DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & LEMSS

Uploaded on

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Lumensionand the changein EndpointProtectionMatthew Walker – VP EMEA Channel Sales PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 2. IT Security Continues to be a Growing ProblemCyber Attacks #4 Top 50 Global Risks1 The New Computing Era » Enterprise users experience 339 malware encounters per month2 » 11 per day- 200% increase over same period » 1/3 was zero day » By 2015, more than 60% of enterprises will have suffered material loss of sensitive corporate data via mobile devices3 » Less than 20% of CIO’s felt that their device security and management polices would satisfy an auditor3 » 60% percent of virtualized servers will be less secure than the physical servers they replace3 1) World Economic Forum 2011, 2) Cisco Threat Report 2012, 3) Gartner 2011
  • 3. What Gartner Says• Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users.• ......Application Control holds significant promise but with a few exceptions most vendors in this analysis do not provide flexible enough solutions for large enterprises.• Endpoint protection platforms continue to struggle to block typical malware threats, and are even less effective with low-volume targeted attacks. A few vendors have started to provide proactive tools, such as vulnerability detection and application control, that reduce the attack surface...(16 January 2012) Lumension are in Visionary quadrant3
  • 4. Growing Application Centric Risk Whats In Your Network? » Social networking applications are detected in 95% of organizations ** » 78% of web 2.0 applications support file transfer** » 2/3 of applications in use had known vulnerabilities** » 28% of applications were known to propagate malware** Gartner projects that 50% of companies will be deploying “default deny “ polices to restrict application usage, by 2015. *Ponemon-Lumension State of the Endpoint 2010,2011 ** Palo Alto Networks Application Survey 2010, 2011
  • 5. Trust Stack of the Future Today’s Trust Stack Trust Stack of the Future New application New application Is this known good? ? Is this known bad? ? Is this known bad? Is this unwanted? Do I trust the Vendor? What program introduced it? Do I trust where it came from? Do I trust the user installing it? Am I licensed for this? Allow / Block / Remove Allow / Block / Restrict / Remove5
  • 6. Lumension’s Application Control Approach Lumension’s approach is to deliver a dynamic trust engine that can simultaneously accommodate change and validate trust. People Path Process Publisher Trust Engine Provides manageable rules-based exceptions in a dynamic enterprise environment. Whitelisting Blacklisting6
  • 7. Challenges of Endpoint Management IT Operations IT Security Lack of integration across technologies is the #1 IT security risk.* Challenges Challenges » Lack of Common Management Console » Need for better accuracy » Increasing Agent Bloat » User access rights (Local Admin) » Increasing and costly back-end Integration » Lack of Scalability » Lack of visibility and collaboration with IT » Silos and insufficient collaboration security between IT and business operations* *Worldwide State of The Endpoint Report 20097
  • 9. New End Point Strategy Emerging Endpoint Security Stack Traditional Endpoint Security Defense-N- Blacklisting Depth As The Core Patch & Configuration Mgmt. ConsumerizationZero Day of IT 3rd Party Malware Application Risk As a Service 9
  • 10. L.E.M.S.S. Core Product Offerings 2012 Anti-Virus Patch Management Application Control Device Control• Protection against all • Automated patch • Prevents all unknown • Device visibility known malware deployment and executables from • File type filtering (Blacklistng) remediation running (whitelisitng) • Device whitelisitng• Efficient Malware • Configuration & Power • Effective zero day removal management malware protection • Read only access• Effective protection • Software deployment • Flexible Trust based • Effective protection against fast wide change management against physically • Heterogeneous and 3rd spreading malware policy control introduced malware party vulnerability content coverage • Application visibility • Reduces insider and data loss risk Lumension® Endpoint Management and Security Suite Effective Reduced Endpoint Enhanced IT Endpoint Security Complexity Operations & Productivity Add on modules:  Lumension Disk Encryption (Powered by Sophos) • Requires Patch management and Content Wizard  Power Management • Requires Patch management and Content Wizard  Content Wizard  Enterprise Reporting10
  • 11. NEXT – Demo of LEMSS  Secure the endpoint by enforcing a known good baseline of secure configurations and an operating system and applications that are patched and up-to-date.  Lock down the configuration and installed applications using application control.  Lock down the endpoint and eliminate data leakage via peripheral devices using device control.  Use anti virus to validate what application control has blocked.11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 12. Think Different! Current Approach to New Approach to Endpoint Management Endpoint Management Threat Centric Trust Centric Point products and tools Integrated platform technology Multiple consoles Single console Multiple Agents Single agent Ad-hoc workflows & processes Standardized workflow & processes Reactive, signature-based Proactive, real time Inconsistent interpretation of policy Shared understanding of policy Ad hoc auditing Continuous monitoring12
  • 13. Intelligent Whitelisting from Lumension Anti-Virus Patch Management Application Control • Prevents all unknown • Protection against all • Automated patch executables from known malware deployment running • Identification of • Vulnerability • Effective zero day suspicious code remediation malware production • Malware removal • Reduces malware risk • Effective application policy support Intelligent Whitelisting More Effective Reduced Endpoint Enhanced IT Endpoint Security Complexity Operations & Productivity13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
  • 14. IWL is Secure » Block known and unknown malware without signatures » Protect against targeted attacks and Advanced Persistent Threats » Ensure only trusted applications can run » Provide enforcement and monitoring for end-users with local-admin rights » Reduced risk of data loss » Eliminate application and configuration vulnerabilities14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
  • 15. Lumension and the change inEndpoint Protection Thank you for listening! PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION