< Back

Security : Configuration Management : Endpoint Security : Thought Leader

Are Your Endpoints Compromising Compliance?

By Ari Tammam
Ari Tammam
Vice President of Channels

Compliance with various government regulatory acts such as Sarbanes Oxley, HIPAA, BASEL II etc. has now become a legal requirement in many countries and is here to stay. As such companies have been spending more and more of their time and budgets to meet these requirements and maintain their integrity and reputation. Failure to do so has already resulted in fines being levied on the executives of some companies; these may be accompanied by severe prison terms of up to 20 years. The powers of regulatory bodies are close to that of Inland Revenue agencies. In the UK, for example, the Financial Services regulator can use force to enter premises but only few businesses know this. Another new standard emerging is SAS 70 (Statement on Auditing Standards No. 70, Service Organizations) which is designed to audit the internal controls of an organisation. Unlike regulatory bodies SAS 70 provides an audit report on whether internal controls in place actually work or not.

Regulatory compliance is here to stay and has an influential impact on the entire IT infrastructure, including the endpoints therein. In fact a recent Computer Crime and Security survey by the Computer Security Institute (CSI) found that 50% of companies have increased their level of interest in Information Security because of Acts like Sarbanes-Oxley

In addition to logging events and securing critical systems many regulatory bodies require independent internal controls that are able to monitor activity so that any change or transaction affecting the status quo of a company’s IT systems is identified. Activity that results in a breach of compliance may be caused by a user’s action such as the introduction of malware into the network, disabling a security client or even leaving a workstation unlocked when the user is away from their desk. Users are fallible and the workstations they use can be back doors into the internal network causing security breaches within corporate networks whether directly or indirectly. It is therefore essential to provide a vigilant system in controlling user activity and enforcing the internal controls upon them.

Out of all the respondents to the 2006 CSI/FBI Computer Crime and Security Survey, 63% cited Policy and Regulatory Compliance as the most critical computer security issue after data protection. Identity theft and information leakage came third with viruses and worms coming in fourth.

A practical solution to address this problem needs to provide full visibility to user activity and incorrect configurations that may introduce potential threats into an organizations network.
The drivers to budget for a solution like this include:

  • Endpoints within the corporate network are not normally monitored for activity beyond their initial access to the network
  • Users are able to install and use unauthorized applications, more specifically potentially dangerous peer-2-peer applications, devices and services that are forbidden.
  • Increased number of security breaches originating from within the corporate network
  • Users have more freedom inside their networks with access to business critical systems

Any one of these issues has the potential to cause a major security breach. Many senior company figures minimize the importance of these threats citing the probability of such a security breach being unlikely. However, the issue today is not just if a security breach will occur (which is certainly more likely to happen than is perceived) but also whether any of these threats will render a company’s information systems non-compliant with regulatory bodies.

There are many solutions available today that claim to address regulatory compliance in one form or another, however, when it comes to the endpoints within a corporate network, the functionality offered needs to be comprehensive. A solution that controls and prevents memory devices from being used with a PC is only addressing one aspect of endpoint security, that of data leakage. Even in this instance of device control, data can be transmitted in a number of ways other than via portable memory devices; hence the solution provided is limited even in its own category of security. For a solution to be considered comprehensive in the endpoint compliancy space it has to cover all aspects of activity that may run on those endpoints and be able to remediate problems found.
This should include:

  • Attachable memory devices
  • Modems
  • Activated wireless cards or secondary Network Interface Cards (NICs),
  • Applications
  • Processes
  • Start-up commands
  • Services and even browser toolbars that have the ability to install small pieces of code onto an endpoint.

Without addressing all of these categories, holes will still remain in the endpoint security infrastructure making it easy for an endpoint to fall out of compliance.

Further to the type of threats that the solution needs to identify and eliminate, it needs to be easy to use and by many regulatory standards completely independent to existing security systems. The reason for independence is to eliminate any influence or reliance on other resources for the product to work so that even if other security systems go down this product will still provide information and identify the systems that are unavailable. This should include the availability of security agents deployed on the workstations inspected as well. A comprehensive solution means that if an anti-virus client, or any other security agent, is disabled the problem can be identified and repaired quickly to minimize the non-compliance of a particular endpoint. Being able to address all of the afore mentioned issues in a timely manner gives a company a much needed endpoint risk management solution to keep its internal network from falling out of compliance. Readers should bear in mind that this type of solution should complement the existing security infrastructure and not necessarily replace or interfere with the operational status quo.

Providing this in depth visibility of user activity to security administrators dramatically increases the level of protection they can provide to their organizations maintaining regulatory compliance across the entire company.

Ari Tammam
Vice President of Channels
Ari has more than 16 years of IT security experience and has played a key role in developing innovative strategies and understanding the adoption process of emerging technologies. Working for key companies such as Checkpoint Software Technologies and Accent Software, Ari has a wealth of experience and understanding of the security requirements of all organization whether large or small.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY