Endpoint Protection

The Information Commisioners Office (ICO) or the privacy watchdog has published figures on data breaches that makes disturbing reading. What’s more is that the ICO  is getting so concerned that it will be introducing fines on comapnies and public bodies that recklessly or deliberately break the rules. Fines up to half a million may be imposed on losses of information. In total, 434 organisations reported data security breaches in the past 12 months, up from 277 the year before. This is what Deputy information commissioner David Smith said: “The majority of organisations get data protection right, but regrettably a significant minority of management teams are failing to take data protection seriously enough. Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media.”

Well what a surprise! But what is really interesting and scary is that there are fines coming! But I thought that if you breached the Data Protection Act then you would be fined or sued anyway. However, what is clear is that this affects all businesses; large or small; SMB or large multinationals. So Data Loss Prevention is for all organisations that have personal data stored but it is not sufficient to just use device control, the ICO is saying any data loss from any channel! So does that mean that first generation products that really only do encryption and device control will be replaced by the second generation products that provide device, IM, and all the goodies? I think this is a call to action for vendors to smarten up their act and work with others to gain functionality rather than buy and try to integrate. You can read some more here http://news.bbc.co.uk/1/hi/uk_politics/8354655.stm

Latest reports on conficker infections include not only Ealing Council (see previous post) but also Oxford Brookes University, Manchester City Council and Whipps Cross University Hospital NHS Trust. Prior to this, the Houses of Parliament and Ministry of Defence were infected.

So AV has been proved to be powerless with this worm and even the DLP vendors do not have any defence as they tend to focus on information passing out of the organisation. Application control should be a part of a DLP solution to stop worms from running and spreading to the rest of the organisation. In most cases it is not as AV and most DLP is focused internally not at the endpoint which is the highest risk. Maybe Windows 7 will save us but how many will implement the application control features and AV and DLP. Not many I fear - Take a look at our sponsors product and if implemented will protect against zero day attacks and Conficker worms as well as the normal DLP features.

Computer Weekly reports F-Secure, Kaspersky and BitDefender have been hacked via SQL injection and cross site scripting techniques.

Kaspersky is thought to have had a breach in its US website databases holding information like customer details. F-Secure was thought to have only leaked virus statistics.

Kaspersky reported that they had fixed the vulnerability within 1 hour of detection.

Symantec have released Endpoint Encryption 7. eChannelLine reports that the product is aimed at providing advanced encryption for desktops, laptops and portable storage devices.

Symantec have designed the product to fit in with a wide variety of configurations among is larger enterprise customers. Support is provided for non-domain customers such as Novell eDirectory clients. These users should be able to have a single sign-on experience in a similar way to that of windows clients.

Group policys are implemented so that CD’s for example  that might be burned for use in a closed group of users, access will only be available to members of that group.

Administrators can administer encryption to hard drives for protection of sensitive data when lost of stolen. Symantec is releasing three versions of the software with the full version costing around $110 per seat.

Network World reports on the third security related purchase by CA in recent times. Their new acquisition is the data leak prevention vendor Orchestria. Orchestria provide a number of DLP and information compliance products. Symantec also use Orchestria’s smart tagging technology for use in their Enterprise Voltage product.

CA is said to be working on solutions to administer access control and set security policies based on a users role and identity. Adding Orchestria’s technology and experience to the company will strengthen their DLP offering and compliment their existing product range.

SearchSecurity.com reports on recent Windows vulnerabilities causing certain Endpoint software packages to struggle with the handling of a new exploit. A  zero day exploit affecting Microsoft Windows via an XML flaw was found to return mixed results amongst Endpoint software packages as some failed to contain the attack.

“Only Kaspersky Lab’s Total Space Security 6.0 stopped the exploits cold by blocking URL access. Sophos Endpoint Security and control detected the URL, but only issued a warning without blocking it. However, it did detect and block the exploit.

Symantec’s Endpoint Protection 11.0.2 failed to detect the URL or the exploit, but detected and quarantined the malware payload. Trend Micro’s Officescan 8.0 SP1 R3 performed similarly, but failed to quarantine one of the malware’s two components, apparently because the attack thwarted its ability to gain the necessary permissions.

Both McAfee’s Total Protection for Endpoint and AVG’s Internet Security Network Edition 8.0 failed to detect and stop the attack at any of the three stages.”

Kaspersky, founded in 1997 with its HQ located in Russia is the latest large security player to throw its weight and experience into the Endpoint Security market.

Endpoint is an emerging market in the security field built around the need to identify and protect sensitive data in our ever more mobile world. Symantec have already firmly established themselves in the Endpoint arena with their Endpoint Protection product.

Vnunet reports on Kaspersky’s prediction that they expect to enter the top 5 Endpoint Security vendors in 4th place behind Trend Micro by the end of the year.

Kaspersky believe that their technological investment and expertise will provide the extra value needed to become a market leader.