Endpoint Security’s Shifting Focus

Endpoint security
Open IT Forum
In the past, endpoint security has focused on protecting endpoint devices, managing this by installing software on these devices. The traditional office, however, is changing, with increasing remote users, telecommuters and road warriors taking these devices on the road, into unknown wireless networks. Now the focus on protection has shifted to protecting the network from both outside attackers and the vulnerability that insiders pose. Is your endpoint security focus shifting? How do you or how does your company manage endpoint security? What do you view as the highest threat to your network and how do you protect against that? This question was inspired by an article at Tech News World.

Answer Wiki

Thanks. We'll let you know when a new response is added.

We have disabled usb ports, cd writers and enabled strict policies on mobile devices that communicate with our email servers. These things can be enabled if there is a legitimate business need only. it is a challenge to protect from within as well as from out and awareness and a plan of action is necessary to safegaurd coporate information these days. The focus does now need to encompass both internal and external in my opinion.

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • jinteik
    yeah my office does the same too last time...they disable the USB port and CD/DVDROM not only in windows but in the BIOS and lock up the bios.. as for printer, only some computers are allowed to print. we don't allow any vendors to connect their laptop to our networks. we too dont allow OWA and there is no wireless device in our office.
    18,995 pointsBadges:
  • TomLiotta
    We tend to have other forms of control. We don't block USB/CD/DVD, either because most of the PCs can't operate without them (e.g., mouse/keyboard devices are USB and no dedicated mouse/keyboard ports exist) or because it's almost trivial to simulate on disk (even a simple DOS SUBST command can "substitute" a directory for a CD/DVD drive letter). And who needs a printer to get copies of documents if I can view them on my PC monitor, while simultaneously recording hi-res video on my cell phone? We run all common protection methods, e.g., AV, etc., and perform regular audits over automated monitoring. We authenticate and authorize according to job/position. We maintain a security policy and publicize it, along with notification of changes. As a software vendor of network security, auditing and compliance products, we're in a position where many employees can know more details about how to cause trouble than there are safeguards available. We've tended over the past decade to move towards a focus on relationships with employees and less on obstacles made of software or hardware mechanisms. Fundamental safeguards will always be in place. This protects from mistakes made by the best of us. But clear authentication combined with authorizations that are capability- and object-based, for employees who have a solid relationship with their employer and who always have access to a good security policy, into systems with strong monitoring, all tend to make most issues disappear. Certainly, there is a potential for serious malicious damage by insiders. OTOH, I've yet to see any other environment where that wasn't true anyway. Tom
    125,585 pointsBadges:
  • Chippy088
    I agree with Tom on this one. Control through Active Directory can only help to control normal users. If you can set a control, it can be unset. I have the knowledge to circumvent many controls, and write scripts that get information from the system and have had to do it for clients. Disabling physical ports and devices is only viable if the user doesn't boot in safe mode. A thumb stick with an OS on it can be booted (sometimes) this way, Passwords for access to bios functions are a must. I think the safest way for security is using Virtual machines. 90% more effective in controlling users trying to bypass security controls, as the local physical devices are not used in saving/printing. Mobile devices are a bigger headache. They have to be controlled, but be flexible enough to allow comms from off site access points.
    4,625 pointsBadges:
  • mitrum
    I disabled USB ports and CD/DVDROM, Blue tooth, micro SD, MMC etc. in my organisation.
    810 pointsBadges:
  • ITKE Update: Cool new things around the site - ITKE Community Blog
    [...] what the enterprise IT community thinks about certain timely topics in IT, from tape storage to the shifting focus of endpoint security. Search through the Open IT Forum tag to get what today’s enterprise IT professionals are [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: