Vendors, VARs Embrace Endpoint Security

With threats changing every day, network administrators struggle constantly to establish policies to make sure that these vulnerable portions of their networks are safe. Many of them approach this challenge with piecemeal policy enforcement procedures that check to see if endpoint users have up-to-date antivirus signatures and software patches.

Thanks to a number of recent VAR- and vendor-generated efforts, however, this piecemeal approach may be a thing of the past.

Earlier this month, at the Network Interop conference in Las Vegas, members of the newly founded Trusted Computing Group (TCG) gained a roster of new members determined to write a spec for security policy enforcement for antivirus, patch levels and intrusion-prevention systems.

This move followed similar announcements from industry-leading vendors such as Cisco Systems and Microsoft, which both say they're working on applications that would force users' computers to be submitted for automated inspections, every time they log on.

"This is an issue on everyone's minds," said Kenneth Phelan, CTO of Gotham Technologies, a New York-based solution provider. "What are currently best practices for lockdown on endpoint systems just don't cut it in today's environment."

Because many of these top-level efforts won't yield solutions until the beginning of next year at the very earliest, a handful of smaller vendors and VARs are taking matters into their own hands. These players are attacking the issue of endpoint security from a more manageable perspective, putting fundamental issues such as policy development and network architecture ahead of broader concerns.

Fremont, Calif.-based Sygate Technologies, for instance, last Monday unveiled a suite of three products that together automate the detection and elimination of all rogue and compromised devices, applications and behaviors from the network. The Secure Enterprise 4.0, On-Demand 2.0 and Magellan 1.0 products provide lockdown-level security across the entire network, said Sygate CEO John DeSantis.

Guy Jammes, vice president of sales at InfoPeople Security Solutions, Ottawa, said the Sygate suite also enables enterprises to automate remediation, forcing users to comply before logging on.

"You can set the products up to approach a situation from the perspective of 'I can make you comply,' " he said, explaining a feature of the suite that sends noncompliant users to a quarantine area, remediates them before letting them back in. "A lot of solutions talk the talk, but it's been a while since I've seen [them] walk the walk like this."

Other vendors offer endpoint safety solutions that target enterprises on a much more micro level. Juniper Networks, Sunnyvale, Calif., offers a product dubbed HostChecker, which resides inside the corporate firewall and scans remote users for the latest security software every time they log on.

Fortinet offers a similar solution. Its FortiClient Host Security software offers IPSec VPN, personal firewalls and centralized policy management.

Even managed security service providers are getting in on the endpoint game. Barbedwire Technologies, Tracy, Calif., features a Windows plug-in that supports POP/IMAP to assist in intelligent spam filtering, and an endpoint-level intrusion-detection system sensor that protects data assets across the board.

Some of the best endpoint security solutions, however, come directly from VARs themselves. At Lewan and Associates, for instance, Don Norton, director of professional services, said the Denver-based company sells consulting services that educate customers to reorganize network architecture around securing endpoints and to redefine security policies across the entire enterprise around that new architecture.

"The reality is that a lot of our customers don't understand the importance of security down to the endpoint," Norton said. "A lot of them are violating security policies and practice because they just don't know, and it's our job to help them figure that out."