From recent briefings with a number of IT security vendors it would seem that most can now identify any new threat immediately and that at the same time none of them can. This contradiction is down to the “we can, they can’t” mantra that any vendor of any product is bound to use against its competitors. Of course, they can’t all be right; in fact, all who make such claims are wrong.

One thing most are right about is that relying on signatures of known malware to protect their customers has not been enough for a long time now. Signature-based recognition is still an important way to cut down the amount of malware moving around; better that spam-bearing emails are stopped in the cloud than at the desktop. However, many of the IT security threats that businesses face cannot be characterised by a simple digital signature.

Security vendors are also right when they identify one of the biggest risks to their customers as zero-day threats (i.e. new ones that have not been seen before and cannot therefore be recognised by existing signatures). Such threats are becoming more and more common as the tools for writing and distributing malware become more sophisticated. It is now possible to ensure every incidence of a new virus is different enough from its siblings to appear unique compared to any existing signature.

So IT security vendors are rightly focusing more and more on identifying and stopping previously unknown threats and coming up with increasingly clever ways of doing so; the IT security arms race continues apace. Where they overreach themselves is to claim they can spot any new threat. This was brought home to Quocirca recently when a new entrant to the IT security market made such a claim, but then said it has delayed its launch because the rise of WikiLeaks and LulzSec had led it to make further changes to its product. In other words, it has not foreseen some threats that customers may face.
 
No single IT security vendor can spot every existing threat and identify every new one. However, between them they are doing a pretty good job. None of us, businesses or consumers, can rely completely on a single security technology. Even if you believe you have catch-all anti-virus software on your PC, iPad or smartphone, it does not make sense to turn off security at your wireless router or decline spam and malware filtering services from your internet and/or email service provider.
 
Good IT security will always be about multiple layers of protection and using products from a variety of vendors. When well-managed, to ensure all known threat vectors are covered, using various security technologies will maximise the chance of recognising and stopping malware. But, even this is not enough. Other measures should also be in place.
 
For example, organisations should reconsider their security posture; a more open approach to business could mean less worry about protecting intellectual property. Educating employees about their responsibilities with regard to personally identifiable information (PII) and providing regular reminders about this is as important a part of ensuring compliance as any security technology. With IT and data security, belts and braces is the only approach. Beware the vendor who promises all.

Bob Tarzey, Analyst and Director, Quocirca

Quocirca has written a few times about end point management and security recently. There has also been comment on the upgrade of Microsoft’s Forefront security range and its end point management tools. A new Microsoft on-demand service warrants further comment in both areas.
 
Microsoft has released a “simple web-based administration console” for PCs called Intune. It is based on the Windows Update Manager code base and includes elements of Systems Center Configuration Manager (SCCM, Microsoft’s on-premise tool for PC management) and Forefront End Point Protection (FEP). The product has the flexibility to support devices both within and beyond the firewall.
 
Intune takes best practices from SCCM and requires System Centre agents on the target PCs. However, it does not provide all the functionality of SCCM; it cannot be used for operating system/application software distribution and power management and does not have full group policy support (these features may be added in time). Remote assistance, PC monitoring, alerts, updates, inventory management, security settings and malware protection are all supported.
 
When it comes to anti-malware you do not have to use FEP, but Microsoft recommend that you should not run two anti-virus engines at the same time. So you must either replace your existing product with FEP (which is included in the Intune subscription) or just keep your old one. A subscription also includes an upgrade to Windows 7 Enterprise for each PC covered, and that includes BitLocker full disk encryption, although Intune does not provide the capability to manage the enforcement of encryption.
 
If you have SCCM already, Microsoft advises to keep going with that. It sees Intune as a fast entry point for organisations that have no PC management place at present.  The quoted US price is $11 per PC per month (around £7). So when compared to existing costs for buying and maintaining end point protection and encryption, the annual cost is approaching £90 per PC per year.
 
The caveat is of course that Intune works only for Microsoft PCs (running XP, Vista or Windows 7); it does not even cover Windows mobile devices. As businesses have to increasingly manage a diverse range of smartphones, PCs and tablets running a range of operating systems other than Windows, many will see this as limitation.
 
Microsoft muttered about support for iPhones and iPads in the SCCM roadmap, so perhaps this will end up in Intune at some point in future. However, those want a comprehensive management tool that covers all end points both inside and outside the data centre that is available on-demand should look to other vendors such as Kaseya and NTR Global.
 
The freely available Quocirca reports review the use of end-point management:
The Total MSP – using managed service providers for end-point management
Remote IT management – the value of on-demand end-point management services

Bob Tarzey, Analyst and Director, Quocirca