Endpoint security has given one of the world's largest law firms the ironclad network security it needs to enforce its strict policies while also ensuring that the network and the computers connected to it are safe from attack.
It wasn't always that way at Skadden, Arps, Meagher & Flom LLP. When the network was put in place in 1992, policies were relatively relaxed. Drives were open to allow end users to write and save to floppy disks and other media. It took only about a week for a virus to get out onto the network.
According to Nancy Lundergan, manager of security and process at Skadden, that one incident led to a re-evaluation of network security.
"We can't have that," she said, adding that by nature the law firm's network is a portal to massive amounts of confidential data, such as case files and other necessary legal information.
But with nearly 5,000 endpoints deployed throughout the network, Lundergan said, Skadden's options for locking things down were somewhat limited. The firm wanted an agentless monitoring and remediation tool to support layered internal security management.
Lundergan said the agentless portion was a must because, with the number of endpoints in use, it would be nearly impossible for Skadden's IT staff to install a client-based software solution on each and every machine.
As it stands, Skadden allows only desktop PCs to access the network. Laptops and notebooks are a no-no. Most of the firm's applications are on Citrix servers, so there are not many applications saved on the actual desktops themselves.
Originally, Skadden looked to network access control (NAC) solutions to make sure that desktops accessing the network were approved and to push devices that were not up to snuff into an Internet-only environment. Lundergan said NAC is currently being implemented in some of Skadden's 22 physical offices and could be in use in many by early next year. But along with NAC, Lundergan wanted an additional layer of endpoint security.
Skadden went with Promisec's Spectator Professional for its clientless endpoint security needs.
"We don't have to worry about deploying it on the machines," Lundergan said. "We can centrally run it. We didn't even look at agent-based solutions."
And with Skadden's "strict" security policy that bars file sharing, Skype, music players and most other types of downloads, being able to scan and monitor the applications that computers are running is a necessity, Lundergan said.
"We want to make sure people aren't using their work machines as jukeboxes," she said. "This is the desktop we have out there, and we make sure machines are doing what they're supposed to do."
Lundergan said she frequently scans the network to see the applications loaded on desktops and what processes they have gone through. She said she can search through registries and follow digital footprints to ensure that security and use policies are followed.
"If I find something, I can isolate it and do a deeper scan," she said.
It's imperative that Skadden be able to identify and fix deviations from its policy without creating a negative impact on the network's performance or integrity, Lundergan added. She can monitor who is on the network and when, ensuring that all software and hardware being used is approved while also making sure that there are no hidden threats inside the network.
Also, she said, since Promisec's solution installs on one server, it offers that agentless, single point of management that the firm's network of Windows-based machines requires.
"It's very important for us to be able to know that our endpoints are secure across the entire enterprise," Lundergan said.
Dig deeper on Network Security Monitoring and Analysis