IT overhaul results in cheaper, better endpoint security management

By Ron Condon, U.K. Bureau Chief 18 Jun 2009 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

The buyout came about four years ago, when senior staff bought the building management business from parent company MJ Gleeson Group Plc. As part of the deal, they had use of Gleeson's IT systems for a year, but after that, they were on their own.

IT Manager Mark Hardcastle was recruited to develop the systems that would support the new business, which operates across approximately 30 sites, with 400 computer users. He undertook a major refresh of systems, removing the collaborative GroupWise platform from Novell Inc., moving to Microsoft Exchange, and installing an ERP system from Sage (UK) Ltd.

That kept him so busy that he stuck with existing security systems until this year, when they had reached the end of their three-year contracts.

Hardcastle had inherited antivirus systems from McAfee Inc., as well as Web security products from SurfControl Plc and email security services from MessageLabs Inc. Looking for ways to possibly trim costs, however, he decided to go out to the market and see if he could improve on what he had.

Although Hardcastle researched many multifunction security products, he focused on three popular vendors, in particular: McAfee Inc., Symantec Corp. and Sophos Plc. All three offer a combination of security features aside from antivirus, including email and Web filtering, plus endpoint protection. As Hardcastle admits, all of the products could have done the job.

He eventually selected the new integrated bundle of products from Sophos, called Sophos Security and Data Protection, which incorporates endpoint control features and encryption tools that Sophos added earlier this year when it partnered with German security company Utimaco Inc.

Although Hardcastle bought a single bundle from Sophos, the package itself consists of distinct products for each function -- the WS1000 Web security appliance, the PureMessage email security product, which integrates with Exchange, and the Endpoint Security product that is deployed on all PCs and handles antivirus and network access control.

NAC and endpoint security: The hard questions Joel Snyder covers challenging endpoint security questions and explains how NAC technology can address them.

Because the Sophos WS1000 appliance manages all Web filtering, it meant Hardcastle could dispense with SurfControl, which he says "brought our costs down dramatically." Hardcastle, however, decided to maintain its MessageLabs email service along with PureMessage to both minimise the amount of spam hitting the mail server and provide a second line of defence.

As well as saving money, he says the main reason for choosing the Sophos products was ease of use, and the simple management consoles for Web, email and endpoint security. "We were looking for the easy management of our estate," says Hardcastle. "We wanted something that was easy to deploy, and we wanted to be able to tell if our computers had proper protection or not.

"The [Sophos product] tells us if there are any infections or suspicious files around. With the old McAfee products, we had to manage it a lot more. But now we find that with the Sophos management console, you can get to most things you want to do in one click from the front screen."

At the moment, each of the functions (email, endpoint and Web security) have their own management screens, although Sophos says these will be integrated into a single one in version 9.5, due out next April.

Hardcastle, though, is particularly impressed by the simplicity of the management consoles, which allow him to set granular Web access and endpoint policies within a couple of hours. For instance, he blocks Facebook during working hours, but allows it at lunchtimes. And he is slowly phasing in file encryption, starting with senior staff.

With 70% of the organisation's PCs being laptops, most users tend to work from different offices, on trains and in hotel rooms, and are provided with a 3G Vodafone connection via a VPN back to the corporate network. When they log on to the GB Building Solutions network, their systems are immediately checked to ensure patches and AV are up to date.

If the endpoint protection system detects that AV is out of date, the machine will be updated immediately. If no AV is detected, the machine is blocked and a message is sent to the user to contact the IT department.

The approach to patching is more relaxed. Provided that long-standing patches are not missing from users' computers, they are allowed to connect to the network and work without interruption. In the background, the systems checks with GB's Windows Server Update Services (WSUS) server to see if any new patches have been approved for release, and they will be applied while the user works.

No guest machines are allowed to connect to the network. "If someone comes from outside and needs a PC, we'll lend them one of ours to use," Hardcastle says.

With the new software in place, Hardcastle says he feels most of the transition work is now done. He may tweak some of the policies over time - including an extension of file encryption to more users - but he says the cost-saving and improved ease of management have made the project worthwhile.

Tags: Endpoint and NAC Protection,  Threat and Vulnerability Management,  Security Policies and User Awareness,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint and NAC Protection Considering two-factor authentication? Do cost, risk analysis Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Voice data security risks on the rise, say experts The value of booting from a VHD in Windows 7 Thin-client technologies surge thanks to easier security, says Deloitte A closer look at Internet Explorer 8 security features USB drive security best practices and processes First step in forensics: Create a bootable Windows environment CD Protecting enterprise networks from new mobile application downloads Four things to remember about server virtualization security concerns Threat and Vulnerability Management Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 What to do with network penetration test results Security Policies and User Awareness Cloud-based services require stalwart business continuity plans Preventing phishing attacks: Enterprise best practices CISOs take measured steps to reduce social media risks Increasing information security awareness in the enterprise How to develop a culture of security in the enterprise Creating and enforcing a clear-desk policy Physical security threats: Don't gift your data away Cut down on calls to help desk with cybersecurity awareness training Layoffs prompt insider threat fears, cybersecurity survey finds How to write an information security policy

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary