Ask the Expert: Securing and Managing Your Endpoints

Kevin Murray, Senior Director of Product Marketing, Symantec Corporation
The IT threat landscape has changed dramatically over the past few years. While yesterday’s attacks were meant simply to make headlines, today’s attacks have become more sophisticated and stealthy, targeting specific organizations to reap financial gain.
Although antivirus, antispyware and other signature-based protection measures were sufficient to protect organizations in the past, small businesses now need proactive endpoint security measures that can protect against zero-day attacks and even unknown threats. They also need to take a structured approach to endpoint security, implementing a comprehensive solution that not only protects from threats on all levels but also provides interoperability, seamless implementation and centralized management.
What is an endpoint?
An endpoint is a server, desktop, laptop or notebook computer that connects to the corporate network.
Why should endpoints be protected?
Small to mid-size businesses (SMB) today face a threat landscape that involves stealthy, targeted and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving SMBs vulnerable to data theft and manipulation, disruption of business-critical services and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, SMBs must advance their endpoint protection.
Additionally, employees can pose a threat to the company. Whether intentionally or unintentionally, employees can introduce malicious applications onto the network through daily work habits.

How have endpoints traditionally been protected and managed?
While IT managers understand the importance of endpoint protection technologies, this often translates into making sure each endpoint has installed on it an antivirus, antispyware, desktop firewall, intrusion prevention device control, and application control technology. Deploying these security products individually on each endpoint is not only time-consuming but it also increases IT complexity and costs. SMBs then need to provide management, training and support for a variety of different endpoint security solutions, which often compete for the same system resources. This can lead to degradation in system performance due to high resource consumption.
How does endpoint protection differ from antivirus or antispyware?
Antivirus and antispyware solutions generally employ traditional scan-based technologies to identify viruses, worms, Trojans, spyware and other malware on an endpoint device. Typical antivirus and antispyware solutions detect these threats by searching the system for files that match characteristics, or threat signatures, of a known threat. Once malware is detected on the system, the security application will seek to delete or quarantine malicious code, to neutralize the threat.
The quality and level of protection provided by today’s antivirus and antispyware solutions varies. The most advanced solutions provide high levels of real-time protection against polymorphic threats and complex viruses as well as superior rootkit detection and removal. Good endpoint protection solutions are compatible with a variety of operating systems and should be interoperable with other essential endpoint security technologies.
What are some best practices that SMBs can implement to protect their endpoints?
A more holistic approach to endpoint protection has emerged today. This next-generation approach combines essential security technologies to proactively deliver a significantly higher level of protection against known and unknown threats, including viruses, worms, Trojans, spyware, adware, rootkits and zero-day attacks. The approach combines antivirus, antispyware and firewall with advanced proactive protection technologies in a single deployable agent that can be administered from a central management console. To ensure flexibility, administrators can easily disable or enable any of the technologies based on their organization’s particular needs.
What can endpoint protection and management offer small businesses?
The new, next-generation approach to endpoint protection and management significantly lowers risk and increases confidence that business assets are protected. It also reduces administrative overhead and costs associated with managing multiple endpoint security products by providing this protection in a single agent that is administered via a single management console. This simplifies endpoint security management and provides operational efficiencies such as one-click software and policy updates, unified and central reporting, and a single licensing and maintenance program.
What is network threat protection?
Network threat protection on endpoints is critical to protect from blended threats and to inhibit outbreaks. To be effective, it must also include a firewall that not only blocks internal network attacks from breaching any endpoint connected to the network but also prevents these threats from ever leaving an infected endpoint. Network threat protection must also include vulnerability-based intrusion prevention that can use one generic signature to block hundreds of potential variants or exploits.
What is proactive threat protection?
Proactive threat protection technologies are non-signature-based technologies that address the growing number of unknown threats used in stealth attacks. These heuristics-based technologies automatically analyze application behavior to accurately detect threats while avoiding generating false positives. Proactive threat protection also incorporates device and application control capabilities that allow administrators to deny specific device and application activities deemed as high risk, such as file sharing or peer-to-peer system activities.
What can SMBs do to educate employees on protecting themselves and the company from threats?
As the threat landscape has continued to evolve, one of the primary risks to businesses of all sizes is the loss of sensitive or confidential information. In addition to utilizing proactive security technologies that help prevent both known and unknown threats from stealing sensitive information, SMBs should focus on educating employees about current threats, how to handle sensitive information and how to help protect valuable business assets.
What should SMBs be thinking about when implementing a holistic endpoint approach?
When implementing a holistic endpoint protection system, SMBs should consider an integrated approach that includes endpoint security, systems management, and backup and recovery. By integrating these functions, SMBs can streamline resources and reduce costs associated with disparate endpoint products while better protecting their information and ensuring its availability when needed.
Kevin Murray serves as Senior Director of Product Marketing at Symantec and is responsible for worldwide go-to-market planning and outbound marketing programs for Symantec’s Endpoint Security & Management products group.