Just watching the network isn't enough

Security Manager's Journal: It may be time to supplement monitoring the network with endpoint security.

By Mathias Thurman, Computerworld |  Security, endpoint security

When I visit my company's overseas offices, I'm often asked what we can do to control USB ports and other external connectors in order to prevent the loss of intellectual property. That's a goal I'm always interested in pursuing.

I would say that at this point we have a fairly mature network data leak prevention (DLP) infrastructure. Not that it's near where I would like it to be. We don't have 100% coverage of every egress point in the organization. We're not monitoring our internal LAN traffic, and we don't have all the product divisions signed up to use our DLP tools. But I still consider the infrastructure mature, since we have processes in place for monitoring the network and conducting investigations once we do implement endpoint security technology.

Trouble Ticket

* At issue: The company's intellectual property has to be secured.

* Action plan: Endpoint technology is attractive in theory but hard to implement. For now, port blocking might be all that can be done.

A strong case can be made for doing that, but implementation can be a nightmare. I have the battle scars to prove it.

A couple of years ago, we were swept away by the sales pitch from a fairly new vendor whose offering, it turned out, was rather immature. We decided to try it, and the only good news about what happened next is that the deployment was limited.

Deploying endpoint technology is never easy, and that may be especially true in my company. With so many engineers, we can't maintain a standard operating system profile across the enterprise. And because users have administrative access to their PCs, they are free to install programs; that makes it difficult to keep up with what applications need to be tested with the endpoint DLP technology. Finally, our engineers are often engaged in computer-aided design and source code development, which are intensive applications.

In any event, thinking we had a stable release to try out, we decided to remotely deploy the start-up's technology to our development office in Moscow, where we have 50 software engineers. Many of those engineers' PCs froze or blue-screened. We lost several development cycles as a result and missed the launch date for one of our products.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness