3 Ways SAM Technology Can Augment Security

How IT and Security Can Work Together

Network security has topped the enterprise IT priority list ever since networked computers hit the mainstream, and for good reason. According to PricewaterhouseCoopers, the average loss in brand value alone for companies experiencing data breaches ranges from $184 million to more than $330 million.

As companies continue to stockpile larger and larger amounts of personal information—and rely on technology to secure it—data breaches will become ever more commonplace and damaging to those companies that don't adopt airtight security practices. Growth in the security software market supports this hypothesis: Gartner estimates that security software revenue grew 7.5 percent last year to a whopping $17.7 billion.

While many of these security products focus on preventing external attacks or information leakage, IT executives might be surprised to learn that between 40 and 85 percent—depending on which study you believe—of IT security breaches originate from inside the company, whether malicious or unintended. Executives may be even more surprised to learn that technologies not commonly marketed as security products—sometimes already deployed within the enterprise—can do a great deal to help augment their security policies.

One such category of products is software asset management (SAM) tools, commonly implemented as a means of tracking the installation and usage of software within the organization. SAM technologies can be a valuable weapon within the security arsenal in a number of ways, among them:

1. Identifying hacking tools and other programs that can be used in a malicious way.Unless desktops are completely locked down, it's all too easy for end users to introduce unauthorized or malicious software programs to the network environment. Many organizations choose to maintain a matrix of acceptable software applications, which they then compare to their software inventory reports to reveal unknown or suspicious installations. Likewise, if administrators know the executable name for a malicious app, they can use the SAM tool's discovery capability to pinpoint any machine(s) with that program installed.

2. Preventing the use of applications that are deemed a threat.Even the most carefully crafted and well communicated software usage policies often aren't enough to keep end users from running programs that put the enterprise at risk. That's why many companies turn to a SAM capability called "application control" for an extra layer of policy enforcement. SAM tools that offer application control allow administrators to block specific executables from being run by individuals, departments or all users, and can even report on attempts to launch applications that have been blocked.

3. Examining software usage data to determine when, from where, and by whom an application was used.SAM tools can be a very powerful way to investigate known security breaches. Let's say a data breach took place between four and five o'clock on a Saturday morning. By analyzing software usage statistics on applications that facilitate access to the breached data, IT personnel can identify exactly which machines and users were running those applications during that timeframe.

4. Identifying and reducing the number of supported and patched applications.With new and more sophisticated security threats being reported at increasing rates, IT administrators scramble every day to stay on top of the latest vulnerabilities and fixes related to installed software. By analyzing the presence and usage of each installed application, companies can see where they have redundant and/or underutilized titles and reduce their application footprints. With fewer applications to support and patch, IT can significantly reduce the chances that an unknown or unaddressed security vulnerability will lead to catastrophe.

Obviously it would be misleading to suggest that a SAM tool can replace or even match the capabilities of dedicated security software and policies. But such tools can certainly round out one's security posture by producing forensics related to software inventory and usage that traditional security products don't take into account. Furthermore, employing security as an added SAM benefit can be a useful strategy for securing executive sponsorship for investments in SAM technologies and best practices—and to help prove their value once implemented.

Kris Barker is co-founder and CEO of Express Metrix, a 16-year veteran in the IT asset management market, focusing its efforts on computer inventory and software metering solutions. He is also a professional educator, with more than 10 years of experience teaching higher-education students Web development and software programming skills. The Express Metrix Express Software Manager for Citrix is certified Citrix Ready.Express Metrix enables heightened protection against failed compliance audits, IT overspending, inappropriate use of software, and the consequences of uninformed IT decisions. Winner of the SIIA's 2008 CODiE Award for "Best Asset Management Solution," Express Metrix solutions deliver vital information that allows for the efficient management of desktop hardware and software—freeing IT departments to focus on mission-critical operations and other strategic initiatives.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.