Camsoft
        HomeAboutCustomer Relationship ManagementData SecurityeCommerceContactsVirus ListingsUseful Links

 

   ENDPOINT PROTECTION
  INTRODUCTION
As security threats continue to increase and become more sophisticated, IT administrators are faced with the challenge of protecting all endpoints on the network while keeping day to day business processes running effectively in an organization. The implementation of security technologies to fight current threats is important, but the management of these technologies must also be easy and straightforward. IT administrators must alleviate the volume of threats in the enterprise caused by remote workers, partners, and external and internal employees. One of the most significant challenges for IT administrators is the constant flux of the security environment, which can be exacerbated by a lack of administrative resources to effectively manage security technologies. Installing a security solution can be especially difficult if productivity is affected as a result of a slow implementation process. A simplified and integrated solution can help IT administrators minimize the burden that most organizations face when implementing a security technology. Some of the business challenges faced today as a result of the evolving security landscape include problems with implementation, administration, effectiveness, and operational complexities. Microsoft Forefront Client Security (FCS) can help alleviate these challenges because of its unified protection, simplified administration, and comprehensive reporting capabilities. Microsoft Forefront Client Security proves to help reduce Total Cost of Ownership (TCO) through enhancement of performance measures. In addition, independent reviews from AV-Test.org and West Coast Labs, as well as a survey from Value Prism Consulting, prove that when using FCS, IT administrators are able to concentrate on business objectives while security challenges are reduced.

THE CHALLENGING SECURITY LANDSCAPE
The security landscape has changed dramatically in the past five years. In the past, hackers developed attacks for fun and recognition, but the paradigm has shifted away from pranks and now embraces hacking for profit. Hackers are increasingly involved in international organized crime and as a result, attacks have become more focused on obtaining specific types of data. Thus, threats are more advanced, application-oriented, and frequent. An example of the security threat landscape can be seen in the December 2007 Security Intelligence Report from Microsoft. The research offers an in-depth perspective on unwanted malicious and vulnerability software trends including the following statistics:
  • The second half of 2007 showed a 15% decline in new vulnerability disclosures, but high severity vulnerabilities continue to increase.
  • Malicious software has become a tool used by skilled criminals to target millions of computer users worldwide
  • Once largely an e-mail-based phenomenon, the number of phishing attempts on social network sites is increasing.
  • 129.5 million pieces of potentially unwanted software were detected between July 1 and December 31, 2007, resulting in 71.7 million removals. These figures represent increases of 66.7% in total detections and 55.4% in removals over the first half of 2007.
  • Adware remained the most prevalent category of potentially unwanted software in the second half of 2007, increasing by more than 66%, from 20.6 million detections to 34.3 million detections.
Although the number of reported vulnerabilities decreased in 2007, Internet threats from adware and phishing attempts continue to rise. Prevalent applications such as operating systems and mainstream software were targeted less, and the focus has shifted to customized, in-house applications or web applications. This has attracted the attention of hackers mainly due to the shift in focus in traditional network security. Phishing and adware attacks continue to remain a popular route to attack individuals, and the use of social network websites is an increasing threat to organizations. High severity vulnerabilities continue to increase and account for approximately 67% of all reported vulnerabilities.

As the security landscape continues to evolve, it presents difficult challenges for IT administrators who are charged with protecting client data from numerous advanced threats. While doing this, they are challenged by the changing workforce that requires access to information from multiple endpoints. As a result, IT administrators must work in a proactive rather than reactive mode.

This can be particularly difficult since organizations are increasingly in a position where employees utilize technologies that the organization is not ready to support. At the same time, IT administrators have to be able to allow access to corporate information and manage all the endpoints effectively. To protect critical information from attacks, organizations have rushed to implement several infrastructure silos such as anti-malware, anti-spyware, firewalls, and network access control (NAC). The implementation and management of these siloed solutions has significantly increased operational complexity for IT administrators.

Another challenge that IT administrators continually face is the increased need for compliance within regulatory environments. As attacks become more sophisticated, organizations are forced to find new ways to protect consumer and financial information. To achieve that goal, it becomes necessary to secure all endpoints from data corruption or from data loss, while also managing the systems on a daily basis in a manner that provides wide visibility into the managed systems.

