Six things you should know about network endpoint security

Computerworld -

"We as IT technicians are going about network security the wrong way," says Peter Green, director of IT at Neumont University in South Jordan, Utah.

"We are trying to put a box around our networks, when every night, a large portion of those networks leave the building, and in my case, [during every college vacation], those pieces scatter across 42 states.

You can't put a box around that. Neumont's environment is an extreme example for several reasons:

• The university offers only one undergraduate major -- a bachelor of science degree in computer science -- so its staff and student body are technically very sophisticated and can "circumvent any controls or security we can put in place and install whatever they want," Green says.
• Everybody carries laptops -- Lenovo ThinkPads. "We are completely mobile and wireless," Green says. "During the day, we have a huge network infrastructure, and at night, three-quarters of that network walks out the door."
• Because of the focus on mobility and wireless connectivity, the college has 80 Aruba A-band access points on two floors, connecting 400 laptops to 35 servers, four of them Senforce Technologies Inc. endpoint security and intelligent network access control (INAC) servers, over two networks. "A band works well particularly for classrooms because we can crank the power down to zero and pack a lot of access points into a small area," Green says.
• Students and instructors spend large amounts of time away from campus and take their ThinkPads with them. "If an instructor spends three months in Ireland, who knows what happens to his laptop?"
• The university has a constant stream of visitors, many of them from companies in its enterprise partnership program, which gives students experience working on real projects with professionals. These visitors bring their own laptops on campus and need connectivity to their companies and to the students in their workgroups.
• The university, however, has the same concerns as any other large organization. It wants a standard image across all of its laptops to facilitate maintenance, and "we are dealing with highly sensitive information on our network -- grades, projects for enterprise partners, personal information about students and staff," Green says.

"Our endpoint security discussion started when we got an excited call from our Cisco rep about an acquisition," Green says. "As a result, we had a conversation with Cisco about network access controls that fascinated me. To me, this is the future of the network. It made me realize that we have been looking at security from the wrong perspective."

But, he says, "when we asked about different features, the answer was always, 'We are working on that.' So when Senforce approached us with a fully based solution, we didn't look much further. This is so new that there isn't much out there, and Senforce has endpoint security and INAC together, which is great."