Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

Security and Software Asset Management: Application Insight Adds New Layer of Network Protection

Posted by

Network security has topped the enterprise IT priority list ever since networked computers hit the mainstream, and for good reason. Today even the smallest network is under threat from botnets, hacking, Trojans, denial of service attacks and information leakage. Malicious or criminal attacks, the most expensive cause of data breaches, are on the rise, and the consequences of poor network protection are harsh.

Breach containment, crisis management, investigations and forensics, customer compensation, damaged system replacements, lawsuits and other penalties add to the financial impact of a security failure. In fact, a Ponemon Institute and Symantec study published in March, 2012 shows a jump in data breaches caused by malicious attacks from 31% in 2010 to 37% in 2011, at an average cost of $222 per record. Negligence accounted for a further 39 percent of reported breaches. Thus, the majority of serious breaches result from failings in a combination of people, process and technology.

The majority of threats originate from within an organization. The US Computer Emergency Response Team (Cert) estimates that almost 40 percent of IT security breaches are perpetrated by insiders, whether malicious or merely careless. The figures are understandable – security technology such as firewalls, content security appliances or desktop programs can’t entirely compensate for people’s ability to deliberately or innocently bypass the rules.

In addition, changes in workplace habits including mobile computing and the use of multiple devices have upped the security ante. Outside the office, employees connect to corporate systems and programs via VPN tunnels or web-based remote access applications, using corporate, personal or even public computers and devices. With so many access methods, the network perimeter remains more porous than IT security managers would like, leading them on a perpetual search for additional protection and monitoring capabilities.

The situation is exacerbated by the rise in employees’ use of their own devices for work, whether authorized or as an under-the-radar aid to productivity. There’s a growing gap between what employees do and what organizations have accommodated into their security and corporate best practices. Research by Information Law LLC from March, 2012 indicates that 31% of companies surveyed had no policy company governing employees’ use of their own devices at work, while the best that a further 26% could say was that they ‘sort of’ did.

The Case for Deeper Software Insight

In addition to securing the network perimeter, corporate desktops and mobile devices, IT departments need the extra layer of insight that comes from being quickly and easily able to monitor the software that users are installing and accessing, and ensure that only authorized individuals are using programs with access to sensitive information.

To this end, software asset management (SAM) tools like Express Software Manager add a valuable weapon to the IT security arsenal. SAM technologies help tackle potential risks from the software inventory and usage perspective, helping IT managers detect, investigate, and halt threats in four major areas:

  • Identifying malicious programs, hacking tools and other unauthorized software
  • Preventing the use of suspicious or malicious applications
  • Examining application usage data to see who was running specific applications when a security breach occurred
  • Identifying and reducing the number of underused software titles so that there are fewer applications to support and patch

Sniffing out resident threats

Unless desktops are completely locked down, it’s all too easy for end users to introduce unauthorized or malicious software programs into the network environment. Many organizations choose to develop and maintain a matrix of authorized software applications to serve as guide for responding to new apps that crop up across the network. Once this baseline has been defined, software inventory reports can be compared to the matrix to reveal the presence of unknown or suspicious installations. Likewise, if administrators know the executable name for a malicious application, they can use Express Software Manager’s discovery capabilities to pinpoint any machine(s) with that program installed.

Stopping suspicious apps in their tracks

Despite the most stringent software usage policies, the widespread use of portable storage and mobile communications devices means that unwelcome software can pop up behind the organization’s firewall at any moment. Shutting down unauthorized programs is therefore a powerful weapon against potential security breaches. The “application control” functionality found in Express Software Manager allows IT managers to prevent the use of programs that are deemed a threat and to remotely shut down certain programs until they have been thoroughly investigated and, if appropriate, added to the application matrix. Application control features can also aid in ensuring that only authorized users can access specific programs.

Lifting the blanket of anonymity

While most applications through which sensitive data can be accessed are protected by authentication controls, SAM solutions can add a further layer of security by providing an instant snapshot, at any time, revealing which employees are running which programs. This information can be especially valuable when investigating known security breaches. By analyzing software usage statistics for applications that facilitate access to the compromised data, IT personnel can identify exactly which machines and users were running those applications during that time frame. For any organization, particularly those subject to regulatory compliance mandates, the ability to retroactively trace the origins of a breach is an especially important capability.

Restoring order to the neighborhood

With new and more sophisticated security threats being reported at increasing rates, IT administrators scramble every day stay on top of the latest vulnerabilities and fixes related to installed software. By analyzing the presence and usage of each installed application, companies can see where they have redundant and/or underutilized titles that are candidates for retirement. With fewer applications to support and patch, IT can significantly reduce the chances that an unknown or unaddressed security vulnerability will lead to catastrophe. Given the fact that Microsoft’s ‘patch Tuesday’ (when fixes to vulnerabilities in Office and other Microsoft programs are published) is a recurring monthly event in the IT calendar, moving toward a more standardized desktop will not only improve an organization’s security posture, but also free up time for IT to work on other important projects.

Information is power. And when it comes to security, information obtained from SAM tools like Express Software Manager reveals where layers of protection can be added to a network to make it safer. If you can know exactly what programs reside on your network, see who is accessing which applications, prevent the use of suspicious software, and identify the source of breaches, your security posture will be immeasurably strengthened.