Defining the Endpoint Security UTM

Endpoint security is getting more complex... At the end of the day we have only 1 endpoint to integrate all those glorious safeguards. The target (laptop, desktop, pda, Smartphone, blackberry) has limited resources.

This makes the perfect case for endpoint unified threat management (UTM) concept. Clientless control is golden so OS specific safeguards such as GPO or remote enforcement tools such as promisec would be great. Or the utility based offerings such as Postini and Scansafe will decrease the load/tax on the client.

Here is my list for the endpoint security functionality list for the UTM (a single executable or everything in the cloud are the golden wishes)

- Port Control (USB, CD, Floppy, Bluetooth, IR, Wi-Fi, Ethernet etc)
- Location awareness
- Encryption (file, disk, mail), key/cert management
- Firewall
- IPS
- Antivirus (http and SMTP)
- Antispam, Phishing, Malware control (http, SMTP, SMS)
- URL filtering
- Application control, and tripwire type change control
- Remote device management (in a secure manner :)
- Biometrics/TPM/SSO/802.1x support
- Easy to scale on multiplatform esp. on mobile

Of course all should be managed centrally.

Do I ask for too much? I already see several initiatives before Microsoft, Nokia, and RIM wakes up.

Deployment is a topic for another post.

cheers,
- yinal