Endpoint Security: StillSecure's CTO Mitchell Ashley
By Danny, IT-Observer
Wednesday, 5 October 2005 12:05 EST



Mitchell Ashley is CTO at StillSecure where he is responsible for the product strategy and development of the StillSecure suite of network security products. In an interview with IT-Observer, Mr. Ashley discussed end-point security, it challenges and provides businesses with tips to ensure end-point security.

IT professionals keep using the buzz words 'endpoint security', though few can tell what it is. What is your definition of 'Endpoint Security'?

Endpoint security is very broadly used term. There are really three definitions of ‘endpoint security.’ The first is the traditional, yet outdated, definition which refers to anti-virus software and personal firewalls. Recently, endpoint security has been expanded to generally refer to locking down or securing any end-user device (e.g. laptops, desktops, etc.). This was a very device-centric view that focused on securing endpoint devices that are managed by the corporate IT organization. That excludes a large number of devices which are “foreign endpoints”, those which corporate IT does not secure or manage such as visitors, contractors and employees home PCs.

Today when people speak about endpoint security, they are referring to network access control, a network-centric view that focuses on making sure all endpoint devices connecting to the network are free from worms, Trojans, and viruses, and meet security standards as defined by the organization’s security policies. Using true network access control as we know it today, devices are quarantined (or given limited network access) until they are remediated and compliant.

Access control, firewalls and client policy compliance - what's their relation to endpoint security?

All three of these are aspects of endpoint security but each tool meets different requirements.

Access control, for example, allows network administrators to limit end-user access into the network depending on security posture of the endpoint device.

Personal firewalls compliment access control by restricting the network services that can be accessed and are available into the device.

Endpoint policy compliance is about testing the security posture of an endpoint device against policies that have been pre-set by an organization.

Together, these solutions ensure that endpoint devices are safe to connect to the network.

How do centrally managed client security and endpoint security complete each other?

Centrally managed client security is one aspect of endpoint security. While centrally managed client security works well for enterprise owned and managed assets and controlling in-house endpoints, it cannot control those which are unmanaged by the organization, what we call foreign endpoints. Endpoint security, specifically network access control technologies, can manage both managed endpoints as well as foreign endpoints (such as laptops and PDA’s owned by contract workers, guest visitors and/ or employees who work from home and VPN into the network).

The most flexible endpoint security solutions test the security of an endpoint device with a number of options – including agent-less, ActiveX plug-ins (network installed agents), and pre-install agents – and security professionals can deploy the one or combination that works best for their work environment. The first question administrators should ask themselves is whether they are only concerned about enterprise-managed devices or all devices connecting to your network. That will direct them down a certain path. For example, administrators shouldn’t select an agent-based approach if they’re worried about contractors, employees working at home, and so on. A true agent-less (not ActiveX) is the best option in these cases.

What are the challenges with endpoint security today?

Solutions that force use of a client (or agent) limit effectiveness due to the cost of deploying devices, ongoing device management, etc. True agent-less solutions, such as StillSecure Safe Access, can address both managed and unmanaged devices effectively by offering the flexibility to network administrators that allows them to give access or quarantine end-users based on their employee status (e.g. executive, road warrior, etc.) and security posture (effectively meeting the organization’s security policy).

Many organizations find that the limiting endpoint security to just the device’s patch level and anti-virus software is not comprehensive enough. More mature endpoint security products, such as Safe Access, for a wide range of security checks beyond patch levels and anti-virus. A mature solution must check for peer-to-peer software, security settings in the browser, applications and operating system, and pro-actively test for egregious Trojans, worms and virus’. Just because the endpoint is running anti-virus software, you never know when a user may have disabled it before connecting to the network.

How businesses can ensure endpoint security?

1.Architect you endpoint security solution around mature technologies that can work with your existing switching, routing, DHCP and VPN technologies as well as support standards such as 802.1X that are gaining support at the core routing infrastructure.

2.Leverage true agent-less technologies that avoid the pitfalls and limitations of heavy client or agent-based approaches. Better yet, select a technology that offers multiple options; agent-less, ActiveX and agents.

3.Solutions exist today that can leverage your existing infrastructure and don’t require a full infrastructure refresh or waiting for a new generation or products as well as prepare you for standards such as 802.1X.

4.Extensibility is essential; security patches and anti-virus checks only meet baseline requirements. A robust solution must extend into application and browser security, enforces security standards, and proactively test for the presence of infectious worms and Trojans.

In your opinion, how do you see endpoint security in the next five years?

Endpoint security, like all technology, will evolve to accommodate newer market needs. As the proliferation of wireless devices continues, the need to secure these devices will grow which will help drive increased need for endpoint security solutions.

Many organizations will shy away from heavy agent based testing solutions and opt for a more flexible agent-less solution to accommodate the wireless age. Along with this trend, we expect to see more organizations implementing a layered endpoint security solution that will automatically integrate with other security solutions such as vulnerability management and intrusion detection/prevention.

Mitchell Ashley is CTO and VP of Customer Experience at StillSecure where he is responsible for the product strategy and development of the StillSecure suite of network security products. He has more than 20 years of industry experience holding leading positions in data networking, network security, and software product and services development. A graduate of the University of Nebraska at Kearney, Mitchell holds a Bachelor of Science degree in Computer Science and Business Administration.