Endpoint Protection

Ealing Council is facing a bill for over £500,000 after a member of staff plugged in an infected memory stick into a PC. The virus spread. The virus infected Ealing Council systems for several days after introduction at the housing department requiring emergency IT work and interruptions to services such as parking fines and library systems.

It also seems that the council’s telephone systems were affected. It stopped AV functioning and blocked access to Microsoft support sites as well as contacting other websites at random.

What can one say? (I told you so springs to mind but that would be chirlish). There are products that would have stopped this from happening but the reliance on AV as the main security barrier was found lacking.

What is needed is a thing called Application Control. This function stops any application whether a legitimate application started by the user or a malicious virus running on the endpoint. Windows 7 will have this feature as part of the Operating System but that is not out for a while and it will take years before everyone upgrades. So what do you do? Well look at some of the existing products that already provide this capability for XP and Vista such as Versec from Guardian Technologies. It scans permitted application images into a database which is then compared with the image that the user would like to run. It either permits or prevents as required.

So security guys at the councils get wise and look at what employees are doing on your systems. Data is spread everywhere, running unauthorised applications on endpoints, storing inappropriate content, using unsecured IM - all lovely ways for viruses to get in and data to get out!!

If you want the full story go here. http://news.bbc.co.uk/1/hi/england/london/8237085.stm