The commoditization of endpoint security software seems to indicate that security solution providers' days of selling high volumes of security suites are a distant memory. Fortunately new sales opportunities are cropping up in endpoint security, specifically in the area of change control technology.
Customers often struggle to deploy and manage complex security updates and patches within the time frames stipulated by regulatory compliance guidelines, such as the Payment Card Industry Data Security Standard (PCI DSS). Consequently, this challenge has caused many organizations to re-evaluate their patching practices in order to optimize management processes and procedures.
Unfortunately, some enterprises find they must forego adequate patch testing to comply with the rushed deployment cycles mandated by PCI DSS and other regulations. That can be a dangerous mistake; lax patch-testing processes can not only lead to platform and application compatibility problems, but fixing those problems can also require a lot more time and effort than would have been necessary had the patches been properly vetted in the first place.
Ultimately, as security threats evolve, the tools and processes used to protect users, devices and data must follow suit in order to assure the best possible position against threats. That's where change control and change management come in.
Before delving into the merits of both types of security tools, it's important to differentiate between the two. Change management utilities facilitate the monitoring, administration and tracking of configuration settings to workstations, servers and transport hardware (including routers, firewalls and security hardware). These are valuable for not only their ability to facilitate administration, but also for the role they play in assuring compliance and ultimately security.
Change control technology, on the other hand, provides a platform for developing change policies and a means to control authorized changes to device configurations, software and operating systems. So, unlike change management tools that will monitor and administer device, application or OS configuration changes, change control affords the ability to protect intelligent devices from unauthorized changes to their configurations, operating systems, or any software operating on these devices.
By monitoring the operational state of a device, change control technology is able to evaluate the actions of suspect or untrusted applications, and invoke execution restrictions to eliminate the threat to the host operating system, hardware configurations and system and data files. This approach inverts the traditional security model by defining and prohibiting unauthorized actions from being executed, instead of the usual process of identifying the source of the threat, and then applying specific security actions, which is how most security suites function.
By focusing on prohibiting the execution of unauthorized actions, change control tools can lead to a more secure customer environment by delivering real-time protection from zero-day threats due to malware, viruses or system vulnerabilities. With the addition of non-signature based real-time threat correlation and response technology, any required patches and security updates can be deployed in a comfortable time frame while maintaining full security and respecting compliance objectives.
Essentially, change control technology affords clients the next generation of protection for endpoints, handheld devices, security appliances and transport hardware.
The importance of change management is exemplified by McAfee Inc.'s recent acquisition of the change management and control company Solidcore Systems Inc. This acquisition may seem counter to McAfee's efforts to sell the very security suites upon which it has built its reputation. Yet the move is not surprising when one considers that the addition of change control technologies allows McAfee to address its enterprise client's growing need for better zero-day protection from a comprehensive endpoint security technology built on a smaller resource footprint.
Sunbelt Software Inc., the silent giant of the antimalware market, has taken a different approach to adding change control features to their enterprise technology. In Sunbelt's Vipre Enterprise security suite, it addresses the challenge of inhibiting malicious code by using embedded lightweight Windows virtualization tools to monitor and control the resulting behavior of suspect code before permitting execution of suspect code in the operational environment.
As the market becomes more familiar with the value of change control technology, sales opportunities will come from customers who are tired of heavy security suites, and losing patience managing their current security environments. The current challenge at hand is educating customers about the significant values provided by this technology.
About the author
Ryk Edelstein has been actively involved in the IT industry since the early 80's, and is the founder and a partner at Converge Net Inc., a Montreal-based Solution provider specializing in establishing secure end efficient data communication networks. Employing a unique and highly effective approach of applying packet level traffic analysis to rapidly identify the root cause of complex IT and regulatory compliance challenges, Ryk has guided Converge Net to the become the respected solution provider that it is today.