How To

Cheap IT Security? The Tools Were There All Along

Fortunately, there are plenty of cheap tools to ensure a solid defense. Some of these tools have been in the arsenal all along, but you never knew it. (Part four in a series: How to Manage Security in a Recession)

By Bill Brenner, Senior Editor

July 16, 2008

About this series: Smaller staff. Deflated security budgets. In-store thievery. When economic times are tough, these are the things security pros must contend with. In this ongoing series, CSOonline looks at ways to ensure the best security possible during a recession.

Jeremy Moskowitz calls himself the king of free. He's built an entire business around the notion that IT can be done on the cheap without damaging quality or security.

Given the current state of the economy, the self-described "chief propeller head" of IT consultancy Moskowitz, Inc. is finding that his do-it-for-free philosophy is a lot more popular than it was even a year ago, when there was more money to go around and companies were looking to buy top-of-the-line IT products - including the latest and greatest security tools.

With recession on the horizon, security pros in particular are searching for ways to control costs without letting their company defenses crumble in the process.

"Reducing the number of systems that require safeguards and controls means fewer anti-malware licenses, less patch management time, less backup space for recovery, and fewer security tokens"
Security Architect James DeLuccia

Many have found they can maintain strong security with a litany of low-cost or free software programs. But, Moskowitz says, many companies already have all the necessary security muscle without realizing it. And much of it resides in the Microsoft's Active Directory, which is being used by a vast majority of organizations.

"If you want cost effectiveness, you already paid for it. You have the Ferrari, now learn some stunts," he says. For example, he notes, Microsoft's Group Policy has 21 functions to manage access, lock down services and block malware. But most people don't know how use them very well. "That's why I have this job," he says, half-jokingly.

Microsoft security for the taking
Given all the attacks that have targeted Microsoft security holes over the years, some might find Moskowitz's position hard to swallow. Though Microsoft has poured an endless supply of money and manpower into security in the last six years, the bad guys are still finding ways to target the software giant's user base. Just last week Symantec Corp. was sounding the alarm over fresh attacks against a flaw in Microsoft Word.

Though the security challenges continue for the software giant, Moskowitz says it would be silly to discount the variety of ways Group Policy and other features can be used to bolster defenses for free.

One example of a tool waiting to be exploited is Microsoft's Group Policy Preference Extensions (formerly PolicyMaker Standard Edition and PolicyMaker Share Manager by DesktopStandard).

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development