• United States



by Matthew Kovar

Remote End-Point Security Services: Defining a New Market

Sep 10, 20025 mins
CSO and CISOData and Information Security

Teleworkers, mobile employees, and broadband access are all driving corporations to extend their networks securely through the implementation of IP VPNs over the Internet. While these networks are being extended, the malicious activities of hackers and their ability to compromise networks and remote PCs are only increasing. These remote end points are made more vulnerable when end users connect to the Internet for personal and business use without going through the corporate security infrastructure (firewalls, intrusion detection, URL filtering, content inspection, and so on).

Prudent corporate governance requires that the use of IT assets, when they are being accessed remotely, conform to the business use that is consistent with IT security policies (no malicious code or inappropriate services such as streaming or peer-to-peer applications) and HR policies (such as those that proscribe surfing inappropriate Web sites or sending sexually explicit e-mails). These policies must now be enforced on a decentralized user base as effectively as they are on the corporate network. For, although employees working remotely can connect securely to corporate networks with IP VPN connections, their systems may already have been compromised while they were surfing the Web for either business or personal reasons.

A new security market for providing remote end-point security (REPS) emerged in 2001 as managed service providers rolled out offerings to protect the systems of remote workers. The Yankee Group estimates that the REPS services market will approach $1 million in 2001 and it is projected to surpass $170 million by 2007, growing from 20,000 installed clients in 2001 to over 3 million by 2007. This Report provides an introduction to secure end-point services, identifies emerging market opportunities, and discusses demand drivers, current vendor offerings, and the future direction of these services.

Future and Conclusions

Several REPS service enhancements will be driven by further technology advancements. Service providers will look to monitor remote end points when they are not connected to the corporate IP VPN, allowing companies to continuously monitor security events targeting their employees PCs.

The service providers will leverage the security event information gathered from the remote end points, and tie it into security event management systems developed by vendors such as OpenService, e-Security, Intellitactics, OneSecure, and ISS, which will enable the service providers to proactively determine what types of security attacks are besetting end users around the Internet. This will allow the service providers to create new security policies and patches, and proactively push security fixes to customers even before they know of a new vulnerability or threat. REPS will also work with the security intelligence service (SIS) providers (see Further Reading list for research related to this topic) to integrate the SIS proactive threat detection information with the real-time update facilities provided by the REPS vendors.

REPS will also provide dynamic policy enforcement, which will enable corporations to enforce stricter corporate policies for Internet usage when the remote end user is conducting work-related tasks and accessing both the Internet and the IP VPN. The dynamic policy configuration will then change the rules of use when the end user is in home mode and is entitled to use applications such as video streaming or surf religious Web sites, both of which may be against corporate policies but are allowed under home user rights. With this dynamic configuration option, it will be necessary to have a security assessment or some way of auditing the remote PC for threats before the user is allowed access to the IP VPN and corporate network. This PC security audit will be conducted remotely from the IP VPN security policy server during the connection process.

The IP VPN network equipment manufacturerssuch as Nortel, Cisco, Check Point, NetScreen, Lucent, and CoSinewill work with the secure end-point software vendors to integrate the IP VPN connection software with the REPS software. This integration will enable the corporate policy of allowing the IP VPN connection to be established only when the REPS software is resident and active, and when the end point has not been compromised since the last remote session. This will enable corporations and service providers to offer a wider range of network equipment as part of their secure end-point solutions.

REPS offerings will also be extended to partners networks, enabling a corporation to enforce a minimum level of security on its connection with its partners networks. This will most likely be an extension of the corporate network that is tied into a supply chain partner, or a reseller partner extranet relationship where the company wants to ensure that the partner is meeting a minimum level of security policy management, which can be ensured by deploying a managed REPS offering to the remote partner end point. This will raise the minimum-security exposure standard of what might be considered the weakest link in the security supply chain.

Several service providers will enter the market for REPS either through reseller agreements or by developing their own managed services offerings. Companies that are most likely to develop their own offerings will be the ones with a history of providing IP VPN remote services that require management of end-user software. These companies already control software on the desktop and provide primary support for end-user troubleshooting. GRIC, Sprint, EDS, Infonet, Internet Security Systems, and Genuity will be the first tier of providers to offer REPS. The next tier of services will come from AT&T, WorldCom, Comdisco, CLECs, and RBOCs. Other managed security service providers will look to resell REPS services, driven by the demand of their corporate customers to provide enterprise-grade security to their remote employees.

Other value-added resellers (VARs) and systems integration vendors will look to partner with REPS providers in an attempt to diversify their portfolios into managed security services and to help solidify their grip on their customers. The Yankee Group predicts that within the next 18 months, REPS will become a standard offering and a must-have for corporations as part of the managed security services suite they purchase to help secure their corporate infrastructure.