Data thefts in corporate environments happen quite often although many of them remain unnoticed for a long time. Small and medium sized organizations are usually the most badly affected, especially when no security measurements are in place within the IT infrastructure. Recent incidents such as Wikileaks are a very good example of why data theft should be taken very seriously.
Endpoint security software does not only protect and safeguard business secrets, valuable assets and economic resources, they also actively prevent severe damage to the company’s reputation which may be ruined were confidential company information (possibly provided by a former employee) to be leaked.
There are various reasons why an employee or an insider might behave harmfully towards the management or the corporate organization. Employment contracts or confidentiality agreements are, in today’s world, not sufficient to effectively minimize the risk of malicious actions. This is one of the main concerns of management and a real challenge to keep such risks to a minimum.
But what can a system administrator do:
- To detect and monitor anomalies in user access activities?
- To control and promptly block malicious acts?
- To prevent damage to and the theft of confidential data?
I strongly believe that an end point security software would be the right answer for all three questions.
An end point security software would assist a system administrator to effectively manage user/device access rights, to actively control the access of portable devices and to monitor and detect anomalies and occurrences in the corporate network, such as an employee attempting to copy confidential corporate information onto a USB stick.
Today’s portable devices are very smart; they offer large storage and are able to communicate through multiple standard interfaces. This makes it a real challenge for software manufacturers to develop sophisticated end point security solutions that are up-to-date and always capable of controlling these new portable devices.
An ideal end point security solution offers the ability to scan for new unknown devices and to manage them in a centralised device database, as well as the ability to control and instantly block a portable device accessed on a client machine (e.g. laptop) which is temporarily offline and is not a member of the corporate network.
A good end point security software builds on a smart client – server architecture. In such architectures administration servers mainly focus on the configuration, both in the update and in the management of individual agent protection policies. In such scenarios agents are deployed, installed and run independently on different client machines that require protection.
A very good approach is when an agent communicates periodically with the main administration server, so that the agent can retrieve important updates or perform certain instructions immediately. Furthermore malicious activities should be reported immediately to the administrator where a breach of an existing protection policy has occurred on an agent machine.
Reporting is always an essential instrument to keep the administrator up-to-date. But how should the administrator be informed about a breach of a security policy? An SMS via mobile device would be smart; but classic alternatives such as email or a network message are sufficient. Furthermore, a log entry in the activity database or a note on the dashboard would be a great feature for the system administrator.