Server-centric security is 'obsolete', says BigFix

The security vendor urges companies to secure endpoint nodes using local agents, and not rely on centralized processing and reporting at servers.

Companies are not getting the real-time reporting coverage they require to manage vulnerabilities in their network, says security vendor BigFix.

One of the pressing security issues businesses face today is the faster rate at which a vulnerability is exploited, noted George Billman, vice president of business development at BigFix, a U.S.-based player in the security configuration management space.

According to Billman, a server-centric approach that uses a central system to analyze and manage vulnerabilities across multiple networks can result in bottlenecks during data processing. In addition, companies will need to purchase expensive and large-capacity servers to compute results from network-wide scans, he said.

Having an endpoint-centric security approach where software tools are installed in the PC to monitor and enforce security or workplace policies, not only reduce hardware and bandwidth requirements but also the time taken to contain threats, he explained. Such an approach minimizes risk and cost for companies, Billman said, rendering server-centric security "obsolete".

Ashley Wearne, McAfee's vice president for marketing and integrated solution sales, agreed: "Today, thieves realize we keep more of our valuable data on PCs, laptops, handhelds and phones--the endpoints on networks.

"Endpoint security is therefore where the emphasis is needed," he told ZDNet Asia, in an e-mail interview.

"The problem with a server-centric approach is that you have to keep your software patched," Wearne said, noting that this becomes a very costly and reactive exercise when a company has many devices and patches to manage.

"By using endpoint security you effectively set up control points that restrict who can access your network and server," he said, adding that companies can implement NAC (network access control) to administer who has access to what. For instance, they can send non-compliant devices into quarantine to be "repaired", or enforce devices to be updated with the latest security patches before the user is given access to the network.

Gerry Chng, manager for technology and security risk services at consulting firm, Ernst & Young, agreed that security solutions are increasingly reaching out to the endpoints, driven by the demands of a progressively mobile workforce.

"Companies are naturally taking a stance toward extending their protection to the endpoint to protect [mobile] devices that may be connecting back to the trusted core from an insecure location," Chng said.

However, he pointed out that server-centric security products "are still required" in any good and in-depth defense mechanism.

BigFix's Billman noted that companies, particularly those in Asia, look integrated security solutions to protect their endpoint devices, rather than individual applications which target specific security problems.

To capitalize on this, he said that BigFix added antispyware and asset tracking components to its lineup of products last year. The company hopes to introduce new features such as intrusion prevention capabilities and fine-grain control of USB tokens, to its product suite by the second half of 2006, said Billman.

The company, he added, sees the Asia-Pacific region as a "very important growth market" due to the high penetration of mobile PCs and handhelds. China, Korea and Southeast Asia are key markets for BigFix, said Billman.