IT security professionals have learned the hard way that some of a network’s greatest vulnerabilities lie at its endpoints, whether it’s an employee’s BlackBerry connected via a wireless signal or an office desktop corrupted by malware from an unapproved thumb drive.

In Endpoint Security, author Mark S. Kadrich, CISSP (Certified Information Systems Security Professional), provides a thorough overview of the universe of endpoints that can play host to threats; he also discusses how to limit that risk exposure.        

After defining endpoints, which can range from embedded devices to PDAs and smart phones,  Kadrich alerts readers to the dangerous limitations in conventional endpoint security strategies. He follows with information on products, tools, and processes that can be used to secure devices and infrastructure.

The text explains how to rapidly identify and shore up or eliminate compromised endpoint devices, configure new endpoints securely, and improve security at the point of integration between endpoints and the network. Laying out existing threats and tracking their trajectories into the future, Kadrich explains how to systematically defend against new and emerging endpoint-focused malware and viruses. He begins with IT security fundamentls like intrusion detection, moving up to larger considerations such as network integration.

Perhaps what makes this book most valuable is that it addresses endpoint security across different operating systems, not just Microsoft Windows but also Apple OS X as well as LINUX. Kadrich also covers the growing target environment populated by mobile and hands-free devices.

As president and CEO of The Security Consortium, which performs in-depth testing and evaluation of security products and vendors, Kadrich knows his subject matter. He was previously senior manager of network and endpoint security at IT giant Symantec.

Kadrich is also a skilled and seasoned author who explains a complex topic easily and with a humorous edge. This particular title is very well structured, incorporating screen captures and other illustrations to aid the reader’s understanding.

While the book may be of greatest benefit to readers with advanced IT security experience, it is by no means off-limits to beginners and intermediate practitioners. I strongly recommend this book to any professional concerned with network or data systems, including security generalists.

Endpoint Security is published by Addison-Wesley Professional, (www.informit.com; [2] 384 pages; $54.99.)

Reviewed by Capt. Werner Preining, CPP, CAS (Certified Antiterrorism Specialist), an executive vice president with Interpool Security Ltd. in Vienna, Austria. Preining is chair of ASIS International’s Austria Chapter and a member of the Information Technology Security Council.