Eliminating Unauthorized Software – Plugging the Holes in Your Endpoint Security
April 13, 2009 Leave a comment
This is the fifth and final in a series of how Triumfant helps plug the holes in your endpoint security defense-in-depth strategy. In this entry I will address eliminating unauthorized software – making sure that endpoint machines are free from software that can cause vulnerabilities and cause interruptions of service.
As personal computers became a fixture in the workplace, employees began to take liberties with using these machines for personal use. What started as small steps has now grown significantly, with the amount of personal usage programs sometimes exceeding the applications for business use. While this usage is often benign, it can cause significant problems:
- Some applications can introduce significant vulnerabilities to endpoint machines. For example, the peer-to-peer programs used for music sharing and gaming have been tied to a multitude of breaches, the most notable recent case being the breach of the Marine One plans.
- The use of business machines for personal finances may expose personally identifiable information if that machine were breached.
- Multiple applications may have the cumulative effect of causing other required programs to not run properly. This gives the IT support staff an incredible headache, as managing infinite permutations of application combinations is simply impossible.
The growth of unauthorized software on endpoint machines is not trivial. I cannot tell you the number of times we go to an organization to do an install, and find literally thousands of programs. As we are fond of saying: you don’t know what you don’t know. In one case the customer expected to find 150 to 200 applications, and the first inventory found over 9,000. Organizations expend countless millions in administrative functions to control this software and respond to the problems that result.
Triumfant excels at controlling unauthorized applications, and policies can be readily and easily created that combine whitelist and blacklist techniques to control what can and cannot exist on endpoint machines. Unauthorized applications can be removed automatically with a one-touch confirmation by the administrator. The policies are highly flexible, meaning that you can perform the operations with or without notification to the user, and tailor the policies to apply different rules to specific groups. Because unauthorized software may be a veiled attempt at bringing a malicious payload onto an endpoint machine, Triumfant synthesizes a custom remediation to remove the software instead of simply using the uninstall script. This ensures that everything added to the machine by the unauthorized software has been removed. Triumfant customers start every day knowing that every machine is free of unauthorized software – at least until users start the daily process of adding new applications.
We perform this role for the U.S. Army Information Management Support Center (IMCEN), which uses Triumfant Resolution Manager to control non-compliant software. IMCEN has deployed over 12,000 desktops and tells us that they achieve estimated savings of approximately $8 per desktop, per month.
While it is not as high profile and glamorous as battling exotic malware such as Conficker, controlling unauthorized software on endpoint machines is an important part of any security strategy. Triumfant performs this task without the need for human intervention, providing organizations the functionality they require without the labor costs.