News Stay informed about the latest enterprise technology news and product updates.

Pushing policy enforcement beyond the perimeter

With transient employees taking notebook PCs everywhere they go, network admins have long desired the ability to extend internal network security policies beyond the perimeter. One vendor is doing just that.

It's a scenario familiar to many business notebook users: A confusing pop-up message from a Web site tricks the user into clicking on it, unknowingly unleashing a virus.

It's bad enough that the PC itself may be rendered useless, but now it's a threat to the corporate network as well.

It is a network security challenge that software developer Senforce Technologies Inc. set out to confront with its recently released Endpoint Security Suite (ESS) 3.0. The Draper, Utah-based vendor specializes in end-point security enforcement, ensuring PCs and other devices on the edge of the network are as well safeguarded as the network core.

Senforce's strategy, according to director of product management Kip Meacham, involves treating each end-point device as a microcosm of the network itself, meaning network security policies must reside on each client device.

Meacham said with so many notebooks and other computing devices constantly leaving and rejoining the network as each knowledge worker does, it creates the need to extend network defenses. The end-point device, he added, "really needs to be managed or treated in the same way that you treat the corporate network."

ESS 3.0 attempts to do just that by allowing corporate security policies to be developed in a central location and then rolled out to each end-point device on the network in one fell swoop, giving IT administrators greater control over policy enforcement. Additionally, Meacham said, the implementation process is initiated over the network, causing little disturbance to end-user devices.

Once in place, the employees' devices will be policy compliant whether on the corporate LAN or connected to a Wi-Fi hot spot at the local coffee shop. When new policies are added or existing policies changed, said Meacham, each end-point device automatically uploads the modifications as soon as the client logs onto the network locally or remotely.

As for customization capabilities, ESS 3.0 lets IT staff assign different sets of policies to different groups of users, Meacham said. Access rights that are appropriate for the marketing team, he said, may not be for the finance department, and those distinctions can be made.

Security policies can also be tailored to the type of connection being utilized. For instance, with a few clicks of an administrator's mouse, Meacham said wireless connectivity can be limited to certain locations, and automatically disabled when an Ethernet connection is established.

For more information

Read how end-point security vendors have benefited from Cisco's strategy.

Check out our guide to network security.

Another feature of ESS 3.0 mitigates the risk from those pesky, all-but-unintelligible pop-up messages by warning users before they click, lessening the IT department's load of prickly correspondences from bewildered employees.

Joel Garr, IT administrator at the Utah Digestive Health Institute, is currently beta-testing the ESS 3.0 on his network of 50 workstations. So far, he likes what he sees.

"I like how you can create a policy and roll it out to a computer or group of computers at anytime," Garr said. "If it sees the criteria for that access point, it will deliver it automatically to the client, and the client will connect. So that's one thing that I have found is particularly helpful."

As far as any shortcomings are concerned, Garr conceded that ESS 3.0's implementation process could potentially cause some headaches.

"It's not just a plug-and-play type of thing. You do have to work out a few of the policies," Garr said. "That is probably my biggest complaint. But as far as rolling out the policies [and] updating the clients, that's worked very smoothly."

Chris Christiansen, an analyst with Framingham, Mass.-based International Data Corp., has also reviewed ESS 3.0 and believes that Senforce is definitely on the right path.

"I think it [end-point security] is critical," Christiansen said. "It's become really clear over the last two or three years that endpoints and clients are no longer just the destination for the attack. They're the vector for the attack, they're a transfer point."

As for the Senforce ESS 3.0, Christiansen said the product offers a comprehensive approach and it aligns with corporate customers' broad needs for firewall, connectivity control, theft protection and integrity. "They have a pretty comprehensive solution," he added.

Available now, the Senforce ESS 3.0 has a starting price of $70 per seat, prior to any volume discounts. It can also be purchased and implemented in separate units (firewall, theft protection, among others) for between $25 and $40 per module.

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.