Vendor interest grows in endpoint compliance

Perhaps as an acknowledgement that network perimeter security systems are no longer as effective at stopping attacks as they once were, vendors are paying more attention to offering endpoint compliance systems as a way to mitigate worm damage.

Cisco Systems Inc got into the game two weeks ago by announcing the 2004 availability of new Trust Agent software and partnerships with three of the largest anti-virus software vendors – Symantec Corp, Network Associates Inc and Trend Micro Inc.

The announcement, made by the CEOs of all four companies, was done with enough fanfare that it was easy to overlook the fact that a number of other companies, such as Zone Labs Inc and Sygate Technologies Inc, have offered the same for some time.

And yesterday NAI itself announced forthcoming upgrades, available in January next year, to its McAfee ePolicy Orchestrator software that increases its ability to enforce endpoint policy compliance.

NAI said the new System Compliance Profiler component checks for patches on Windows systems, reporting to the ePO console so administrators can enforce security policies across all desktops. ePO was originally designed to manage anti-virus.

NAI is participating in Cisco’s Network Admission Control initiative – a program under which Cisco’s Trust Agent policy compliance agent can draw state information such as signature freshness from anti-virus software.

Under Cisco’s system, routers and switches can be configured to automatically block or quarantine traffic from endpoints that do not adhere to security policies described in its Radius policy server.

Existing endpoint security players, such as Zone, which has sold its Integrity compliance offering for almost two years, say their software does all this, including the integration with anti-virus software, already.

Zone’s VP of marketing Fred Feldman said the company is not overly concerned about Cisco encroaching on its territory, however. Cisco’s is not necessarily a competing product – it’s for their hardware, he said. Integrity works in mixed environments.

Feldman said Zone’s offering uses standards including 802.1X (the authentication protocol, not the wireless protocols) and Extensible Authentication Protocol to allow endpoints to talk to compatible kit from multiple vendors, including Cisco’s.

This article is based on material originally produced by ComputerWire.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing