Endpoint Protection

I would be very interested to here from any clients who use some kind of managed security services from a third party to understand any motivation or benefits of these services might be. In any outsourced service, the definition of what needs to offered needs to be defined to strict requirements such that the third party can be measured against agreed SLAs.  However, in practice, this is rarely done well so that service expectations are never set correctly. For security services that are complicated and diverse then it would be great to see what the benefit of security services provided by a third party. In addition, any provider of security products usually has an array of products and other services that it can push in through the managed services. Independence in service delivery is very hard to find, often undervalued and badly understood.

So is there a market for managed security services that is not provided by one of the security vendors?  I say not - as it is too hard for independent providers to be seen through the vast array of products offered to the client.

The BBC are reporting a great story on Social Engineers, confidence tricksters who are able to talk their way into organisations and then misappropriate information about that company. Examples include talking on a cell phone with the MD holding the door to let him in unchallenged. Even setting up in an empty office for five days and obtaining account and passwords of employees. Thankfully these examples were performed by a security vulnerability company but a serious point is made. No one knows all employees and yet no one checks identities properly.

The article goes on to report that a recent report from PGP estimated that each piece of data leaked from a firm costs the breached organisation £60. It found that 70% of data breaches were down to insider negligence rather than outside hackers.

http://news.bbc.co.uk/1/hi/technology/7843206.stm

7th Space reports ESET, the leader in proactive threat protection, has been included in leading analyst firm Gartner’s “Magic Quadrant for Endpoint Protection Platforms,” published May 4, 2009.1

ESET is the only company with over 50 VB100 awards and continues to lead the industry with the highest detection rates and zero false positives - the winning formula in malware protection.

SC Magazine reports Information security professionals need to develop a plan. Many have no idea that TCG even exists, he says, but this is no longer acceptable. “Since laptops and desktop PCs will come with encryption ‘baked in’, it is incumbent upon IT and SC Magazine reports endpoint management and security teams to create a plan for phasing in systems with self-encrypting drives and to phase out encryption software over time.”

Information Week reports We start our Rolling Review of data loss prevention products with Safend Protector Endpoint, the lone entry in our DLP mix whose primary emphasis is endpoint security. The other players have strong DLP capabilities at both the network level and the endpoint, but we wanted to include a company that operates exclusively in the endpoint market because not all IT shops want, or can afford, a soup-to-nuts system from the likes of RSA, Websense, or Symantec (NSDQ: SYMC).

Regardless of how large or complex your organization is, battling data loss threats must start with an emphasis on the endpoint. Safend estimates that 60% of corporate data resides on endpoints, and that’s where Safend Protector Endpoint aims its DLP resources.

CBR Security reports Guy Bunker, who is responsible for cloud security strategy at Symantec and sits on the Jerico Forum said, “A common misconception is that because security issues in the main CRB Security reports don’t happen in the data centre but out at the end points, then stuff out in the cloud is going to be more secure and is more resilient against attack. It is not the case.”

Computing reports despite yet more data losses, more organisations are waking up to the need to encrypt mobile devices. How many times do significant data losses have to occur before both private- and public-sector organisations face up to the fact that encryption, whether applied to laptops, USB memory devices, or other mobile devices, is the only sure-fire way of stopping personal and business-critical data from going astray? Recently, four NHS trusts have been found in breach of the Data Protection Act (DPA) by the Information Commissioner’s Office (ICO), and all of them have agreed in future to encrypt all portable and mobile data on devices.