Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

Like this? Share it with your network

Share

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

  • 646 views
Uploaded on

The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has resulted in sensitive corporate and customer data leaking......

The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has resulted in sensitive corporate and customer data leaking through the corporate firewall, exposing the organization to data loss, data theft and malware propagation. Understanding the powerful data protection tools available to your organization can help you mitigate these risks, while still enabling the flexible and managed use of these productivity devices.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
646
On Slideshare
646
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Best Practices inDevice ControlAn In-Depth Look at EnforcingData Protection Policies PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 2. Today’s Agenda Introduction Augment Your Endpoint Security with Device Control to Protect Your Data • Laying the Groundwork • Preparing for Enforcement • Enforcing Policy • Managing Device Control Q&A
  • 3. Why Device Control Is Important Today’s Endpoint Security Stack Significant Data Loss / Theft Issues AV Device Control Application Control Patch & Configuration Management3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 4. Benefits of Enforceable Device Control Policy Malware Costs Money Data Breaches Cost Money4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 5. Device Control Best Practices Laying the Groundwork Device Managing Preparing for Management Device Control Enforcement Process Enforcing Policy5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 6. Laying the Groundwork
  • 7. Know Your Organization’s Security Profile Permissive Moderate Stringent7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 8. Policy ConsiderationsDevices and Who, WhereConnectionsPermission Types When8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 9. Active Directory Synchronization Schedule9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 10. What Can You Control?Physical Interfaces Wireless Interfaces Device Types• USB • Wi-Fi • Removable Storage Devices• FireWire • Bluetooth • External Hard Drives• PCMCIA • IrDA • CD / DVD Drives• ATA / IDE • Wireless NICs • Floppy Drives• SCSI • Tape Drives• LPT / Parallel • Printers• COM / Serial • Modems / Secondary Network• PS/2 Access Devices • PDAs and other handhelds • Imaging Devices (Scanners) • Biometric Devices • Windows Portable Devices • Smart Card Readers • PS/2 Keyboards • User-Defined Devices10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 11. A Good Device Control Strategy Policy Scope Policy AssignmentsPreferred Entire Device Class ‘Everyone’ Device Collection - Models AD User Group Device Collection - Devices Individual AD User Endpoint Create policies at the Endpoint Group (static) highest level possible Endpoint Group (dynamic)11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 12. Permission Types & Times of Enforcement12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 13. Discovery13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 14. Very Important User Communication Executive Sponsor14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 15. Preparing for Enforcement
  • 16. Creating Policies Work one class at a time For each class Biometric Sensors Do we use these? Can they be managed USB Printers as a single class? What types of DVD/CD permissions? Everyone, User Groups, Removable Storage Users, Endpoints What exceptions need et cetera to be accounted for?16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 17. Device Collections17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 18. Encryption Options • Don’t allow users to encrypt devices and DVD/CD media • Allow users the option to encrypt devices and DVD/CD media • Force users to encrypt devices and DVD/CD media • Encrypted Device Access » Password » User certificate18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 19. Enforcing Policy
  • 20. Phased Rollout• User communication• Start with a small group of users/endpoints• Proceed one device class at a time until all are enforcing your policies• Confirm – monitor, adjust• Expand users/endpoints• Confirm – monitor/adjust• Expand users/endpoints• …20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 21. Managing Device Control
  • 22. Dashboard Widgets Look for anomalies Look for suspicious use or needed policy adjustments22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 23. Temporary Policies23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 24. Temporary Permissions (offline endpoints) Challenge/response tool24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 25. Password Recovery Challenge/response tool25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 26. Adding Individual AD UsersFor exceptions only26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 27. Adding Devices to CollectionsAllowing use of new devices27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 28. More Information• Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network intelligent-whitelisting/buy-now.aspx#5 » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx• Lumension® Device Control » Online Information: http://www.lumension.com/device-control » Free Downloadable Trial: http://www.lumension.com/device-control- software/usb-security-protection/free-trial.aspx28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 29. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com