Endpoint security locks down law firm's network

By Susan Fogarty, Editorial Director 21 Nov 2007 | SearchNetworking.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

It wasn't always that way at Skadden, Arps, Meagher & Flom LLP. When the network was put in place in 1992, policies were relatively relaxed. Drives were open to allow end users to write and save to floppy disks and other media. It took only about a week for a virus to get out onto the network.

According to Nancy Lundergan, manager of security and process at Skadden, that one incident led to a re-evaluation of network security.

"We can't have that," she said, adding that by nature the law firm's network is a portal to massive amounts of confidential data, such as case files and other necessary legal information.

But with nearly 5,000 endpoints deployed throughout the network, Lundergan said, Skadden's options for locking things down were somewhat limited. The firm wanted an agentless monitoring and remediation tool to support layered internal security management.

Lundergan said the agentless portion was a must because, with the number of endpoints in use, it would be nearly impossible for Skadden's IT staff to install a client-based software solution on each and every machine.

As it stands, Skadden allows only desktop PCs to access the network. Laptops and notebooks are a no-no. Most of the firm's applications are on Citrix servers, so there are not many applications saved on the actual desktops themselves.

Originally, Skadden looked to network access control (NAC) solutions to make sure that desktops accessing the network were approved and to push devices that were not up to snuff into an Internet-only environment. Lundergan said NAC is currently being implemented in some of Skadden's 22 physical offices and could be in use in many by early next year. But along with NAC, Lundergan wanted an additional layer of endpoint security.

Skadden went with Promisec's Spectator Professional for its clientless endpoint security needs.

"We don't have to worry about deploying it on the machines," Lundergan said. "We can centrally run it. We didn't even look at agent-based solutions."

And with Skadden's "strict" security policy that bars file sharing, Skype, music players and most other types of downloads, being able to scan and monitor the applications that computers are running is a necessity, Lundergan said.

For more information Read more on endpoint security

"We want to make sure people aren't using their work machines as jukeboxes," she said. "This is the desktop we have out there, and we make sure machines are doing what they're supposed to do."

Lundergan said she frequently scans the network to see the applications loaded on desktops and what processes they have gone through. She said she can search through registries and follow digital footprints to ensure that security and use policies are followed.

"If I find something, I can isolate it and do a deeper scan," she said.

It's imperative that Skadden be able to identify and fix deviations from its policy without creating a negative impact on the network's performance or integrity, Lundergan added. She can monitor who is on the network and when, ensuring that all software and hardware being used is approved while also making sure that there are no hidden threats inside the network.

Also, she said, since Promisec's solution installs on one server, it offers that agentless, single point of management that the firm's network of Windows-based machines requires.

"It's very important for us to be able to know that our endpoints are secure across the entire enterprise," Lundergan said.

Tags: Network Security Monitoring and Analysis,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Hospital gains network visibility by convincing vendors to collaborate What software monitors and locks users from accessing my router? Data leak prevention starts with trusting your users NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18 What is a genetic algorithm and where can I learn more about them online? Network Access Control Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion Network access control poised for a comeback by aiming small Dynamic network access control secures electronics manufacturer Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks What is data loss prevention? -- An introduction to DLP How to set passwords on folders in Windows 2003 servers

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary