5 Simple Solutions for Developing a Collaborative Endpoint Security

W H I T E P A P E R






Developing a Collaborative Endpoint Security
Solution: Why perimeter security is not
enough.
By Mark Edmead

Developing a Collaborative Endpoint Security Solution: Why perimeter security is not enough.
TABLE OF CONTENTS Developing a Collaborative Endpoint Security Solution: Why perimeter security is not enough. Overview............................................................................................................... 3 What is Endpoint Security?...................................................................................... 4 The Business Need for Security ............................................................................... 5 Business Assets Are At Risk..................................................................................... 5 The Threats Are Increasing..................................................................................... 6 Technology Best Practices....................................................................................... 7 Strong Security Policy............................................................................................. 8 Hardware and Software Inventory. .......................................................................... 8 Scan Ports and Services.......................................................................................... 8 Patch Management................................................................................................. 8 Security Management. ............................................................................................ 9 Conclusion............................................................................................................. 9 About the Author.................................................................................................... 9 Corporate Background ...........................................................................................10
Copyright © 2006 KACE Networks, Inc. All rights reserved. 2 Developing a Collaborative Endpoint Security Solution: Why perimeter security is not enough.
Overview The classic definition of information security states that the goal is to protect information from possible breaches in confidentiality, integrity, or availability. Attacks come from many different places. Exposure to threats is all around us. Increased connectivity to the Internet results in more threats. These threats, combined with the vulnerabilities and weaknesses of our systems, result in a potential risk to the infrastructure. Information security is not a standalone process. Security is not a separate entity, but should be considered as a critical element of your business operations. More importantly, information security is more than just a product you install on your network. Technology is an important aspect of security, but two other areas also require consideration. Security is comprised of technology, processes, and people. Each element is a critical point of the information security triangle. A change in one of these areas affects the other two. For instance, if a company applies new technology, such as a wireless LAN, they need to consider how the introduction of this new technology affects the processes (business or technology) involved and the people using (or operating) the technology. What this means is that an effective security approach goes beyond just applying technology. An effective security infrastructure addresses not only the technology, but also the process affected and the people involved in the use (or management) of the technology. People manage technology devices and security configurations; this is where many security problems reside. Unfortunately, people are the weakest link when it comes to information security. THE SECURITY TRIAD Information security can be implemented in a number of different ways. The main focus of information security is to protect an asset from a breach in confidentiality, integrity, or availability. Confidentiality means that the information or the asset remains available only to the authorized individual or process. Integrity refers to making sure that there are no unauthorized changes to the asset either by authorized or unauthorized individuals. Availability means that the information or asset is a... [download for more]