- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
|
|||||||
The fast-spreading plague of Internet-based viruses, worms and Trojan horses has turned the Internet into the technological equivalent of a ghetto filled with crack houses. To protect their networks, security specialists have turned their gaze toward end-point security strategies that promise to check the security posture of the client machine before it connects to the network.
In the LAN arena, everyone from Cisco to Microsoft has come up with an end-point security architecture. Because SSL VPNs bring remote users into the network, end-point security strategies have crept into SSL VPN products. If anything, the argument is stronger: A remote access user is more likely to be in unfriendly or uncontrolled network environments, and thus, in greater need of evaluation.
SSL VPNs offer their own innate protection against viruses and malware. When SSL VPNs are used as Web proxies, the end user doesn't have direct access to the network. Therefore, the most vicious threats are not directly relevant. This turns out to be a very good thing, because our testing showed that end-point security in SSL VPNs is so poorly designed and implemented that it will only work in certain constrained cases. If there's a train wreck of a technology in this product niche, end-point security is it.
| Tracking where SSL VPNs meet with end-point security click here for chart (popup). |
End-point security technology can be delivered in several ways. Several vendors, including AEP and Array, lean entirely on a third party, Sygate (now owned by Symantec), to provide a centralized model for security scanning. The theory is that if you have Sygate for some other purpose (such as a personal firewall), then you can integrate cleanly with an existing system.
Other SSL VPN vendors, such as Aventail, integrate with several third-party tools, giving you a choice based on your corporate standard.
The final delivery option for vendors is to grow their own. Vendors put together their own technology, often in combination with some OEM product, such as the Opswat software development kit. Aventail, Caymas, Check Point, F5, Fortinet, Juniper, Nokia and Nortel all build their own end-point security software to varying degrees.
Sometimes end-point security is delivered as part of the product; other times, it's an add-on at extra cost.
why is all the hubbub about this guy blocking access to everyone else? Worst case they can contact the...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment