Gartner Blog Network


Improving Your 2011 Security Bang for the Buck Continued

by Neil MacDonald  |  January 6, 2011  |  Comments Off on Improving Your 2011 Security Bang for the Buck Continued

In my previous post, I kicked off 2011 with a recommendation for improving your “security bang for the buck” or quick wins for information security in 2011 – increasing patching breadth and depth.

Here’s a few more to consider in 2011:

  • In a response to this post on the value (or lack thereof) of antivirus technology, one of my blog readers had proposed “disabling autorun” on removable media and I agree.
  • In a response to the reader’s comment above, I added this recommendation: activate the data execution prevention capabilities of your OS and extend this to the applications running on the OS. Windows, Mac OS, and Linux all support this built in capability of Intel and AMD x86 hardware.
  • Shift more users to run with standard user privileges and use the migration to Windows 7 as a catalyst to make this change. I’ve stated this many times over the past year and will continue to do so in 2011.
  • Upgrade to the latest version of the EPP software you use to protect users. In nearly all cases, these upgrades are covered under existing maintenance contracts.
  • Beef up the capabilities of the device between the user and the web. Historically, this was a a proxy device with URL filtering; however, the next-generation of these devices (which we refer to as secure web gateways – SWG) go well beyond this with full antimalware scanning and URL reputation services.
  • Better yet, supplement the on-premises SWG above with cloud-based SWG filtering capabilities for users which are not connected to the enterprise network (and thus aren’t having their traffic filtered with on-premises SWG devices). Most of the leading SWG providers have made acquisitions to provide exactly this capability
  • In addition to patching breadth and depth, make sure you have established secure configuration standards for all machines – desktops, servers and laptops – and are regularly scanning all machines for correct configuration and drift.

All of the above are relatively low cost, but provide a significant improvement in overall security levels without breaking the 2011 budget.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: beyond-anti-virus  cloud-security  endpoint-protection-platform  windows-7  

Tags: best-practices  beyond-anti-virus  cloud-security  endpoint-protection-platform  information-security  lockdown  reducing-cost  security-no-brainer  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.