Dollars and Sense Security
Preston Panza and Mike Messick of Colorado Capital Bank in Castle Rock, Colo., knew they were spending too much money on security software, but it wasn’t until they upgraded the bank’s Symantec software earlier this year that they finally did something about it.
“We realized we were using three different software packages from three different vendors: one for antivirus, one for spyware and a third to secure endpoint devices,” says Panza, systems engineer for the bank, which manages 5,000 accounts among its depositors and wealth management clients. “Each package also had its own contract renewal date,” he adds. “It was very expensive and highly inefficient.”
Colorado Capital’s solution was to deploy Symantec Multi-tier Protection, a software suite that delivers all three capabilities.
Messick, the bank’s vice president of information technology, says by saving money on maintenance agreements and consolidating software contracts, the new Symantec security suite will pay for itself within a year.
Both Panza and Messick also like that the Symantec suite has scripting features they can use to set automated installs. The software can also be programmed to generate reports when a machine does not meet the specific requirements set by the bank.
“We also get full reports every week that detail which machines were infected and which machines were cleaned,” says Panza. “Under the old system, we didn’t have any meaningful reporting,” he says.
Software suites like the one offered by Symantec are becoming popular among SMBs and other companies looking to consolidate all the security software they’ve accumulated over the years. Along with Symantec, other major security vendors such as Kaspersky Lab, McAfee and Trend Micro all offer endpoint suites.
“The bottom line is that companies don’t want a point software solution for every new security threat that comes along,” says Peter Firstbrook, a Gartner security analyst.
Firstbrook says the security industry has matured, which means it’s much less likely for a point product, such as antispyware software, to come along to solve a new threat. New security software is more likely to be bundled into a software suite.
Firstbrook says another factor that has IT managers looking more closely at total endpoint protection is that more companies rely on mobile workers, most of whom use notebook computers and typically work on more than one network when they travel on business.
“It’s not as easy today to lock down the corporate network,” says Firstbrook. “One nice feature many of these new suites have is that they can alert the IT staff when something goes wrong when a PC comes back into the network.”
The management features are important to Michael Draeger, senior field support representative for Silgan Containers. Draeger manages the Oconomowoc, Wis., data center for the California-based container company.
While he appreciates that the Trend Micro suite helped him consolidate vendors and software licenses, what Draeger likes best is that the management features give him greater control of the network. He says the company saves thousands of dollars on travel because he can manage security from a central location, a very important feature for a company that has 39 manufacturing locations around the country.
“I can sit here in Wisconsin and manage a server in Paris, Texas,” Draeger says.
“In the past, if we wanted to do security upgrades, we had to do it onsite. I either had to fly or drive,” he explains. “Now I can observe all the pattern files and do upgrades right from my desk.”
Draeger says the reporting tools are also excellent. The system lets him know which machine is out of date, offline or infected and also if and when a computer has been cleaned.
Chad Carr, network administrator for Heartland Bank and Trust in Bloomington, Ill., says the management features were a big reason the company opted for Kaspersky Enterprise Space Security to consolidate its antivirus and spyware software.
“Before, everything was controlled on each individual computer,” explains Carr. “Now, I can do all the updates from one central location,” he says, adding that he can now install new security software at his own convenience, in the middle of the workday or at night after business hours.
Carr says another big advantage is that all the real-time monitoring is now done centrally. He also has more information than ever before about all his PCs, including the version of the operating system, the name of the machine and its IP address.
The management features are important, but some IT managers say security suites simply help them get organized.
Greg Ellison, IT manager at Gilligan Oil, a convenience store chain based in Cincinnati, says a few years ago, through acquisitions, the company jumped from nine stores to 40 in a very short time.
Ellison says before the company absorbed the new stores, all the computers were standalone machines with different antivirus software packages.
“I was a district manager and the company put me into the IT position, primarily to organize the IT and consolidate all the security programs,” explains Ellison, who says that now all the stores have Digital Subscriber Line connections and have been standardized on McAfee’s Total Protection Service.
Before, Ellison would have had to go out to every site and inspect every computer. “Now I can look at 72 computers from a central location and know they are protected and when the software license expires,” he says. “In the past, I wouldn’t have even known if a license expired — I would have no idea.”
Gartner offers five recommendations to IT managers trying to sort out endpoint security:
- Phase out point products for antivirus, antispyware, host-based intrusion prevention systems and personal firewalls.
- Ask which host-based intrusion prevention systems (HIPS) techniques are included in any base antivirus client you are considering and ask to see the vendor’s road map for the client.
- Consider the needs of data leak prevention projects separately from endpoint protection. The ability to simplify client-side agents with a common management framework is an advantage, but has minor significance when selecting a DLP solution.
- Companies that have not already embarked on a full-disk encryption program for mobile clients should do so for notebooks with sensitive data.
- Resist vendor packaging that includes gateway protection with endpoint protection. Focus on client and server as one domain and gateways as a separate domain.