A LOOK AT THE EVOLUTION AND HISTORY OF ENDPOINT SECURITY
The endpoint security market has evolved as a result of new threats, but it has also resulted in confusion for IT administrators. In the 1990’s, anti-virus software emerged in response to malware and evolved to include endpoint security. The first virus appeared in the 1980’s followed by worms, macro viruses, and spyware. Polymorphic viruses soon appeared and anti-virus vendors had to address threats at the application layer versus the operating system. Behavior techniques were addressed over signature-based applications. In 2005 botnets arose on a rapid global scale and provided the tools that propelled a dramatic increase in cyber crime. As complex threats and attacks continued to rise; the endpoint security market emerged to combat the newer and more sophisticated threats. With the increasing complexity of threats, systems can be infected by a variety of malware, namely:
  • Bots — through spyware and adware, bots install malware on a computer and use it as their zombie to send spam or attack other computer systems.
  • Phishing — through adware or spyware, people are directed to malicious sites that look legitimate, such as a small bank or social networking site. Criminals have been found to target smaller, less-popular sites with data-theft (phishing) scams. However, large companies are becoming tougher and riskier to target as they are responding quickly to phishing attempts by providing increased security.
  • Drive-by Download — sites hosting exploits can install adware, spyware, bots, or other malware without the knowledge of the computer user. Drive-by downloads can happen simply by visiting the wrong website, viewing an e-mail message, or by clicking on a deceptive popup window.
  • Spam — spam can be used to seed malware or spyware directly as an attachment, or point the user to a site hosting an exploit to do the same.
Today’s most common malware attacks include:
  • phishing,
  • botnets,
  • instant messaging,
  • online gaming,
  • windows vulnerabilities,
  • adware.
Security vendors have implemented various technologies to protect against malware, but have also increased the level of confusion among IT administrators needing to manage the endpoint security network. Thus, a more holistic approach to endpoint security is needed that will continue to protect and manage an organization’s network, while simplifying the management of the solution.
IT administrators continue to be frustrated by the wide variety of threats that they must be prepared for and as they try to implement multiple technologies to protect endpoints on the network this proposes several strategic business challenges.

CURRENT BUSINESS SECURITY CHALLENGES
Administration Challenges
The demands for IT administration to protect all endpoints on the network while maintaining usefulness of the endpoints as flexible business tools can be challenging. One has to wonder how this can be done as IT administrators face numerous challenges on a daily basis due to drastic increases in the administration workload over the past 15 years. IT objectives have also changed from the time when a basic security perimeter could protect an organization from most threats. Today, a basic security perimeter is merely the starting point for the IT administrator who not only deals with concentric circles of security, but also with regulatory compliance, as well as complex and hidden internal and external threats. As technology development continues to advance at a rapid pace, the recommended list of technologies to deploy for endpoint security is growing and keeping up with the changes is a daunting task. Implementing a variety of technologies for each endpoint can be time-consuming and the availability of IT personnel to perform the implementation is frequently a concern. A solution that requires fewer time-consuming tasks and provides better manageability of the various endpoint security technologies could help organizations better utilize limited numbers of IT personnel, while also increasing endpoint security.

Implementation Challenges
Many organizations struggle to implement adequate security measures and the challenge becomes even greater at large organizations with tens of thousands of users. While organizations understand the importance of implementing endpoint security technologies, they continue to be challenged by the negative impact on productivity, IT complexity, and operational costs associated with the need to implement security solutions from multiple vendors at different times. The implementation of client security solutions can cause fragmentation of security technology as a result of too many point products, poor interoperability, and lack of integration, which makes it difficult to respond to threats accordingly. Since many security solutions have their own management infrastructure, related management costs can be ongoing. Implementation of the various silos should be easily achieved without forgoing security. For these reasons, a holistic, multilayered defense and in-depth security approach will help reduce risk and better manage a network infrastructure.

Effectiveness
An effective security solution must address the evolving security landscape that consists of blended threats and zero-day threats. As threats continue to evolve, the ideal endpoint security solution for an organization needs to be one that does not slow performance and can deal effectively with certain types of malware. When malware is found, a user with an ineffective solution will suffer disruption in work, thus inhibiting productivity. An ineffective endpoint security solution can cause IT administration frustrations if it uses high system resources usage and slow boot times. With an effective solution, a user should not suffer from increased system lag when performing day-to-day operations on their office machine. Moreover, administrators can focus on critical business objectives, productivity enhancement, and reducing operational costs.

Operational Complexities
Anti-virus, anti-spyware, NAC, and other security solutions help protect an organization from threats, but managing multiple solutions for all endpoints that connect to the network remains a difficult task. Implementing several management consoles, each of which are responsible for running different policies and reports, can be overly complex and difficult to manage effectively. Ideally, the administrative control used by IT departments should reduce complexity and costs related to deploying multiple security solutions.

Total Cost of Ownership (TCO)
The effects of using an inefficient solution can, over time, significantly increase overhead costs in the IT department and negatively impact employee productivity across the organization. Common organizational problems include:
  • Reduced employee productivity as a result of slow application performance and downtime,
  • Increased administrative overhead costs as a result of managing multiple endpoints, consoles, and reports,
  • Increased risk of losing business-critical information, and
  • Increased cost of infrastructure investments.
Organizations can be negatively impacted by one or all of these problems if an adequate security endpoint solution fails to address all of the issues listed above.

