Achieve true end-point security

When it comes to network access control, are vendors offering products for comprehensive end-point security asks Ari Tammam

End-point security should address both hidden potential threats and actual weaknesses at the end point. Many vendors offer products that resolve specific end-point-related security issues and describe these as end-point security solutions, but this is misleading.
For example, vendors offering products that control use of memory sticks, digital cameras or other types of USB memory device are not offering end-point security, but device control. Vendors offering application control products are only covering one category of
security threat; even networks that lock down installations so that only approved applications may be installed leave the end point open to other security breaches.
Combining commodity security products, such as firewalls, anti-virus and behavioural IDS/IPS, is not an end-point security solution. These products should be obligatory for firms that want safe networks.
The layer of end-point security needs to cover processes, services and their configurations and start-up commands, plus application and device control. Add a form of change control that can identify a bypassed proxy or disabled group policy, plus functionality that includes detecting multiple network connections from a single PC and one is closer to a full view of an end point’s activity while connected to the network.
A comprehensive solution also needs remediation capabilities to minimise the impact on administrators managing the company end points and should address misuse, misconfiguration and malicious activity. Most network access control (NAC) products prescribe quarantining end points that do not conform to company policy; they also suggest that each end point should exhibit a specific set of security requirements and be without malware infections before admittance to the network.
However, they are often performed only when the end point joins the network.
So, while NAC has its benefits and provides a barrier against infected end points from joining a clean network, it is only one part of end-point security. Unless a
NAC solution offers complete end-point security on a continuous basis, it must be seen as a
product that merely complements end-point security.
Ari Tammam is channels vice president at Promisec.