SMS lets you configure rules to enable or disable DHCP, DNS, NetBIOS, OS masquerading and shunning attackers. The process is simple. When we ran an NMAP probe with OS masquerading enabled, for example, the software identified the system as a Red Hat Linux station to trick attackers into trying Linux attacks against a Windows workstation. This feature will mislead script kiddies performing scans for hosts, but it won't guarantee complete security.
The server software provides two methods for establishing trusted applications: manual input or client-learned. Every time a client with a learning-enabled policy launches a new Internet program, it reports the file name, version number and MD5 hash to the server. You can then add the appropriate applications to the trusted list. In test environments, new applications can be added to the approved application list automatically, or the management server can send you an e-mail when a user runs a previously undiscovered application.
Application discovery is important in the initial configuration and testing phases of deployment. We had one big complaint about the way the product accomplishes this. The server cannot dictate the components' MD5 hashes. Instead, these hashes are computed on the end node. Although this technique makes diverse environments easier to administer, it also necessitates installation on clean systems. If you install the firewall on a system that's already compromised, the firewall won't catch the Trojan. You can, however, dictate and require the executable's hash to come from the server. In other words, you can require iexplore.exe to have a certain MD5 hash, but the system DLL hashes cannot be centrally defined. Integrated antivirus and intrusion-detection support should catch any stragglers.
Sygate's is also the only product that lets you create multiple policies based on the user's location or tasks. For example, you can have one policy for local users, another for those connecting via VPN, and a third policy for wireless users. You can set policies based on MAC (Media Access Control) addresses, IP addresses, network adapters, VPN adapters, applications and time of day.
Sygate's report generation isn't as robust as ISS's: You can't drill too deeply into Sygate's graphs. Each rule, for example, can be assigned a severity on a scale from zero to 15. We created a rule that said running telnet.exe would produce a critical flag. After executing telnet on a client machine, we sorted the security log by severity. Our telnet violation appeared at the top. You can create line, bar and pie charts showing IPs, protocols, time, application or severity of attacks, but you can't take the reporting much further.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
