When recently discussing this with some colleagues I realized that there are still a number of people who aren’t certain about the differences in technologies and how they impact them directly. Being in the security field, we often forget that what we know and accept as understood can be quite mysterious and unclear to others who aren’t so inundated with security. I realized this was the case when speaking about access control for mobile devices. Someone asked why they needed access control when they already had antivirus for their mobile device? I answered the question but gave it a bit more thought and decided that this might make a good blog entry.
Antivirus is a great technology for helping protect devices themselves. If you can stop an infection before it ever can compromise a device, you’re ahead of the game. That’s what AV technologies do. They check anything that’s coming into the machine (laptop, desktop and now mobile devices) against known “signatures” of bad software. They do a good job of it too. At least for what’s known and some of what fits certain patterns of behavior that other known malware follows.
The challenge with Antivirus is that is must be something that’s known by the AV company and then distributed to the device before it can detect a threat. Today, threats are constantly evolving as hackers are using existing, effective ways to deliver packages. Once those threats have been detected, they make changes that use the same principles but are different enough that they elude the Antivirus technologies (at least for a time). So, there is always risk with Antivirus although normally, providing you keep your signatures updated, you are protected against a majority of existing threats. How does this differ from managed secure access? Where Antivirus is concerned with the device itself, managed secure access is concerned with what you’re accessing rather than what may be trying to interject itself on your device. It’s really a different perspective on security and is more geared toward protecting an organization’s data and applications from unauthorized access.
Smart secure access systems will understand the “context” of access and use that information to determine whether valuable resources should or should not be accessible under a user’s current circumstance. So what do I mean by “context” of access? It involves understanding as much about the request for access as possible so that you can determine whether to grant access or not. Aspects of a connection can include the user’s credentials, multi-factor authentication, device type, device operating system, current patch status of the device, where the person is accessing from (trusted or untrusted location) and more. It may even determine if antivirus software is installed and up to the latest release.
All of these factors create a three-dimensional picture of that user on that device at that moment in time. From this information, you now have a much more detailed way to determine what you will or will not provide access to.
As an example, a user may attempt to gain access to their email via a mobile device. A good access control system will determine that the device has an outdated antivirus installed. It can either block access outright, or sophisticated systems might allow the person to read email (as they had proper credentials and multi-factor authentication) but would block their ability to upload or download any attachments associated with that email.
Strong secure access systems can provide a great variety of ways to access information and applications and still protect an organization’s most valuable information assets.
Antivirus can be an important part of mitigating threats as well, but their focus is generally much more narrow. Together though, these technologies present a formidable defense against threats while still providing improved access to information.