Integrity Anti-Spyware provides centralized management of anti-spyware security policies.
|
Combating the Threat of Spyware Until a few years ago, the term spyware was usually used in the context of the equipment possessed by the likes of James Bond. However, all that changed in early 2000 when a press release by Zone Labs founder Gregor Freund describing the ZoneAlarm Personal Firewall used the term. Since then, users in the IT world have come to understand it in its current sense. This latest category of malicious code uses any number of ways to gain access to an unsuspecting user's PC. Social engineering, deception, piggybacking, tricking the user, and even IM are only some of the ways spyware gets on to corporate machines. However it gets there, spyware has spilled over into the enterprise, becoming a potent threat. Spyware is not the same as viruses or worms in the sense that it usually does not replicate itself. However, like viruses and worms, spyware is designed to exploit vulnerabilities without the user's knowledge or consent. Profit is now a central reason for spyware. With its ability to transmit data from a host to the Internet and allow remote access into the corporate network, confidential documents and customer data are ripe for the picking by hackers. More troubling, data stolen or remote access made into the enterprise network is often encrypted. Attempts to use perimeter filters to control unauthorized data being sent may not be able to decipher this encrypted traffic. Spyware also has the ability to bring in and install additional malicious software onto a host without consent. Trying to estimate the cost of spyware can be less than an exact science, but Hewlett Packard (HP) makes a conservative estimate that spyware costs businesses $138 per incident. These costs include things such as lost productivity, loss of potential sales, possible loss of intellectual capital, network security breaches, and the immediate cost of having a technician clean the infected machine. Multiply that by the National Cyber Security Alliance's finding that eight out of every ten PCs are infected with spyware and you begin to see how much this costs an enterprise. Beyond acknowledging the threat of spyware, it is imperative to understand the nature of the spyware threat as it pertains to the enterprise environment. Stopping Spyware To combat spyware proactively requires a strong defense on every endpoint-both desktops and laptops-to account for the many ways that spyware enters and threatens the enterprise. By blocking unauthorized communications in and out of the PC, it keeps any existing spyware from sending out confidential enterprise data or acting as a rogue server allowing unauthorized remote access to the internal network. Then, spyware needs to be removed, if possible, or quarantined at the least. A key aspect of this process is anti-spyware client protection that prevents client tampering by spyware or users attempting to disrupt the anti-spyware software. And finally, to stay ahead of the growing universe of spyware, anti-spyware software needs to enforce regular spyware scans and automatically obtain engine and definition updates. For enterprise environments, central management and consolidated reporting are additional requirements to successfully stop spyware. Administrators use a centralized management console to develop and deploy anti-spyware policies and to access consolidated reporting for a coordinated response across all endpoint PCs. The Solution: Check Point Integrity Check Point Integrity™ Anti-Spyware stops spyware and ensures continuous improvement of security practices. As an integrated module of the core Integrity endpoint security product, Integrity Anti-Spyware can be deployed without the need to install a separate client. The anti-spyware capabilities in the unified Integrity client are centrally managed from the Integrity server console. Administrator-scheduled spyware scans take place in the background, transparent to users so as to not impact their productivity. Anti-Spyware then removes or quarantines any spyware found on the PC. The Integrity client protects itself from any user or spyware tampering and ensures that scans take place on the PC. Administrators can also specify spyware scan levels ranging from quick searches of common locations for spyware to in-depth searches of the entire PC for any spyware traces. Keeping anti-spyware ahead of the latest threats is critical for adequate security. Both Integrity servers and Integrity clients can be configured to automatically contact the SmartDefense™ Anti-Spyware Service on a regular basis to obtain the most recent definitions. These definitions are the result of original spyware research conducted by Check Point Security Services as well as real-time data from the Zone Labs® DefenseNet community consisting of millions of ZoneAlarm® users. Finally, the complete Integrity endpoint security solution gives administrators control over the endpoints' access into the enterprise network. Integrity verifies endpoints comply with security policies - running up-to-date antivirus, anti-spyware, a personal firewall, having patches installed, and fulfilling other requirements - before network access is granted. Unsecured PCs are quarantined and automatically brought back into compliance. Then, by blocking unauthorized communications, Integrity establishes the secure beachhead neutralizing spyware. After automatic scans remove the spyware, the Integrity client reports back to the central management console allowing administrators to analyze overall anti-spyware security and adjust user education or corporate policy if spyware continues to be found. Steps to Secure the Enterprise from Spyware:
|
