Security Managers Take Heart
By Carol Baroudi, Partner
IT security is out of hand – too many security threats, too many security products, too many devices, too much at risk. Corporate Security Officers and IT Security Managers tasked with determining how to effectively spread finite budgets across seemingly infinite vulnerabilities live knowing they can’t cover all the bases.
The Need for Integrated IT Security
The world is crying out for integrated security, but we haven’t seen much offered that’s affordable, scalable and genuinely effective. For the most part, corporate IT is charged with picking an assortment of point solutions and praying that it’s good enough. As threats escalate, holes in the scheme leave an organization more and more at risk.
A Different Point For Integration
Security integration has focused on keeping bad guys (and their digital emissaries) out. To do this has meant trying to plug every conceivable hole. The problem is holes continue to emerge – new software releases, new configurations, new mis-configurations. What if a viruses, Trojans, worms, hacker utilities – indeed any unauthorized software – simply could never run? What if users, devices and program are linked together so that there is central control over who could use what device and run what application?
This is the integrated thinking that is behind SecureWave’s security products. In concept, and in practice, it means defining and establishing trusted executables and trusted devices. And while its implementation involves a good deal of sophisticated engineering, the approach is fairly easy to understand.
Consider first the idea of trusted executables. What is required is a “White List” of what is allowed to run and who is allowed to run what. Once a record of this is established for every PC or server in the network, it is possible to prevent anything else running unless and until it gets approval. A policy that defaults to denying a program from running can be established.
SecureWave’s Sanctuary Application Control implements such a white list and can implement such a policy and, if desired, a security policy that is far more sophisticated in determining what can run and what cannot. Consider what this means. If only valid authenticated programs can run, then viruses, Trojans, worms, hackers or invalid users of any kind, never get a foothold.
Sanctuary Application Control not only keeps a record of what is allowed, but also takes a “fingerprint” (a SHA-I hash signature to be precise) of every executable that is allowed and only allows it let it run if the fingerprint matches. This stops foreign executables and any kind of corrupted executable in its tracks.
Now consider trusted devices. We have two issues:
? Who can use a given device
? What can be added to a given device
PCs come with multiple USB ports into which a wide variety of devices can be plugged: memory sticks, external storage, scanners, PDAs and much more. PCs also arrive with CD and DVD drives and some still have floppy disks. SecureWave’s Sanctuary Device Control provides a similar “white list” approach for this problem too.
The IT security threat involved here is two fold as well. On the one hand intruders may try to break into a network using hardware devices of some kind, devices that can plug into a PC or wireless devices or even by adding new devices to a network. On the other hand, valid users may unwittingly (or even deliberately) plug in devices that compromise the security of a PC or the whole network.
Sanctuary Device Control can lock down or disable all such devices or simply put them “in quarantine” until authorization for their use is provided.
An Enterprise Solution
SecureWave provides Enterprise software not PC software, covering servers as well as desktop devices. A Management Console allows an administrator to define and change policy and to see machines that are attached to the network, what devices and ports they have, who the users are, and what the applications are. The Management console also shows an audit trail of all activity on the client devices it monitors, including a complete record of any illicit attempts to gain access to any computer. This acts as a strong deterrent to internal staff attempting to gain any kind of unauthorized access.
The SecureWave customer list includes NATO, the US Dept of State, the US Navy and the UK Ministry of Defence. Hurwitz & Associates believes SecureWave has taken a highly intelligent and common sense approach to making the enterprise more secure and done the Industry a great service by simplifying the IT Security buy.