ABOUT MICROSOFT FOREFRONT CLIENT SECURITY
Microsoft Forefront Client Security improves endpoint security and enhances productivity while minimizing operational costs. The solution includes unified protection from viruses and spyware for the client and server operating system. It also simplifies administration through a central management console, includes visibility and control of security reports, and also protects worker productivity across an enterprise. Unified Protection Forefront Client Security offers unified malware protection for business desktops, laptops, and server operating systems by providing an integrated anti-virus and anti-spyware engine to scan endpoints in real time. Advanced protection is accomplished through a variety of technologies including static analysis and emulation, heuristics, tunneling signatures, advanced system cleaning, and event flood protection. According to independent research conducted by AV-Test.org, Forefront Client Security is greatly effective against malware and its detection rates are extremely competitive. AV-Test.org found that Microsoft had a detection rate of 96.1% in November 2007 and in March 2008, the detection rate increased to 97.9%.

Simplified Management
Forefront Client Security offers simplified management that allows enterprise-wide policy deployment through a single management console. The ability to offer a solution that easily integrates into other Forefront security solutions enhances administrators’ control. One policy is used to manage client protection agent settings such as scan schedules, signature update frequency, security state assessment settings, and alert levels. Forefront Client Security can also configure alerts, specifying the type of alert, level control type, and volume. Alerts alone will notify administrators of high-priority incidents including malware detection, a failure to remove malware, a malware outbreak, and if malware protection has been disabled. Through this simplified management, organizations can use fewer personnel resources to manage security issues and help desk calls. When organizations need to implement over 10,000 multiple client security users in the enterprise, implementing the Forefront Client Security Enterprise Manager eases the administration load. Through Enterprise Manager, IT administrators can centrally manage multiple client security deployments easily in the enterprise environment. Enterprise Manager consists of several main features including:
  • Aggregation of reporting and alerting information from multiple client security deployments. Aggregated information is viewable in a single console and reports are generated from the aggregated information.
  • A single location for management of client security policies.
  • A single location for initiation of enterprise-wide, anti-malware scanning.
Reporting and Visibility
The management console provides one dashboard visibility into threats and vulnerabilities across the organization. Insightful, prioritized reports can be produced that provide administrators better control over malware threats. The dashboard provides a snapshot of the current malware security status using real-time data and current malware trends. Reports also allow administrators to drill down to critical information and gather additional details such as which machine on the network has a malware problem. Through security state assessment, scanning alerts provide detailed reports that will summarize which PCs have not had the latest security patches and/or have not connected to the network recently. This assessment reporting can answer questions related to compliance, vulnerability trends, and risk.

Overall Performance and Effectiveness
Unlike other endpoint security solutions, Microsoft Forefront Client Security offers a solution that provides adequate performance measures. According to a study by West Coast Labs, a series of performance benchmarking tests and metric-based process evaluations found that Microsoft Forefront Client Security had the best performance on average. The products tested included:
  • Microsoft Forefront Client Security
  • Trend Micro OfficeScan™ Client/Server edition
  • Symantec Endpoint Protection
  • McAfee VirusScan Enterprise
The objective of the test was to determine performance measures of Microsoft Forefrontagainst market leaders such as Symantec and McAfee. Testing was performed from a network of Microsoft Windows Vista Business Ultimate clients and a Windows 2003 server. According to West Cost Labs, the Microsoft Forefront Client Security installation routine was both rapid and informative, providing a reasonable degree of customization. The results show that scanning times were faster than the average value for other vendor solutions being tested. There was a lack of impact on client system resources, which enabled increased efficiency in productivity. In addition, when malware was found, much of the reporting was processed on the server(s). The immediate benefit of this feature, and not found in the other solutions tested, was that the user experiences minimal work disruption.

Reduced Total Cost of Ownership (TCO)
The overall effectiveness and performance measure of Microsoft Forefront Client Security enables the solution to affect significant total cost of ownership (TCO) reductions. According to a current TCO study performed by Value Prism Consulting on Forefront Client Security customers, noticeable savings and cost reductions were seen. Value Prism Consulting surveyed eight customers that switched to Forefront Client Security and measured TCO changes. According to the participants in the survey, many of these savings were a direct result of Microsoft Forefront Client Security unified protection, simplified administration, and enhanced visibility and control.

CONCLUSION
As the endpoint security market continues to evolve, organizations will continue to face many strategic business challenges and IT administrators will need to implement layers of defenses that protect corporate data. An endpoint security solution that eases this complexity will enable administrators to focus on the core business objectives of the organization rather than spend increasing amounts of time and resources managing a complex matrix of siloed endpoint solutions. A solution that offers features such as simplified management, easy integration, enhanced performance, as well as visibility and control, will ensure that businesses continue to operate effectively. Microsoft Forefront Client Security addresses many of the business challenges related to implementation, administration, effectiveness, operation complexities, and TCO. With Forefront Client Security, the ability to offer unified protection with simplified management through enhanced reporting and visibility proves to be an effective enterprise endpoint protection solution.

Back To Top

Company Mission Statement
 To strive for growth in our customers, suppliers and employees and to conduct business
in an intelligent and responsible manner with the best intentions at all times.

Copyright Camsoft 2007. All rights reserved. O&OE.