Fighting the enemy within

Most attacks on corporate networks – up to 60 per cent – come from within the enterprise, an industry insider says.

“Now we have to prepare for that type of attack,” said Rick Shih, director, integrated network management and managed security for Vancouver-based Telus Corp.

Gone are the days, he said, when the bulk of network attacks were carried out by hackers seeking a bit of fun and excitement. Today, more often than not, these assaults – whether deliberate or unintended – occur from within the perimeter.

According to the Telus executive, many administrators and security professionals are not prepared for this new type of threat to the corporate network, as they focus on attacks coming from the outside.

Telus, he said, has adopted a different approach.

In May, the service provider announced End Point Enforcement, billed as the first product of its kind globally to protect enterprise networks from the inside. “End Point Enforcement is a new line of defence against debilitating worms and viruses,” Shih said.

He explained how the solution works. When users initially plug into the network, he said, they are placed in a quarantined environment before an IP address is associated with their device.

In that environment, he said, a compliancy check verifies users’ identities, whether they have the right anti-virus application, the right patches installed and so on. “If you are okay, it will let you on to the corporate network.”

All of this happens within milliseconds. If some problem is identified, Shih said, the user will be automatically routed to a Web site where they can download the right anti-virus updates and patches before they are allowed onto the network.

Policies can also be set that allow contract workers to access only the Internet and not the corporate network, he said.

Stephen Lawson, vice president of Fox Group Consulting in Markham, Ont. said anything that simplifies and automates the process of protecting internal networks is a good thing.

Often these days, he said people plug mobile devices and laptops into corporate networks without complying with “rules such as this is our standard virus checker; you must have it on at all times.”

He said it’s difficult to constantly police what everyone’s doing. A tool such as End Point Enforcement, he noted, would automate that process by checking everybody’s system as they try to log on.

End Pont is based on Telus’ proprietary ANGEL technology.

Shih said the solution protects networks at Layer Two in contrast to the Layer Three protection offered by other solutions in market, where an IP address is identified before the user is blocked and quarantined. “The trouble with that is once you plug in you can deliver a single packet like the slammer virus.”

Quoting from a Gartner study from 2004, Shih said enterprises that don’t enforce network login by the first quarter of 2005 would experience 200 per cent more network downtime than those that do. “This is what End Point Enforcement does, it enforces network security login,” he said.

As well, the End Point Enforcement solution can help companies be compliant with regulatory issues such as Sarbanes-Oxley.

Telus partnered with Cisco Systems Inc. to help bring the solution to fruition. The technology works with a Cisco switch environment and Shih said one of the major benefits of the End Point Enforcement is it is interoperable with any type of LAN environment.

Related links:

Network security must be proactive, not reactive says Cisco CEO

Human element is ‘weakest link’ in security, experts say

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now