Mobility Group, agreed. She said the recent influx of endpoint security products has neglected some of the more common devices that can pose significant threats if not properly regulated.
iPods, USB flash sticks and other devices that can be easily plugged into computers to store and retrieve downloaded information and files are starting to infect networks unbeknownst to managers.
But EndPointSecurity blocks those devices from linking up, prohibits them from saving data and prevents users from uploading data to work machines.
"It's a smart move and a move that all corporations need to be considering right now," she said. "They need to look at these standard devices and make sure they're being used correctly."
In the work-from-wherever atmosphere that most companies allow, endpoint security has become a strong focus.
"This is not a problem that's just an enterprise problem, it's an SMB problem too," McAdam said. "Think about it. We download podcasts; we download other data without even a second thought to security."
The lesson here, McAdam said, is infections can now come from pretty much anywhere.
"We're always concerned about hackers and that sort of professional malicious intrusion," she said. "But we don't think about threats from these more common objects. We're starting to focus on internal concerns. Most people don't think about that human error factor. We tend to focus on big, flashy events."
In a sense, she said, taking a reactive approach and locking down a network only after a security break is similar to "closing the barnyard gate after the horses are out." It's too little too late.
Along with keeping the network free from viruses, some security tools, like EndPointSecurity, can also limit what information can be saved, read or written to a portable storage device. That means employees cannot save sensitive data to a device and take it outside of the building.
"[Endpoint security tools] can shut off my ability to download this information to my personal iPod or USB stick," she said. "We really need to control where that information goes."
Along with GFI, numerous other vendors have recently jumped into the endpoint security space. The drive is in response to mobile users wanting all of the comfort and connectivity they get at their office desk, but from anywhere. But network managers are wary that when employees can use their devices in various environments, the threat of introducing something unwanted to the network increases dramatically.
"How do you protect endpoints from connecting to things they shouldn't?" asked Brian de Haaff, vice president of product marketing for Network Chemistry, which recently announced RFprotect Endpoint, a client software that protects laptops and other devices by enforcing policies to thwart threats and prohibit risky wireless configurations.
The tool prevents malicious hackers and employees from compromising data privacy and network integrity either on purpose or inadvertently. The software guards wireless connections on laptops by limiting the machines to pre-approved network connections, which stops connections to rogue access points, evil-twin attackers and the growing threat of ad hoc uses. Ad hoc mode essentially allows other people to link to a nearby laptop and use it for connectivity.
"Ad hoc is becoming a major issue," de Haaff said, adding RFprotect Endpoint can force a user to switch off ad hoc mode before accessing a corporate network. RFprotect Endpoint cannot be disabled by users, and it logs detailed information including where, when and how networks are accessed on the road. Administrators can audit network use by laptop, which can also aid in tracking down lost or stolen devices.
Another vendor planting its feet in endpoint security's fertile ground is InfoExpress. Known for making network access control appliances, InfoExpress recently announced it has teamed up with netForensics Inc. to release a policy management and endpoint security compliance package.
The pairing combines netForensics' nFX Open Security Platform with InfoExpress' CyberGatekeeper to centrally enforce security and compliance standards while also identifying and resolving security threats as they appear.
"Enterprises today must protect increasingly complex networks against emerging security threats that continue to grow more sophisticated," Todd Nakano, executive vice president for InfoExpress, said in a statement. "Without some way to centrally monitor and manage network endpoints, this task becomes virtually unmanageable, particularly in the face of increasing vulnerabilities and industry compliance regulations. Managed and unmanaged hosts are connected to the network via remote access, WLANs, WANs and the LAN, with each endpoint representing a potential threat that can disrupt and organization's network."