Sunday, 15 November 2009

Endpoint Protection should no longer be optional!

Most environments will run a firewall and anti virus software on the computers.

We start to take it one step further where we monitor/filter the users web traffic; we scan inbound (and sometimes outbound) emails; we secure inbound traffic to our networks with a combination of anti virus software, firewalls, reverse proxying, NACs, SSL-VPNs with access policies and two factor authentication; we secure our internet facing services with web application firewall, but this level of protection is often to prevent threats from outside of our organisation.

We all hope we can trust our work colleagues and employees, but an often overlooked security option is what our internal staff may either intentionally or unintentionally cause harm to the the internal systems.

I have a seen a few endpoint protection solutions, and they are either lacking in functionality, or have a wealth of features coupled with a price tag.

I was asked to trial a new offering from Cyberoam, who have previously focused on UTM firewalls and SSL-VPN solutions, but looking to expand their security offering have now produced an endpoint solution, which they have called Cyberoam Endpoint Data Protection (aka Cyberoam EDP).

The Cyberoam EDP solution comes with four components, where you can pick and choose which components you require.
  • Device Management
  • Application Control
  • Asset Management
  • Data Protection and Encryption

The Device Management component allows you to define which hardware components can be used on your endpoints. So you can limit access to hardware which are either build in or plugged in, such DVD writers, USB memory sticks, external hard disk drives, etc.

The Application Control component allows the access and blocking of applications, such as peer to peer and IM from either a legality or IT policy persepective, or software such as Photoshop and Office, where you can ensure that they software is only used on certain hardware to maintain correct license useage of software (ie not allow the software to run on more machines that you are legally allowed to)

The Asset Management component allows the auditing and tracking on hardware on your network, and what software is installed where. There is also version tracking, so you can see hardware and software changes within your network.

The Data Protection and Encryption component allows you to create policies to prevent data from leaving your company. These policies can be applied to email, IM and removeable devices, so certain file types or file names can not leave via these transport methods. You also shadow message transfers, so you have records of IM conversations and emails!! The encryption fucntion is for removeable media or when files are transferred.

I tested this on my network and all the functions works perfectly in my test environment, but the limitation was that Windows 7 operating systems and 64-bit operating systems were not supported at time of testing. ( I had a number of Windows 7 machines work perfectly and a couple that did not work, as well as some fuctionality from a 64-bit Windows 7 laptop) The Windows 7 element of the software is currently being tested and a fully supported version of the software is due out soon.

I believe this prodcut will give enterprise levels of security to the SME market.

More information as well as a 30 day free trail is available here:

If you try it, I'd be interested in your feedback. :)

No comments:

Post a Comment