1. /
  2. Confident Insights Newsletter/
  3. A Closer Look at Endpoint Security

A Closer Look at Endpoint Security

November 6, 2007

Summary

Antivirus and antispyware software, primarily reactive in nature, may have been sufficient to protect vital resources a few years ago, but not today. Proactive endpoint security measures that protect against zero-day attacks as well as unknown threats are now vital to any organization.

Introduction

Organizations today face a threat landscape that increasingly involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to their corporate brand. To stay ahead of this emerging breed of security threats, organizations must advance their endpoint protection.

This article shows how Symantec Endpoint Protection enables organizations to take a more effective approach to protect their laptops, desktops, and servers.

An evolving threat landscape

The latest Symantec Internet Security Threat Report, released in September, offers vivid evidence of the new security threats that organizations must combat.

For example, Symantec’s research indicates that attackers are moving toward using Trojans as a means of installing malicious code on computers. This is typical of the multiple staged attacks that Symantec is observing with increasing frequency. In these attacks, an initial compromise is not always intended to perform malicious activity directly, but to provide a launching point for subsequent, more malicious attack activity.

During the first half of 2007, Trojans made up 54% of the top 50 malicious code reports, an increase over the 45% reported in the final six months of 2006. Trojans are gaining prominence because they generate a low volume of traffic compared to network and mass-mailing worms. As a result, they are less likely to draw the attention of higher-profile threats. Furthermore, malicious code writers may be turning to Trojans because network perimeter defenses and desktop firewalls, neither of which affect Trojans, make it harder for network worms to propagate widely.

The most widely reported new malicious code family during this reporting period was the Peacomm Trojan, also known as the Storm Trojan. This Trojan was spammed in high volumes, prompting Symantec to classify it as a Category 3 threat. When Peacomm installs itself on a computer, it attempts to hide itself using rootkit techniques.

Rootkits are stealth applications or scripts that a hacker uses to gain an undetectable presence on a system, which also provides the hacker administrator-level access to that system. Ready-to-use rootkit applications are now widely available on the Internet, giving inexperienced hackers the ability to use a rootkit without having to understand how it works. Rootkits are often used to collect confidential information such as user IDs, account numbers, and passwords. To detect and remove rootkits, a thorough analysis and repair needs to be performed on an operating system.

Further confirmation of the emergence of such threats was provided in October when online powerhouse eBay announced the results of an in-depth analysis of its threat situation. The company said that online attackers have become more sophisticated, with malware developers now being funded to develop new and improved attacks.

“The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling,” said Dave Cullinane, eBay’s chief information and security officer, speaking at a security symposium at Santa Clara University.

The need for proactive endpoint security

As can be imagined, the growing sophistication of today’s attacks has serious ramifications for an organization’s security measures. Here’s why: antivirus, antispyware, and other signature-based protection measures, which are primarily reactive, may have been sufficient to protect an organization’s vital resources a few years ago, but not today. Organizations now need proactive endpoint security measures that can protect against zero-day attacks and unknown threats. They need to take a structured approach to endpoint security, implementing a solution that not only protects them from threats on all levels, but also provides interoperability, seamless implementation, and centralized management.

Symantec’s approach to endpoint protection provides advanced threat prevention that protects endpoints from targeted attacks as well as attacks not seen before. It includes proactive technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as device and application control features that allow administrators to deny specific device and application activities deemed as high risk for the organization. They can even block specific actions based on the location of the user. In the case of an infected endpoint, security products repair the damage by disinfecting or quarantining the system. The remediation process is then completed by deploying the necessary patch.

This approach calls for consolidating endpoint protection technologies in a single, integrated agent that can be administered from a central management console. The goal is to increase endpoint protection while eliminating the administrative overhead and costs associated with multiple security products.

And such an approach appears to be resonating with more and more organizations. Recently, Symantec released results from a third-party study of Symantec Endpoint Protection beta customers, who quantified the operational efficiencies gained through a single agent endpoint security solution. The study, conducted by the Alchemy Group in August and September, underscores Symantec Endpoint Protection’s ability to reduce the cost and complexity of securing endpoints in diverse business environments. Among the highlights of the study:
  • The ability to manage IT security operations from Symantec Endpoint Protection’s single management console has the potential to reduce the number of current management hours by an average of 75%. One customer expects to save 97% of the hours dedicated to weekly security-related reporting.
  • Symantec Endpoint Protection’s Application Control functionality, which can limit access to only approved applications at the endpoint, can be a key enabler in reducing costs and increasing operational efficiency. Network outages caused by unauthorized peer-to-peer applications are costing one customer more than $2 million annually.
Symantec Endpoint Protection combines best-in-breed protection mechanisms into a single agent to deliver the highest level of endpoint security:
  • Antivirus
  • Antispyware
  • Desktop firewall
  • Intrusion prevention
  • Device control
  • Network access control (optional)
In addition, Symantec Endpoint Protection is network access control ready. The agent can be enabled to provide network access control capabilities that allow organizations to ensure endpoints comply with corporate security policy before gaining access to the network. Symantec Endpoint Protection eliminates the need to deploy additional network access control software on an organization’s endpoint devices.

Conclusion

As global cyberthreats continue to grow, it has never been more important to remain vigilant and informed about the evolving threat landscape. More than ever before, cyber criminals are utilizing more professional attack methods, tools, and strategies to conduct malicious activity.

Symantec believes that effective endpoint security requires endpoint protection technologies to be coupled with endpoint compliance technologies. As a result, Symantec Endpoint Protection is tightly integrated with Symantec Network Access Control, enabling organizations to take a comprehensive approach to endpoint security.

Back to Newsletter