Securing the Endpoints in Networks By Govind Rammurthy CEO & Managing Director

Agenda Business Continuity Demands Threat Scenario – Past & Present Endpoints & Endpoint Security Layers of Endpoint Security Endpoint Security Best Practices

Business Continuity Demands

Threat Scenario – Past & Present

Endpoints & Endpoint Security

Layers of Endpoint Security

Endpoint Security Best Practices

Business Continuity Demands Unified Networks for Email, Text Chat, Web Browsing, File Sharing, Games Voice, Audio, Video, Tele-presence, Telemedicine Web Services, EDI, SCADA, Emergency Services Users To Enjoy Mobility Any service from any device on any network Seamless mobility across devices and networks Strong but easy user authentication Reliability and Security of Networks.

Unified Networks for

Email, Text Chat, Web Browsing, File Sharing, Games

Voice, Audio, Video, Tele-presence, Telemedicine

Web Services, EDI, SCADA, Emergency Services

Users To Enjoy Mobility

Any service from any device on any network

Seamless mobility across devices and networks

Strong but easy user authentication

Reliability and Security of Networks.

Business Continuity Demands Increased Access to Sensitive Information Mission-critical network Mobile and remote devices and users Wide variety of endpoints Wide variety of users: employees, customers, contractors, guests Interoperability

Increased Access to Sensitive Information

Mission-critical network

Mobile and remote devices and users

Wide variety of endpoints

Wide variety of users: employees, customers, contractors, guests

Interoperability

File Servers Web or App Servers Email Servers Typical Network Security Scenario Very High High Medium Risks Very Low Low Vendors Mobile PDA Mobile Laptops Home Computer Local Users Desktops

Typical Network Security Scenario Very High High Medium Risks Very Low Low

Business Continuity Vs Security Statistics on Attack Trends that could lead to Data/Identity Theft. 54% 28% 13% 4% 1%

Threat Scenario – Past & Present Threats were indiscriminate, hit everyone Threats are highly targeted, regionalized Threats were disruptive  impact visible Threats steal data & damage brands  impact unclear Remediation action was technical (“remove”)‏ Remediation more complex, may need to investigate data leak Entry through perimeter and gateway Entry through uneducated network clients and endpoints Threats were noisy & visible to everyone Threats are silent & unnoticed with variants

Endpoints & Endpoint Security Key Influencers: Devices and Storage Mediums Portability of Data Accessibility Compliance Laws & Regulations (HIPAA, SOX, etc.) Extranet/Intranet Access provided to employees & partners. Network Downtime due to infections

Key Influencers:

Devices and Storage Mediums

Portability of Data

Accessibility

Compliance Laws & Regulations (HIPAA, SOX, etc.)

Extranet/Intranet Access provided to employees & partners.

Network Downtime due to infections

Endpoints & Endpoint Security Loss/leak of confidential information Losing valuable employees Unknown/invisible threats and loss of productivity due to using non-complaint storage mediums Unauthorized intrusions – via Web Servers, email Servers, etc. Access to internal networks via individual end points Loss of Productivity due to Infections

Loss/leak of confidential information

Losing valuable employees

Unknown/invisible threats and loss of productivity due to using non-complaint storage mediums

Unauthorized intrusions – via Web Servers, email Servers, etc.

Access to internal networks via individual end points

Loss of Productivity due to Infections

Endpoints & Endpoint Security IPODs / Portable Entertainment devices Bluetooth Cell Phones Wireless LAN USB Devices Open Non-authenticated Mail/Proxy Servers Lack of defined employee security policies Authorized Applications

IPODs / Portable Entertainment devices

Bluetooth Cell Phones

Wireless LAN

USB Devices

Open Non-authenticated Mail/Proxy Servers

Lack of defined employee security policies

Authorized Applications

Endpoints & Endpoint Security Data in Motion Emails Instant Messaging P2P File Transfers Web Posts Blogs Data at Rest Laptops/Desktops/File Servers USB Key Data to be Protected Endpoint Security Is Mission Critical

Data in Motion

Emails

Instant Messaging

P2P

File Transfers

Web Posts

Blogs

Data at Rest

Laptops/Desktops/File Servers

USB

Endpoints & Endpoint Security Reducing Threat Exposure Information Protection & Control Data in Motion Data in Rest Asset Protection & Control Asset management Desktop computing support Application Control Security Incident Alerts/logs Policy Implementation & Oversight NAC/NAP

