Presents
2015 Endpoint and Mobile
Security Buyer’s Guide
Mike Rothman, President
mrothman@securosis.com
Twitter: @security...
About Securosis
• Independent analysts with backgrounds on
both the user and vendor side.
• Focused on deep technical and ...
Advanced Malware is Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow...
The Kill Chain
http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
Defining Endpoint Security
Anti-Malware:
Protecting Endpoints from
Attack
The Negative Security Model
http://www.despair.com/tradition.html
How customers view
Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not i...
Adversaries: Better
and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.fli...
You don’t know what malware is
going to look like...
But you DO know what software
should and should not do.
Advanced Protection
Techniques
• Better Heuristics
• Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT,
Outlook...
Endpoint Hygiene:
Reducing Attack Surface
Endpoint Hygiene
Patch Management Process
http://www.flickr.com/photos/smallritual/6964911694/
Patch Management Technology
Considerations
• Coverage (OS and
apps)
• Library of patches
• Intelligence/Research
• Discove...
Configuration Management
Process
http://www.flickr.com/photos/smallritual/6964911694/
Configuration Management Technology
Considerations
• Coverage (OS and
apps)
• Discovery
• Supported standards
and benchmar...
Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr...
Device Control Process
Device Control Technology
Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (sma...
Blurring lines between
technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management &
IT Ops
• Device Con...
Managing Mobile
Endpoint Security
Mobile Device Security
• Enrollment
• Asset Management
• OS Configuration
• Patching
• Connectivity
• Identity
• Group rol...
Managing Applications
• Authorized applications
• Application controls
• Built-in apps & 3rd party
• Privacy
• Regional va...
Mobile Data Protection
• Remote Wipe
• Data Protection
• Encryption at rest
• Containers
Employee-owned devices
• Not just mobile devices
• Selective enforcement/granularity of
policies
• Require Anti-malware?
•...
Management Leverage
• Starts as stand-alone,
eventually bundled in
• Single user experience to
manage hygiene
• Single poi...
Endpoint Security
Platform
Brings it all together
into a well oiled
machine...
http://www.flickr.com/photos/andrewl04/3163...
Buying Considerations
Endpoint Security Platform
Buying Considerations
• Dashboard
• Discovery
• Asset Repository
Integration
• Alert Management...
To Cloud or
Not to Cloud
• No server management
• Uptime
• Multi-tenancy: Data
segregation and protection
• User experienc...
Buying Process/
Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Co...
Summary
• Don’t forget about the security
of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app v...
Read our stuff
• Blog
• http://securosis.com/blog
• Research
• http://securosis.com/research
• We publish (almost) everyth...
Mike Rothman
Securosis LLC
mrothman@securosis.com
http://securosis.com/blog
Twitter: @securityincite
2015 Endpoint and Mobile Security Buyers Guide
Upcoming SlideShare
Loading in...5
×

2015 Endpoint and Mobile Security Buyers Guide

280

Published on

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
280
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • re:Privacy
    We can simplify the discussion down to the root: whether an app is exploiting a vulnerability or other mechanism to provide unauthorized access to the device (a security issue) or legitimately accessing information it shouldn’t be able to (a privacy issue). But both increase risk to the organization, and, so that risk needs to be understood and managed.
  • If you choose to centralize security management of both PCs and smartphone/tablet devices, you will want the ability to define roles within the management environment to support your organizational model. If you have personnel detailed to manage only smartphones, they don’t need access to PC management or vice-versa.
  • 2015 Endpoint and Mobile Security Buyers Guide

