Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2015 Endpoint and Mobile Security Buyers Guide


Published on

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015. …

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • re:Privacy
    We can simplify the discussion down to the root: whether an app is exploiting a vulnerability or other mechanism to provide unauthorized access to the device (a security issue) or legitimately accessing information it shouldn’t be able to (a privacy issue). But both increase risk to the organization, and, so that risk needs to be understood and managed.
  • If you choose to centralize security management of both PCs and smartphone/tablet devices, you will want the ability to define roles within the management environment to support your organizational model. If you have personnel detailed to manage only smartphones, they don’t need access to PC management or vice-versa.
  • Transcript

    • 1. Presents 2015 Endpoint and Mobile Security Buyer’s Guide Mike Rothman, President Twitter: @securityincite
    • 2. About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys - that’s all we do.
    • 3. Advanced Malware is Advanced • Attacks > Defenses • Advanced Attackers > You • Yet you can track the indicators and follow their trail. • But first you need to understand the kill chain.
    • 4. The Kill Chain
    • 5. Defining Endpoint Security
    • 6. Anti-Malware: Protecting Endpoints from Attack
    • 7. The Negative Security Model
    • 8. How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore.
    • 9. Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes
    • 10. You don’t know what malware is going to look like... But you DO know what software should and should not do.
    • 11. Advanced Protection Techniques • Better Heuristics • Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook) • “Application HIPS” • Better Isolation (Sandboxes) • Browser Isolation • O/S Isolation (virtualization) • White Listing (endpoints user experience impact, good for servers) • Endpoint Activity Monitoring • Device Forensics • Retrospective Alerting
    • 12. Endpoint Hygiene: Reducing Attack Surface
    • 13. Endpoint Hygiene
    • 14. Patch Management Process
    • 15. Patch Management Technology Considerations • Coverage (OS and apps) • Library of patches • Intelligence/Research • Discovery • Patch deployment and software removal • Agent vs. agentless • Handling remote devices • Deployment/scalability architecture • Scheduling flexibility
    • 16. Configuration Management Process
    • 17. Configuration Management Technology Considerations • Coverage (OS and apps) • Discovery • Supported standards and benchmarks • Agent vs. agentless • Handling remote devices • Integration with operational processes • Policy exceptions • Who has the “special machines?”
    • 18. Device Control Use Cases • Data Leakage • Data Privacy (Encryption) • Malware Proliferation (Sneakernet)
    • 19. Device Control Process
    • 20. Device Control Technology Considerations • Device support • Policy granularity • Encryption algorithm support • Agent (small footprint) • Hardware keylogger protection • Offline support • Forensics • Grace periods/User override
    • 21. Blurring lines between technologies • Periodic Controls (Patch/Config) with Vulnerability Management & IT Ops • Device Control with Endpoint DLP • Who wants the hot potato? • Accountability and organizational complexities
    • 22. Managing Mobile Endpoint Security
    • 23. Mobile Device Security • Enrollment • Asset Management • OS Configuration • Patching • Connectivity • Identity • Group roles and policies
    • 24. Managing Applications • Authorized applications • Application controls • Built-in apps & 3rd party • Privacy • Regional variations • Balance individual needs with corporate requirements
    • 25. Mobile Data Protection • Remote Wipe • Data Protection • Encryption at rest • Containers
    • 26. Employee-owned devices • Not just mobile devices • Selective enforcement/granularity of policies • Require Anti-malware? • Manage Hygiene?
    • 27. Management Leverage • Starts as stand-alone, eventually bundled in • Single user experience to manage hygiene • Single point to aggregate endpoint logs • Cloud or on-prem management?
    • 28. Endpoint Security Platform Brings it all together into a well oiled machine...
    • 29. Buying Considerations
    • 30. Endpoint Security Platform Buying Considerations • Dashboard • Discovery • Asset Repository Integration • Alert Management • Alert queue • Navigation/workflow • Agent Management • Policy Creation and Management • Baselines/Templates for customization • Alert only policies • System Administration • Reporting
    • 31. To Cloud or Not to Cloud • No server management • Uptime • Multi-tenancy: Data segregation and protection • User experience
    • 32. Buying Process/ Vendor Selection • Buying Process: Define Requirements, Short list, Test/PoC, Test support, Negotiate • Confirm with peer group • Big vs. small vendor • Platform vs. pricing leverage • Research & Intelligence
    • 33. Summary • Don’t forget about the security of endpoint security • Exploitable agents • Weak platform security • Cloud app vulnerabilities • Malware protection remains a cat/mouse game • BYOD/Mobility adds another set of issues to protecting endpoints
    • 34. Read our stuff • Blog • • Research • • We publish (almost) everything for free • Contribute. Make it better.
    • 35. Mike Rothman Securosis LLC Twitter: @securityincite