Information Protection & Control

Data in Motion

Data in Rest

Asset Protection & Control

Asset management

Desktop computing support

Application Control

Security Incident Alerts/logs

Policy Implementation & Oversight

NAC/NAP

Endpoints & Endpoint Security Endpoint management costs are increasing Cost of downtime impacts both productivity and revenue Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources Complexity is increasing as well Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming Growing number of new known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for anti-virus to do much more The Perfect Endpoint Security system is with a Centrally Managed Client Security Solution. Some of the Major Technology based threats Bluesnarfing - Using Bluetooth Podslurping – Using iPods Thumbsucking – Using Thumb Drives Zero-day threats – New and evolving threats

Endpoint management costs are increasing

Cost of downtime impacts both productivity and revenue

Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources

Complexity is increasing as well

Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming

Growing number of new known and unknown threats

Stealth-based and silent attacks are increasing, so there is a need for anti-virus to do much more

The Perfect Endpoint Security system is with a Centrally Managed Client Security Solution. Some of the Major Technology based threats

Bluesnarfing - Using Bluetooth

Podslurping – Using iPods

Thumbsucking – Using Thumb Drives

Zero-day threats – New and evolving threats

Layers of Endpoint Security AntiVirus / Antispyware Web Protection Firewall Intrusion Prevention Device Control Network Access Control / Network Access Protection Antispam / Antiphising

Layers of Endpoint Security AntiVirus / Antispyware Real-Time AV Scanning Spyware, Adware, Keylogger, & Rootkit Blocker Suspicious Application Detection Registry Monitoring Protection against web based threats Protection against email based threats Spyware and rootkit detection and removal Ability to safely remove infections & restore system files effectively Detect, prevent and remove malicious code & Vulnerability-based protection

Real-Time AV Scanning

Spyware, Adware, Keylogger, & Rootkit Blocker

Suspicious Application Detection

Registry Monitoring

Protection against web based threats

Protection against email based threats

Spyware and rootkit detection and removal

Ability to safely remove infections & restore system files effectively

Layers of Endpoint Security Web/FTP/CHAT Scanning Domain and IP reputation based checker Block websites with restricted words Block web content (Multi-Media & Applications) Block web applets, Cookies, Scripts Block Pop-Ups Browser Cleanup Web Protection

Web/FTP/CHAT Scanning

Domain and IP reputation based checker

Block websites with restricted words

Block web content (Multi-Media & Applications)

Block web applets, Cookies, Scripts

Block Pop-Ups

Browser Cleanup

Layers of Endpoint Security Real-Time Antispam filter Sender reputation checker Antiphising filter Attachment Control Antispam / Antiphising

Real-Time Antispam filter

Sender reputation checker

Antiphising filter

Attachment Control

Layers of Endpoint Security Firewall Managed desktop firewall Adaptive policies allowing for location awareness Network, port, protocol, and application control

Managed desktop firewall

Adaptive policies allowing for location awareness

Network, port, protocol, and application control

Layers of Endpoint Security Intrusion Prevention Behavior-based prevention Network traffic inspection Application inspection

Behavior-based prevention

Network traffic inspection

Application inspection

Layers of Endpoint Security Device Control Device control to prevent data leakage at the endpoint Protection against mp3 players, USB drives, etc.

Device control to prevent data leakage at the endpoint

Protection against mp3 players, USB drives, etc.

Layers of Endpoint Security Network Access Control / Network Access Protection Control Access to critical resources to entire network Based on User identity and role Endpoint identity and health Other factors With Remediation Management

Control Access

to critical resources

to entire network

Based on

User identity and role

Endpoint identity and health

Other factors

With

Remediation

Management

Endpoint Security Best Practices Inventory all IT resources Group resources into levels of sensitivity Define end user access scenarios Associate end user access scenarios with levels of sensitivity Validate the policies with a select group using event logging Roll policies into full production User must Be authenticated With Identity Management System Endpoint Must Be Healthy Anti-Virus software running and properly configured Recent scan shows no malware Personal Firewall running and properly configured Patches up-to-date Behavior Must Be Acceptable No port scanning, sending spam

Inventory all IT resources

Group resources into levels of sensitivity

Define end user access scenarios

Associate end user access scenarios with levels of sensitivity

Validate the policies with a select group using event logging

Roll policies into full production

User must Be authenticated

With Identity Management System

Endpoint Must Be Healthy

Anti-Virus software running and properly configured

Recent scan shows no malware

Personal Firewall running and properly configured

Patches up-to-date

Behavior Must Be Acceptable

No port scanning, sending spam

Any Questions and Queries?

Any Questions and Queries?

THANK YOU!!!

THANK YOU!!!