Zone Labs puts its foot down

Employees routinely flaunt security policies. They install wireless access points, use simple passwords, and download software against your wishes. Zone Labs has taken a smart step toward stopping all that.

Every security pundit at Comdex Fall 2002 stressed the same issue: enforcement.

Companies have strict rules against downloading software, using wireless networks, and password protocols. Meanwhile, employees are downloading programs left and right, setting up wireless access points in boardrooms, and using their dog's name for five different passwords.

"Ninety-eight percent of companies hit by an attack have a policy that would have prevented the attack, but there's been no way of enforcing that," said Gregor Freund, CEO of ZoneLabs, speaking to 200 or so Comdex attendees that crowded into a small conference room for his talk on "endpoint" solutions.

ZoneLabs, a San Francisco-based maker of security software, announced a new product at Comdex, Integrity 2.0, that aims to solve a small piece of the enforcement problem.

Building upon the company's first version of security software to protect remote PCs, Integrity 2.0 has enhanced application control, easier programmability, and, most importantly, something the company calls "cooperative enforcement."

Cooperative enforcement gives the administrator the ability to require that endpoint PCs are protected by firewall and application control defenses as well as other company's anti-virus products. If someone tries to connect remotely without a pre-specified set of security measures--such as the running of McAfee, Symantec, or Trend Micro--the system can block that user from signing on.

Other versions of Integrity have had this capability, but Integrity 2.0 has made it more customizable, and easier to use. Integrity 2.0 lets administrators control policies based on IP addresses, user name, group assignment, or entry point into the network. It also has a new user-friendly interface, whereas the older product required command-line programming.

Symantec makes similar products, but they aren't specifically tailored for remote access, and don't have the customizability that Integrity does. "Other companies use a one-policy-fits-all strategy," said Frederick Felman, vice president of marketing. Felman said the size of Integrity's product is 3MB to 5MB, versus Symantec's 125MB--something that makes remote use unwieldy.

Response among attendees was enthusiastic.

"I think I could really use this to control pirated music," said Steve Martin, an IT instructor at Oklahoma Panhandle State University, addressing his colleague Diane Murphy, chair of the university's CIS department. Murphy was equally excited about the product, and said she planned to add it to the IT curriculum. "I've never seen a management console like this," she added.

But enforcement problems still run rampant in other parts of the enterprise.

"Last year, out of 28,000 network security assessments we did, 96 percent of companies had wireless implementations even though 50 percent of companies had policies strictly prohibiting wireless networking," said Tom Noonan, CEO of Internet Security Systems, speaking at a keynote panel Monday.

Wi-Fi enforcement solution, anyone?

How does your company enforce its security policies? TalkBack below or e-mail us.