As we saw in today’s announcement about the numerous flaws in Symantec and Norton products that allow vulnerabilities, exploits that can be run across your IT environment in a privileged context could cause extreme havoc. This is a great thing to think through as you are protecting your organization against possible security risks.
In this event, we have to consider how to quickly protect endpoints. You certainly need to update servers exposed to the internet for your mobile workforce because when speed is of essence, you cannot wait for users to come into the office. You also do not want to wait for your management agent to be online so you can push a software update. Automatic updates where your users will automatically download the software from an edge gateway is an awesome strategy that just requires an internet connection. Layering additional security controls also helps to mitigate risk of a single exposure in your environment that has a wide deployment.
In this case, anti-virus software – which is probably installed in 500 of the Fortune 500, and is likely part of your protection toolkit against malicious threats – is a threat angle itself.
In my view, having anti-virus software is just one of the tools in your layered security strategy. Looking at ways to protect yourself from this type of threat, you have many different strategies to consider:
- Email security – remove the risk of these threats being impactful as soon as a signature is available.
- Web security – remove the risk of these threats as sites are classified and as soon as signatures are available.
- Advanced firewall – block outbound traffic, inbound patterns, or other signatures from application aware firewalls.
- Least privilege – remove the rights of applications and users to install/update system files because they will have not come from a trusted source.
- Integrity monitoring – block or notice changes to critical files that could indicate a compromised system.
