2015 Endpoint and Mobile Security Buyers Guide

664 views

Published on

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
664
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • re:Privacy
    We can simplify the discussion down to the root: whether an app is exploiting a vulnerability or other mechanism to provide unauthorized access to the device (a security issue) or legitimately accessing information it shouldn’t be able to (a privacy issue). But both increase risk to the organization, and, so that risk needs to be understood and managed.
  • If you choose to centralize security management of both PCs and smartphone/tablet devices, you will want the ability to define roles within the management environment to support your organizational model. If you have personnel detailed to manage only smartphones, they don’t need access to PC management or vice-versa.
  • 2015 Endpoint and Mobile Security Buyers Guide

    1. 1. Presents 2015 Endpoint and Mobile Security Buyer’s Guide Mike Rothman, President mrothman@securosis.com Twitter: @securityincite
    2. 2. About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys - that’s all we do.
    3. 3. Advanced Malware is Advanced • Attacks > Defenses • Advanced Attackers > You • Yet you can track the indicators and follow their trail. • But first you need to understand the kill chain. http://flic.kr/p/4UPRJ7
    4. 4. The Kill Chain http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
    5. 5. Defining Endpoint Security
    6. 6. Anti-Malware: Protecting Endpoints from Attack
    7. 7. The Negative Security Model http://www.despair.com/tradition.html
    8. 8. How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore. http://flic.kr/p/9kC2Q1
    9. 9. Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes http://www.flickr.com/photos/dzingeek/4587871752/
    10. 10. You don’t know what malware is going to look like... But you DO know what software should and should not do.
    11. 11. Advanced Protection Techniques • Better Heuristics • Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook) • “Application HIPS” • Better Isolation (Sandboxes) • Browser Isolation • O/S Isolation (virtualization) • White Listing (endpoints user experience impact, good for servers) • Endpoint Activity Monitoring • Device Forensics • Retrospective Alerting
    12. 12. Endpoint Hygiene: Reducing Attack Surface
    13. 13. Endpoint Hygiene
    14. 14. Patch Management Process http://www.flickr.com/photos/smallritual/6964911694/
    15. 15. Patch Management Technology Considerations • Coverage (OS and apps) • Library of patches • Intelligence/Research • Discovery • Patch deployment and software removal • Agent vs. agentless • Handling remote devices • Deployment/scalability architecture • Scheduling flexibility
    16. 16. Configuration Management Process http://www.flickr.com/photos/smallritual/6964911694/
    17. 17. Configuration Management Technology Considerations • Coverage (OS and apps) • Discovery • Supported standards and benchmarks • Agent vs. agentless • Handling remote devices • Integration with operational processes • Policy exceptions • Who has the “special machines?”
    18. 18. Device Control Use Cases • Data Leakage • Data Privacy (Encryption) • Malware Proliferation (Sneakernet) http://www.flickr.com/photos/rave2npg/2667464740/
    19. 19. Device Control Process
    20. 20. Device Control Technology Considerations • Device support • Policy granularity • Encryption algorithm support • Agent (small footprint) • Hardware keylogger protection • Offline support • Forensics • Grace periods/User override
    21. 21. Blurring lines between technologies • Periodic Controls (Patch/Config) with Vulnerability Management & IT Ops • Device Control with Endpoint DLP • Who wants the hot potato? • Accountability and organizational complexities http://www.flickr.com/photos/zen/253267347/
    22. 22. Managing Mobile Endpoint Security
    23. 23. Mobile Device Security • Enrollment • Asset Management • OS Configuration • Patching • Connectivity • Identity • Group roles and policies http://www.flickr.com/photos/becw/2404120929/
    24. 24. Managing Applications • Authorized applications • Application controls • Built-in apps & 3rd party • Privacy • Regional variations • Balance individual needs with corporate requirements https://flic.kr/p/eEcxny
    25. 25. Mobile Data Protection • Remote Wipe • Data Protection • Encryption at rest • Containers
    26. 26. Employee-owned devices • Not just mobile devices • Selective enforcement/granularity of policies • Require Anti-malware? • Manage Hygiene? http://www.flickr.com/photos/jennip/8465930151/
    27. 27. Management Leverage • Starts as stand-alone, eventually bundled in • Single user experience to manage hygiene • Single point to aggregate endpoint logs • Cloud or on-prem management? https://flic.kr/p/5LVn8X
    28. 28. Endpoint Security Platform Brings it all together into a well oiled machine... http://www.flickr.com/photos/andrewl04/3163980834/
    29. 29. Buying Considerations
    30. 30. Endpoint Security Platform Buying Considerations • Dashboard • Discovery • Asset Repository Integration • Alert Management • Alert queue • Navigation/workflow • Agent Management • Policy Creation and Management • Baselines/Templates for customization • Alert only policies • System Administration • Reporting
    31. 31. To Cloud or Not to Cloud • No server management • Uptime • Multi-tenancy: Data segregation and protection • User experience http://www.flickr.com/photos/52859023@N00/644335254
    32. 32. Buying Process/ Vendor Selection • Buying Process: Define Requirements, Short list, Test/PoC, Test support, Negotiate • Confirm with peer group • Big vs. small vendor • Platform vs. pricing leverage • Research & Intelligence http://www.flickr.com/photos/jeffanddayna/4081090389/
    33. 33. Summary • Don’t forget about the security of endpoint security • Exploitable agents • Weak platform security • Cloud app vulnerabilities • Malware protection remains a cat/mouse game • BYOD/Mobility adds another set of issues to protecting endpoints http://www.flickr.com/photos/74571262@N08/6710953053/
    34. 34. Read our stuff • Blog • http://securosis.com/blog • Research • http://securosis.com/research • We publish (almost) everything for free • Contribute. Make it better.
    35. 35. Mike Rothman Securosis LLC mrothman@securosis.com http://securosis.com/blog Twitter: @securityincite

    ×