How do you define endpoint security?
For Austin, Texas-based National Instruments, which develops testing hardware and software, the answer is infection control. The company has about 6,000 endpoints at its headquarters, including Windows 2000 and XP, Unix, Solaris and Macintosh machines. Earlier this year, it deployed eight network access control appliances from Mirage Networks. When the devices detect an infected or attacking computer, they rewrite its ARP tables to quarantine it, then alert the help desk to send a technician.
National Instruments' goal in adopting the appliances was to pick up where patching and antivirus stop. Simply put, not every computer will always have the latest patch or antivirus signature, and this kind of technology helps prevent one infection from becoming 20 or 30.
"Really what we're trying to do here is protect people's productivity," said Brett Childress, the company's director of IT infrastructure. "That's the fundamental theme here: we don't want to knock down 30 people in finance and have them not be able to do their work all day. We want to protect people against the worm du jour."
When it comes to successful endpoint security deployments, National Instruments
Despite the success stories, however, most can't actually agree on what endpoint security [EPS] means, which has implications for future success. "Fourteen percent of all respondents agreed on 'secured network' as the definition of EPS. The next largest group [11%] thinks 'secure devices' is the definition," said Allan Carey, the manager of IDC's Security and Business Continuity Services program.
In short, "the vast majority of respondents provided individual answers, which shows a lack of clear understanding of the definition of EPS," he said. "However, 41% of respondents with the title of president or vice president think that EPS means to be 'free from infection.'"
Score one for senior management.
One risk from the confusion, however, is that senior executives and IT managers won't be on the same page when developing and deploying appropriate technology and processes. "When confusion exists, there is always the risk of misinterpretation, and an incomplete resolution to a problem," said Carey. "Hence, it is extremely important to establish a common understanding and language when discussing any security issue."
Of course the lack of EPS standards doesn't help clear things up. Neither Cisco's Network Access Control [NAC], Microsoft's Network Access Protection [NAP], or the newer Trusted Network Connect from the Trusted Computing Group are finalized.
For the record, then, IDC defines endpoint security as the centralized control of security policies on the client level [laptops, PDAs], and for network access points [internal desktops, kiosks and remote servers].
Because the market is so new, many companies still haven't even bought into the network access control part of EPS. "A lot of them are taking a wait-and-see approach, because a lot of products and solutions out there are young," said Scott Olson, vice president of marketing at Mirage Networks in Austin, Texas. Furthermore while endpoint security vendors tout forthcoming functionality to detect, quarantine and remediate automatically across different kinds of software and operating systems, many IT managers might be happy with currently available, yet more incremental capabilities.
One thing the IDC survey's respondents could agree on was wanting to better restrict employees' ability to control their local computing environments. And soon, they may get it. This summer, Cisco will reportedly announce a new version of NAC that will work at Layer 2 of the network, covering switches, in addition to Layer 3. "Right now they just have router-level support -- VPN and remote access -- but they don't have anything for endpoints joining your LAN," said Mirage's Olson.
But it will be 2006 before full-fledged endpoint security arrives. That's when experts expect the Cisco standard to be complete, and perhaps also Microsoft's NAP, which is tied to the release of Longhorn. "That's when purchases are really going to be made," said Olson. Plus, "you'll see the solutions that are available from technology vendors will become more complete."