There are many things to consider when looking at an efficient and effective endpoint security solution: single lightweight client, multiple layers of protection, integrated system security and data protection, system and data access control, system and data usage control… One of the most important aspects, however, actually crosses each and every one of these – the ability to dynamically control the policy for each user of each system based on the risk they face due to the situation they are in. Centralized, dynamic policy enforcement is the centerpiece of the future of endpoint security.

Review the following scenarios – can your existing endpoint security solution deliver the right protections – uniquely modified to match your specific business operations? Consider the fact that StormShield.

Situation:
An authorized Active Directory user logs in to their company-provisioned desktop that is physically wired to the corporate network, contains all of the expected Windows updates, and has the proper security and business applications installed and running. 

Response: Apply the “Healthy – Inside Use” policy and allow the employee to access the resources (systems and data) available to them both on the network and locally on the desktop.

Situation:
An authorized Active Directory user logs in to their company-provisioned laptop that is connected to an unsecured wireless access point, is missing the latest Windows updates, has disabled a corporate-required security application and is running a non-approved instant messaging application.

Response:
Step 1: Apply the “Unhealthy – Outside Use” policy and allow the employee to access only the resources required to update and remediate the system (semi-lock the system down). Then, auto-remediate to bring the system back to the required state of health (run Windows Update, re-enable the security application, and kill the unapproved instant messaging application process(es).
Step 2: Once remediated, apply the “Healthy – Outside Use” policy which then forces the launching of the SSL VPN to ensure that all internet communications travel through the corporate network. Only when the VPN is established will the internal AND local business applications be available to the user. At the same time, control the use of the system to prevent the copy of restricted content via file transfers through email, web, and USB copies, disable the copy/paste function, etc.

Situation:
A corporate-provisioned laptop is stolen at the airport. The thief stole it with the authorized user logged in already, so the thief has access under the authorized user’s credentials. The thief is attempting to launch additional business applications, such as Outlook, SalesForce, and Reuters IM. Multiple failed logins of these applications trigger the state of theft.

Response:
Step 1: Apply the “Unauthorized Use” policy and completely lock down the system to prevent any access to local applications/data as well as any corporate resources via the internet – this would include blocking all network connections and ports, with the exception of a single network/port that would be used for recovery); all input/output devices such as USB ports, CD writers, Bluetooth, keyboard, and mouse; all applications from being installed or launched. Then, shut down the machine and prevent any future login attempts until the machine connects to the pre-defined network/port.
Step 2: Once the machine physically connects to the pre-defined network/port, allow the StormShield administrator to apply the “Recovery” policy that unlocks the system for purposes of recovery. In this instance, the system is quarantined until it can be verified clean and healthy, then a backup of the data can be performed.

Certainly, the situations could be slightly different and the response defined to match your specific organizational requirements. This is the amazing benefit of StormShield. Matt Sarrel, reviewer for eWeek Magazine, captures it best when he wrote “It is almost infinitely extensible because of its ability to test for multiple conditions and then apply sophisticated remediation techniques.” 

The benefits of StormShield’s customizable Dynamic Policy Enforcement gives organizations:

• Centralized policy definition, deployment, enforcement, auditing, and reporting
• A single place to logically-group security controls, access rules, and remediation instructions
• An endpoint-stored and locally-enforced policy that dynamically change when any of the following occurs at the endpoint:
  • User/group login changes
  • System ID/Role changes
  • System state changes:
    • Network type (wired/wireless)
    • Location (internal/external)
    • Applications/processes running or not
    • I/O ports active/inactive
    • Removable devices connected/disconnected
  • System health changes:
    • Hardware
    • Software
    • Processes
    • Files
    • Patches
    • Registry
    • Vulnerabilities existing
    • Content existing or missing