by Neil MacDonald | January 6, 2011 | Comments Off on Improving Your 2011 Security Bang for the Buck Continued
In my previous post, I kicked off 2011 with a recommendation for improving your “security bang for the buck” or quick wins for information security in 2011 – increasing patching breadth and depth.
Here’s a few more to consider in 2011:
- In a response to this post on the value (or lack thereof) of antivirus technology, one of my blog readers had proposed “disabling autorun” on removable media and I agree.
- In a response to the reader’s comment above, I added this recommendation: activate the data execution prevention capabilities of your OS and extend this to the applications running on the OS. Windows, Mac OS, and Linux all support this built in capability of Intel and AMD x86 hardware.
- Shift more users to run with standard user privileges and use the migration to Windows 7 as a catalyst to make this change. I’ve stated this many times over the past year and will continue to do so in 2011.
- Upgrade to the latest version of the EPP software you use to protect users. In nearly all cases, these upgrades are covered under existing maintenance contracts.
- Beef up the capabilities of the device between the user and the web. Historically, this was a a proxy device with URL filtering; however, the next-generation of these devices (which we refer to as secure web gateways – SWG) go well beyond this with full antimalware scanning and URL reputation services.
- Better yet, supplement the on-premises SWG above with cloud-based SWG filtering capabilities for users which are not connected to the enterprise network (and thus aren’t having their traffic filtered with on-premises SWG devices). Most of the leading SWG providers have made acquisitions to provide exactly this capability
- In addition to patching breadth and depth, make sure you have established secure configuration standards for all machines – desktops, servers and laptops – and are regularly scanning all machines for correct configuration and drift.
All of the above are relatively low cost, but provide a significant improvement in overall security levels without breaking the 2011 budget.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: beyond-anti-virus cloud-security endpoint-protection-platform windows-7
Tags: best-practices beyond-anti-virus cloud-security endpoint-protection-platform information-security lockdown reducing-cost security-no-brainer windows
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.