    1. 1. Presents 2015 Endpoint and Mobile Security Buyer’s Guide Mike Rothman, President mrothman@securosis.com Twitter: @securityincite
    2. 2. About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys - that’s all we do.
    3. 3. Advanced Malware is Advanced • Attacks > Defenses • Advanced Attackers > You • Yet you can track the indicators and follow their trail. • But first you need to understand the kill chain. http://flic.kr/p/4UPRJ7
    4. 4. The Kill Chain http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
    5. 5. Defining Endpoint Security
    6. 6. Anti-Malware: Protecting Endpoints from Attack
    7. 7. The Negative Security Model http://www.despair.com/tradition.html
    8. 8. How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore. http://flic.kr/p/9kC2Q1
    9. 9. Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes http://www.flickr.com/photos/dzingeek/4587871752/
    10. 10. You don’t know what malware is going to look like... But you DO know what software should and should not do.
    11. 11. Advanced Protection Techniques • Better Heuristics • Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook) • “Application HIPS” • Better Isolation (Sandboxes) • Browser Isolation • O/S Isolation (virtualization) • White Listing (endpoints user experience impact, good for servers) • Endpoint Activity Monitoring • Device Forensics • Retrospective Alerting
    12. 12. Endpoint Hygiene: Reducing Attack Surface
    13. 13. Endpoint Hygiene
    14. 14. Patch Management Process http://www.flickr.com/photos/smallritual/6964911694/
    15. 15. Patch Management Technology Considerations • Coverage (OS and apps) • Library of patches • Intelligence/Research • Discovery • Patch deployment and software removal • Agent vs. agentless • Handling remote devices • Deployment/scalability architecture • Scheduling flexibility
    16. 16. Configuration Management Process http://www.flickr.com/photos/smallritual/6964911694/
    17. 17. Configuration Management Technology Considerations • Coverage (OS and apps) • Discovery • Supported standards and benchmarks • Agent vs. agentless • Handling remote devices • Integration with operational processes • Policy exceptions • Who has the “special machines?”
    18. 18. Device Control Use Cases • Data Leakage • Data Privacy (Encryption) • Malware Proliferation (Sneakernet) http://www.flickr.com/photos/rave2npg/2667464740/
    19. 19. Device Control Process
    20. 20. Device Control Technology Considerations • Device support • Policy granularity • Encryption algorithm support • Agent (small footprint) • Hardware keylogger protection • Offline support • Forensics • Grace periods/User override
    21. 21. Blurring lines between technologies • Periodic Controls (Patch/Config) with Vulnerability Management & IT Ops • Device Control with Endpoint DLP • Who wants the hot potato? • Accountability and organizational complexities http://www.flickr.com/photos/zen/253267347/
    22. 22. Managing Mobile Endpoint Security
    23. 23. Mobile Device Security • Enrollment • Asset Management • OS Configuration • Patching • Connectivity • Identity • Group roles and policies http://www.flickr.com/photos/becw/2404120929/
    24. 24. Managing Applications • Authorized applications • Application controls • Built-in apps & 3rd party • Privacy • Regional variations • Balance individual needs with corporate requirements https://flic.kr/p/eEcxny
    25. 25. Mobile Data Protection • Remote Wipe • Data Protection • Encryption at rest • Containers
    26. 26. Employee-owned devices • Not just mobile devices • Selective enforcement/granularity of policies • Require Anti-malware? • Manage Hygiene? http://www.flickr.com/photos/jennip/8465930151/
    27. 27. Management Leverage • Starts as stand-alone, eventually bundled in • Single user experience to manage hygiene • Single point to aggregate endpoint logs • Cloud or on-prem management? https://flic.kr/p/5LVn8X
    28. 28. Endpoint Security Platform Brings it all together into a well oiled machine... http://www.flickr.com/photos/andrewl04/3163980834/
    29. 29. Buying Considerations
    30. 30. Endpoint Security Platform Buying Considerations • Dashboard • Discovery • Asset Repository Integration • Alert Management • Alert queue • Navigation/workflow • Agent Management • Policy Creation and Management • Baselines/Templates for customization • Alert only policies • System Administration • Reporting
    31. 31. To Cloud or Not to Cloud • No server management • Uptime • Multi-tenancy: Data segregation and protection • User experience http://www.flickr.com/photos/52859023@N00/644335254
    32. 32. Buying Process/ Vendor Selection • Buying Process: Define Requirements, Short list, Test/PoC, Test support, Negotiate • Confirm with peer group • Big vs. small vendor • Platform vs. pricing leverage • Research & Intelligence http://www.flickr.com/photos/jeffanddayna/4081090389/
    33. 33. Summary • Don’t forget about the security of endpoint security • Exploitable agents • Weak platform security • Cloud app vulnerabilities • Malware protection remains a cat/mouse game • BYOD/Mobility adds another set of issues to protecting endpoints http://www.flickr.com/photos/74571262@N08/6710953053/
    34. 34. Read our stuff • Blog • http://securosis.com/blog • Research • http://securosis.com/research • We publish (almost) everything for free • Contribute. Make it better.
    35. 35. Mike Rothman Securosis LLC mrothman@securosis.com http://securosis.com/blog Twitter: @securityincite
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×