Security Basics mailing list archives
Re: End Point Security - relying on one vendor's product a weakness in itself?
From: "Albert R. Campa" <abcampa () gmail com>
Date: Wed, 5 Mar 2008 14:44:29 -0600
When it comes to an Agent on the server or desktop, I would say better 1 agent that runs FW, HIPS, Buffer overflow protection, AV than 2 different agents that may or may not conflict with eachother. I agree though on diversity on the network IPS/IDS protection, maybe one vendor is better than the other. Saludos Albert On 5 Mar 2008 18:47:02 -0000, <krymson () gmail com> wrote:
If you have 50,000 workstations all running Windows XP, for instance, you're already pretty homogenous. One vuln in Windows and they're all vulnerable. :) In that case, it might not add significant risk to go with one product to rule them all. You could try to say there is added security value in running multiple products at different levels (AV on the desktop and some other AV on the gateway), but I'm not sure here is really good difference in most products. An IDS might be a better place to diversify, HIDS vs NIDS, plus different NIDS at different places in your network (DMZ<->internet and private<->DMZ, e.g.). This really comes down to the total value this will give you, above and beyond just the security value. Will your staff save time learning multiple pieces of a similar look-and-feel product? Will you avoid possible incompatibilities between other products that result in lots of homegrown glue to make work? Can one reporting engine pull and correlate all these products into nice, pretty reports? All of this is value to the IT/security department and thus the company. Will the value of a consistent, predictable, and centrally controllable environment be more valuable than the risk of that product having some fundamental flaw later on? Perhaps. Thankfully there are some examples of these issues. Symantec has had at least one agent-based vulnerability in the past couple years. Symantec and McAfee have also released buggy signatures that either misreported benign files as malicious or threw false alarms when web browsing. Run through the scenario and see how much pain that might cause you. (Yup, it can be a lot!) I can only ask questions and give thoughts, but I really think this ends up being a question whose answer only lies with the company constituents themselves. Yes, some people will deride you for being homogenous with an all-in-one product that may not be the best-of-breed in any individual space and could leave you open to attack. But there are also people who realize there is value in standardizing and efficiency of operations and that value can outweigh security concerns. In the end, companies are economic entities, despite how much we sec geeks might want as much security as we can possibly get away with. <- snip -> Our company is looking into using one vendor's product to manage our workstations end-point security which consists of: Antivirus/Spyware Managed Firewall IPS Application Control Buffer Overflow Device Control (USB, PDA, Phones etc..) My understanding with the layered security/defense in depth principle, it would be foolish to go with one vendor's product as this creates one point of failure. If this product has a software vulnerability, then the security of the workstations (and specifically the attack vectors which the product is protecting) will be in jeopardy. There is no redundancy, its all or nothing so to speak. Its like buying a Multifunctional Printer - if the fax or scanner function breaks down, the whole device needs to be sent in for repairs then you cant print. Or if you buy the brand new Apple Time Capsule for your backups, and the hard disk breaks down, you then need to send the device to get repairs and would be out of WIFI for the duration of the repair. What do you folks think regarding the advantages/disadvantages with depending on one vendors product for your Windows workstation security in a global corporate (~50,000 seats) from a technical perspective? I guess a balance needs to be met with the risks with putting all our eggs into one vendors basket verses cost.
Current thread:
- End Point Security - relying on one vendor's product a weakness in itself? secrookie () gmail com (Mar 04)
- Re: End Point Security - relying on one vendor's product a weakness in itself? Malcolm Heath (Mar 07)
- RDP and SSL Chris Mitchell (Mar 07)
- <Possible follow-ups>
- Re: End Point Security - relying on one vendor's product a weakness in itself? krymson (Mar 05)
- Re: End Point Security - relying on one vendor's product a weakness in itself? Albert R. Campa (Mar 05)
- Re: End Point Security - relying on one vendor's product a weakness in itself? secrookie () gmail com (Mar 05)
- Re: Re: End Point Security - relying on one vendor's product a weakness in itself? 6us4jxp02 (Mar 06)
- Re: End Point Security - relying on one vendor's product a weakness in itself? Malcolm Heath (Mar 07)