Re: End Point Security - relying on one vendor's product a weakness in itself?

["Albert R. Campa" <abcampa () gmail com>]

When it comes to an Agent on the server or desktop, I would say better
1 agent that runs FW, HIPS, Buffer overflow protection, AV than 2
different agents that may or may not conflict with eachother.

I agree though on diversity on the network IPS/IDS protection, maybe
one vendor is better than the other.

Saludos

Albert

On 5 Mar 2008 18:47:02 -0000,  <krymson () gmail com> wrote:
> If you have 50,000 workstations all running Windows XP, for instance, you're already pretty homogenous. One vuln in 
> Windows and they're all vulnerable. :)
>
>
>  In that case, it might not add significant risk to go with one product to rule them all. You could try to say there 
> is added security value in running multiple products at different levels (AV on the desktop and some other AV on the 
> gateway), but I'm not sure here is really good difference in most products. An IDS might be a better place to 
> diversify, HIDS vs NIDS, plus different NIDS at different places in your network (DMZ<->internet and private<->DMZ, 
> e.g.).
>
>
>  This really comes down to the total value this will give you, above and beyond just the security value. Will your 
> staff save time learning multiple pieces of a similar look-and-feel product? Will you avoid possible 
> incompatibilities between other products that result in lots of homegrown glue to make work? Can one reporting engine 
> pull and correlate all these products into nice, pretty reports? All of this is value to the IT/security department 
> and thus the company.
>
>
>  Will the value of a consistent, predictable, and centrally controllable environment be more valuable than the risk 
> of that product having some fundamental flaw later on? Perhaps.
>
>
>  Thankfully there are some examples of these issues. Symantec has had at least one agent-based vulnerability in the 
> past couple years. Symantec and McAfee have also released buggy signatures that either misreported benign files as 
> malicious or threw false alarms when web browsing. Run through the scenario and see how much pain that might cause 
> you. (Yup, it can be a lot!)
>
>
>  I can only ask questions and give thoughts, but I really think this ends up being a question whose answer only lies 
> with the company constituents themselves. Yes, some people will deride you for being homogenous with an all-in-one 
> product that may not be the best-of-breed in any individual space and could leave you open to attack. But there are 
> also people who realize there is value in standardizing and efficiency of operations and that value can outweigh 
> security concerns.
>
>
>  In the end, companies are economic entities, despite how much we sec geeks might want as much security as we can 
> possibly get away with.
>
>
>
>
>  <- snip ->
>
>
>
>  Our company is looking into using one vendor's product to manage our
>
>  workstations end-point security which consists of:
>
>
>  Antivirus/Spyware
>
>  Managed Firewall
>
>  IPS
>
>  Application Control
>
>  Buffer Overflow
>
>  Device Control (USB, PDA, Phones etc..)
>
>
>  My understanding with the layered security/defense in depth principle,
>
>  it would be foolish to go with one vendor's product as this creates
>
>  one point of failure. If this product has a software vulnerability,
>
>  then the security of the workstations (and specifically the attack
>
>  vectors which the product is protecting) will be in jeopardy. There
>
>  is no redundancy, its all or nothing so to speak.
>
>
>  Its like buying a Multifunctional Printer - if the fax or scanner
>
>  function breaks down, the whole device needs to be sent in for repairs
>
>  then you cant print. Or if you buy the brand new Apple Time Capsule
>
>  for your backups, and the hard disk breaks down, you then need to send
>
>  the device to get repairs and would be out of WIFI for the duration of
>
>  the repair.
>
>
>  What do you folks think regarding the advantages/disadvantages with
>
>  depending on one vendors product for your Windows workstation security
>
>  in a global corporate (~50,000 seats) from a technical perspective?
>
>
>  I guess a balance needs to be met with the risks with putting all our
>
>  eggs into one vendors basket verses cost.