Presents
2014 Ultimate Endpoint
Security Buyer’s Guide
Mike Rothman, President
mrothman@securosis.com
Twitter: @securityin...
About Securosis
• Independent analysts with backgrounds on
both the user and vendor side.
• Focused on deep technical and ...
Advanced Malware is
Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow...
The Kill Chain
http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
Defining Endpoint Security
Anti-Malware:
Protecting Endpoints
from Attack
The Negative Security Model
http://www.despair.com/tradition.html
How customers view
Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not i...
Adversaries: Better
and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.fli...
You don’t know what malware
is going to look like...
But you DO know what
software should and should
not do.
Advanced Protection
Techniques
• Better Heuristics
• Profile the “Big 7” (browsers,
Java, Adobe, Word, Excel,
PPT, Outlook...
Endpoint Hygiene:
Reducing Attack
Surface
Endpoint Hygiene
Patch Management Process
http://www.flickr.com/photos/smallritual/6964911694/
Patch Management Technology
Considerations
• Coverage (OS and apps)
• Library of patches
• Intelligence/Research
• Discove...
Configuration Management
Process
http://www.flickr.com/photos/smallritual/6964911694/
Configuration Management
Technology Considerations
• Coverage (OS and apps)
• Discovery
• Supported standards
and benchmar...
Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr...
Device Control Process
Device Control
Technology
Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (sma...
Blurring lines between
technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management &
IT Ops
• Device Con...
The Impact of BYOD
and Mobility
BYOD
• Not just mobile devices
• Selective
enforcement/granularity of
policies
• Require Anti-malware?
• Manage Hygiene?
h...
Mobility/Smart Devices
• Management a bigger problem
than security (for now)
• Mobile malware?
• MDM/MAM and other
managem...
BYOD/Mobile
stand alone?
No...
http://www.flickr.com/photos/rabanito/3191183434/
Endpoint Security
Platform
Brings it all together
into a well oiled
machine...
http://www.flickr.com/photos/andrewl04/3163...
Buying
Considerations
Endpoint Security Platform
Buying Considerations
• Dashboard
• Discovery
• Asset Repository
Integration
• Alert Management...
To Cloud or
Not to Cloud
• No server management
• Uptime
• Multi-tenancy: Data
segregation and protection
• User experienc...
Buying Process/
Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Co...
Summary
• Don’t forget about the
security of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app v...
Read our stuff
• Blog
• http://securosis.com/blog
• Research
• http://nexus.securosis.com/
• http://securosis.com/research...
Mike Rothman
Securosis LLC
mrothman@securosis.com
http://securosis.com/blog
Twitter: @securityincite
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Upcoming SlideShare
Loading in …5
×

2014 Ultimate Buyers Guide to Endpoint Security Solutions

592
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
592
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2014 Ultimate Buyers Guide to Endpoint Security Solutions

  1. 1. Presents 2014 Ultimate Endpoint Security Buyer’s Guide Mike Rothman, President mrothman@securosis.com Twitter: @securityincite
  2. 2. About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys - that’s all we do.
  3. 3. Advanced Malware is Advanced • Attacks > Defenses • Advanced Attackers > You • Yet you can track the indicators and follow their trail. • But first you need to understand the kill chain. http://flic.kr/p/4UPRJ7
  4. 4. The Kill Chain http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
  5. 5. Defining Endpoint Security
  6. 6. Anti-Malware: Protecting Endpoints from Attack
  7. 7. The Negative Security Model http://www.despair.com/tradition.html
  8. 8. How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore. http://flic.kr/p/9kC2Q1
  9. 9. Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes http://www.flickr.com/photos/dzingeek/4587871752/
  10. 10. You don’t know what malware is going to look like... But you DO know what software should and should not do.
  11. 11. Advanced Protection Techniques • Better Heuristics • Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook) • “Application HIPS” • Better Isolation (Sandboxes) • Browser Isolation • O/S Isolation (virtualization) • White Listing (endpoints user experience impact, good for servers) • Endpoint Activity Monitoring • Device Forensics • Retrospective Alerting
  12. 12. Endpoint Hygiene: Reducing Attack Surface
  13. 13. Endpoint Hygiene
  14. 14. Patch Management Process http://www.flickr.com/photos/smallritual/6964911694/
  15. 15. Patch Management Technology Considerations • Coverage (OS and apps) • Library of patches • Intelligence/Research • Discovery • Patch deployment and software removal • Agent vs. agentless • Handling remote devices • Deployment/scalability architecture • Scheduling flexibility
  16. 16. Configuration Management Process http://www.flickr.com/photos/smallritual/6964911694/
  17. 17. Configuration Management Technology Considerations • Coverage (OS and apps) • Discovery • Supported standards and benchmarks • Agent vs. agentless • Handling remote devices • Integration with operational processes • Policy exceptions • Who has the “special machines?”
  18. 18. Device Control Use Cases • Data Leakage • Data Privacy (Encryption) • Malware Proliferation (Sneakernet) http://www.flickr.com/photos/rave2npg/2667464740/
  19. 19. Device Control Process
  20. 20. Device Control Technology Considerations • Device support • Policy granularity • Encryption algorithm support • Agent (small footprint) • Hardware key logger protection • Offline support • Forensics • Grace periods/User override
  21. 21. Blurring lines between technologies • Periodic Controls (Patch/Config) with Vulnerability Management & IT Ops • Device Control with Endpoint DLP • Who wants the hot potato? • Accountability and organizational complexities http://www.flickr.com/photos/zen/253267347/
  22. 22. The Impact of BYOD and Mobility
  23. 23. BYOD • Not just mobile devices • Selective enforcement/granularity of policies • Require Anti-malware? • Manage Hygiene? http://www.flickr.com/photos/jennip/8465930151/
  24. 24. Mobility/Smart Devices • Management a bigger problem than security (for now) • Mobile malware? • MDM/MAM and other management technologies • Containers http://www.flickr.com/photos/becw/2404120929/
  25. 25. BYOD/Mobile stand alone? No... http://www.flickr.com/photos/rabanito/3191183434/
  26. 26. Endpoint Security Platform Brings it all together into a well oiled machine... http://www.flickr.com/photos/andrewl04/3163980834/
  27. 27. Buying Considerations
  28. 28. Endpoint Security Platform Buying Considerations • Dashboard • Discovery • Asset Repository Integration • Alert Management • Alert queue • Navigation/workflow • Agent Management • Policy Creation and Management • Baselines/Templates for customization • Alert only policies • System Administration • Reporting
  29. 29. To Cloud or Not to Cloud • No server management • Uptime • Multi-tenancy: Data segregation and protection • User experience http://www.flickr.com/photos/52859023@N00/644335254
  30. 30. Buying Process/ Vendor Selection • Buying Process: Define Requirements, Short list, Test/PoC, Test support, Negotiate • Confirm with peer group • Big vs. small vendor • Platform vs. pricing leverage • Research & Intelligence http://www.flickr.com/photos/jeffanddayna/4081090389/
  31. 31. Summary • Don’t forget about the security of endpoint security • Exploitable agents • Weak platform security • Cloud app vulnerabilities • Malware protection remains a cat/mouse game • BYOD/Mobility just another consideration http://www.flickr.com/photos/74571262@N08/6710953053/
  32. 32. Read our stuff • Blog • http://securosis.com/blog • Research • http://nexus.securosis.com/ • http://securosis.com/research • We publish (almost) everything for free • Contribute. Make it better.
  33. 33. Mike Rothman Securosis LLC mrothman@securosis.com http://securosis.com/blog Twitter: @securityincite
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×