Developing Best Practices to Application Whitelisting: An In-Depth Technical Discussion

1,360 views
1,095 views

Published on

As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary – but not sufficient – layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term. View these slides to learn the recommended steps to check unknown executables on your endpoints as we dive into a technical discussion of what the critical items to address:

* Prepare – properly laying the groundwork for implementing application whitelisting is crucial to ultimate success.
* Lockdown – preventing unwanted or dangerous changes while providing necessary flexibility to support business needs.
* Manage – maintaining the environment as application, end user and business needs develop.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,360
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Developing Best Practices to Application Whitelisting: An In-Depth Technical Discussion

  1. 1. Developing BestPractices forApplicationWhitelistingAn In-Depth Technical Webcast
  2. 2. Today’s Agenda Introduction Augment Your Defenses to Mitigate Zero-Days, with Lessons Learned from the Field • Laying the Groundwork • Creating Policies • Protecting Endpoints • Managing the Environment Q&A
  3. 3. Today’s Panelists Douglas Walls David Murray Chief Information Officer Sr. Product Manager EMSolutions, Inc. Lumension3
  4. 4. Why Application Whitelisting Is Important AVERAGE detection rate after 30 days = 62% Today’s Endpoint Security Stack Sources of Endpoint Risk AV 5% Zero-Days Device Control 30% Application Missing Patches Control 65% Patch & Configuration Management Misconfigurations4
  5. 5. Benefits of a Solid Whitelisting ProcessMalware Costs Money Controlled Change is Good © Creative Commons / Kevin Dooley5
  6. 6. Application Whitelisting Best Practices Laying the Groundwork Application Managing the Creating Whitelisting Environment Policies Process Protecting Endpoints6
  7. 7. Laying the Groundwork
  8. 8. Groundwork | Policies | Lockdown | ManagementClean Avoid End User Disruption • No need to reimage • Off-hours, thorough scan to remove known malware8
  9. 9. Groundwork | Policies | Lockdown | ManagementScan9
  10. 10. Groundwork | Policies | Lockdown | ManagementOrganize10
  11. 11. Groundwork | Policies | Lockdown | ManagementDenied Apps Eliminate unknown or unwanted applications on your endpoints User Endpoint ViewAdmin Console ViewPrevent applications from executingeven while endpoints are in monitormode only11
  12. 12. Creating Policies
  13. 13. Groundwork | Policies | Lockdown | ManagementTrusted UpdaterAutomated whitelist maintenance reduces workload13
  14. 14. Groundwork | Policies | Lockdown | ManagementTrusted PublisherAutomated whitelist maintenance reduces workload14
  15. 15. Groundwork | Policies | Lockdown | ManagementTrusted PathAutomated whitelist maintenance reduces workload15
  16. 16. Groundwork | Policies | Lockdown | ManagementMonitor Stabilize Whitelist Maintenance • Full visibility into unaccounted for changes (good and bad) • Accommodate variations • Reduce maintenance workload16
  17. 17. Groundwork | Policies | Lockdown | ManagementLocal Authorization Effectively Balance Security and Productivity • End user flexibility • “Third Way” between Monitor and LockdownAdmin Console View User Endpoint View17
  18. 18. Protecting Endpoints
  19. 19. Groundwork | Policies | Lockdown | ManagementEnforce Easy Transition • Minimize disruption • Provide flexibility • Minimize workload19
  20. 20. Groundwork | Policies | Lockdown | ManagementFine-TuneThink Globally, Act Locally• Harmonize where appropriate• Anticipate future needs20
  21. 21. Managing the Environment
  22. 22. Groundwork | Policies | Lockdown | ManagementControl Is this a Known Bad? Should my Is this a users have this? Known Good? What is trying to install this? Is this Unwanted? Who wrote this? Where did this come from?22
  23. 23. Groundwork | Policies | Lockdown | ManagementAdaptDevelop processes• Changes in environment• Changes in end user needs• Changes in business needsCreate flexibility to balancesecurity with productivity acrossentire organization © Creative Commons / Bruce Tuten23
  24. 24. Q&A
  25. 25. More Information• Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network intelligent-whitelisting/buy-now.aspx#7 » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx• Lumension® Intelligent Whitelisting™ » Online Demo Video: http://www.lumension.com/Resources/ Demo-Center/Endpoint-Security.aspx » Free Trial (virtual or download): http://www.lumension.com/ intelligent-whitelisting/free-trial.aspx25
  26. 26. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com

×