Neil MacDonald

A member of the Gartner Blog Network

Entries Categorized as 'Endpoint Protection Platform'


Does Protecting Desktops Require a Different Vendor/Product than Protecting Servers?

by Neil MacDonald  |  September 29, 2011  |  2 Comments

I’ve made it a point over the past 6 months to ask clients if they are combining their endpoint protection platform contracts across desktops, laptops and servers. In most cases (about 75%), the answer is yes – contracts are being combined in order to reduce complexity and costs. Is protecting a desktop different than a [...]

2 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure     Tags: , , , , , , , ,

The Single Most Important Way to Improve Endpoint Security

by Neil MacDonald  |  August 23, 2011  |  2 Comments

Run more of your Windows users without administrator rights. I’ve talked about this several times before – including here, here and here. While it may not be feasible to remove administrator rights from all users, it is an absolutely achievable goal to continue to improve the percentage of Windows users running without administrator rights year [...]

2 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , ,

Full Drive Encryption is not just for Laptops

by Neil MacDonald  |  August 22, 2011  |  3 Comments

I’ve had two discussions with clients today already on the role of full drive encryption ( FDE technologies such as Microsoft’s BitLocker, McAfee Total Protection, Sophos/Utimaco, Symantec PGP, Check Point, Trend/Mobile Armor etc) for fixed desktops. Full drive encryption should be considered mandatory for laptops and most organizations have implemented this – either with Windows [...]

3 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Windows 7     Tags: , , , ,

Microsoft’s Forefront Endpoint Protection – Is it “Good Enough”?

by Neil MacDonald  |  August 4, 2011  |  Comments Off

Licensing changes for Microsoft’s enterprise endpoint antimalware protection solution that were announced in March at Microsoft’s MMS conference take affect this month. If you are licensed under Microsoft’s Core Client Access License program, it now includes CALs for Forefront Endpoint Protection. For many organizations that are already licensed under Core CAL, this means that FEP [...]

Comments Off

Category: Endpoint Protection Platform Microsoft Microsoft Security Windows 7     Tags: , , , ,

Some Thoughts on RSA SecurID Risk

by Neil MacDonald  |  June 9, 2011  |  1 Comment

On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]

1 Comment »

Category: Application Security Endpoint Protection Platform Information Security     Tags: , , , ,

IT Operations and Security Convergence? Not Really.

by Neil MacDonald  |  May 17, 2011  |  1 Comment

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on [...]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security     Tags: , , , , , , ,

Removing Administrator Rights for Windows Users is not “Lockdown”

by Neil MacDonald  |  May 4, 2011  |  Comments Off

In discussions with clients, I still run into some confusion on whether or not removal of administrator rights constitutes “lockdown”. Perhaps this was the case a few years ago with older Windows applications and Windows XP, but this is not the case today with Windows 7.  For example: Standard users can install and execute well-written [...]

Comments Off

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , , ,

Two Lessons for Information Security from the iPhone and iPad

by Neil MacDonald  |  May 2, 2011  |  3 Comments

Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those [...]

3 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7     Tags: , , , , , ,

Observations from Microsoft’s Management Summit

by Neil MacDonald  |  March 22, 2011  |  Comments Off

I’ve spent the past day and a half attending Microsoft’s Management Summit in Las Vegas. From my perspective the announcement that will affect the most enterprises from a security perspective was a change in licensing related to Forefront. Some history — in 2010, Microsoft reorganized the Server and Tools Business Unit placing the Forefront Endpoint [...]

Comments Off

Category: Cloud Cloud Security Endpoint Protection Platform Microsoft Microsoft Security Next-generation Data Center Virtualization Virtualization Security     Tags: , , , , , , , ,

Yes, Standard Users can Install Software

by Neil MacDonald  |  March 15, 2011  |  Comments Off

The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard [...]

Comments Off

Category: Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , , ,