It's Time to Rethink Your Endpoint Strategy


Published on

Today's IT network is more distributed and virtual than ever with the increased use of remote endpoints and cloud-based applications. And increasingly sophisticated malware is targeting the information stored on and accessed by these endpoints and applications. The security status quo has left organizations managing a multitude of products – and has not reduced the IT risk. This series examines the evolving threat landscape, why current defenses are decreasing in effectiveness and what key strategies you can implement to shift from the status quo and improve security from zero-day and targeted attacks, while also simplifying and reducing the costs of managing the endpoint environment.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • $7.2 million per breach$214 per record
  • Vulnerabilities affecting a typical end-user PC from 2007-2009 almost doubled from 220 to 420 and its expected to double again in 2010 (Secunia Half Year Report 2010)A PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. (Secunia Half Year Report 2010)Discover: Gain complete visibility of all IT assets, both managed and unmanaged.Assess: Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.Prioritize: Focus on your most critical security risks first.Remediate: Automatically deploy patches to an entire network per defined policy to support all OS’s and applications.Report: Provide operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
  • Stuxnet changed the risk landscapeMulti vector attack routesPhysical entry via USB port4 zero day vulnerabilities exploitedFrom espionage to sabotage50% of IT professionals cite endpoint complexity as #1 risk factor3-5 Consoles used in the day to day management of IT Operations and Security workflows, and 3-6 agents per endpointMalware has increased by 500% and major AV firms are falling behind on documenting known signatures.11M malware signatures identified monthlyNearly 90% of vulnerabilities could be exploited remotely 2.19 new vulnerabilities are released per day. 3Average cost of a data breach $6.75M. 470% of all serious data incidents sparked by an insider. 5
  • Core security defense is still blacklistingPatch is someone else’s issue (IT ops)
  • 49% of endpoint TCO is associated with security and operational management** Complex system managementDecreased endpoint performance and lack of scalability-Agent BloatCostly integration, and maintenance Limited visibility and collaboration
  • The First 6 months of 2010 was the most active malware creation in history: Over 10Million samplesMore than 1.5M malware samples are identified each month.57,000 new malware websites are created every weekObfuscationVirus Trojan-USB MediaDedicated WebsiteSemi Legitimate Web PagesTargeted-Intellectual PropertyOn average AV vendors detect less than 19% of malware attacks*
  • Key strategies to improve endpoint security and reduce complexity in the new threat environment.1. Rethink Endpoint Security – to address from the outside in as opposed to inside out. What does this mean? Instead of focusing solely on the datacenter, endpoints, mobile devices, third party apps and users have become the vulnerability points to get at sensitive information.2. Shift from threat based approach to one based on trust. Balances the old axiom of more security equals less productivity to “who do I need to empower and at what level of trust?”3. Depth in defense – no holy grail. No single one technology can address risk.4. Reduce complexity through integration and standardization – that’s the value of the LEMSS platform.5. People, policy and technology all must play into your security strategy. Policy without technology is useless. People without process is chaos. Technology that doesn’t support people is not operational/functional.
  • On top of defense-in-depth, time to shift from threat-centric approach to one based on trust….
  • Defense in Depth StrategyAddress the core IT Risk with Patch & Configuration ManagementStop unwanted / untrusted change with Application ControlProtect against insider risk Device ControlDeploy a broad defensive perimeter with AntiVirusReduce endpoint complexity with an Endpoint Management and Security Suite
  • I have given you sense of the shifts taking place in the endpoint environmenthow we need to change our approach to endpoint management and security what Lumension vision is and the steps we are already taking
  • It's Time to Rethink Your Endpoint Strategy

    1. 1. RETHINKINGYour Endpoint Security Strategy<br />Paul Henry | Security and Forensics Analyst<br />
    2. 2. The Threat Landscape has Evolved…<br />
    3. 3. Shift in Information that is Targeted<br />Market for stolen data is saturated<br />Then - Stolen personally identifiable information sold on the black market for up to $15 per record<br />Now - Credit card data has dropped to about 20 cents per record<br />New, more valuable target is now intellectual property (IP)<br />Revenue-generating information<br />Much larger impact and value – organization versus individuals<br />3<br />
    4. 4. Data Breaches Impact Your Bottom Line<br />4<br />
    5. 5. No Longer a Microsoft World<br /><ul><li>Then-Priority on patching servers and Windows O/S
    6. 6. Now-PC and 3rd party apps are the biggest source of enterprise risk</li></ul>5<br />
    7. 7. Continued Increase of Cyber Crime<br />Rise in malicious attacks<br /><ul><li>Root cause of 31% of the data breaches studied (up from 24% YoY)*</li></ul>Cyber attacks impact business<br />97% of respondents consider cyber attacks as the most severe threat to their ability to carry out their missions<br />Harder to detect and more difficult to contain and remediate<br />Financially motivated cyber criminals<br />* Ponemon Institute, Annual Cost of Data Breach 2011<br />6<br />
    8. 8. Rising Cyber Terrorism… Impact of WikiLeaks<br />7<br />
    9. 9. The Reality of Advanced Persistent Threats<br />More Sophisticated Threats Leveraging Multiple Attack Vectors<br /><ul><li>Zero-day and third party application vulnerabilities
    10. 10. Physical access through data ports
    11. 11. Web-based attacks through the browser</li></ul>The Rise of APTs… <br /><ul><li>Highly targeted, constantly evolving, custom-developed malware
    12. 12. Sony
    13. 13. Stuxnet
    14. 14. RSA</li></ul>8<br />
    15. 15. APT Example… Stuxnet<br />9<br />
    16. 16. Trusted Insiders Open the Door to Risk<br />Negligence remains the most common threat - and an increasingly expensive one<br /><ul><li>Negligence is root cause of 41% of the data breaches studied – the #1 cause*
    17. 17. Social media opens the door to even more risk of social engineering
    18. 18. The applications we use for productivity open networks and information to risk
    19. 19. Removable devices provide easy access, data mobility and… risk if not managed</li></ul>* Ponemon Institute, Annual Cost of Data Breach 2011<br />10<br />
    20. 20. Security Status Quo is No Longer Effective<br />
    21. 21. The New Endpoint Reality<br />Security Best Practices Still Not Universally Followed<br /><ul><li>Patch and configuration management
    22. 22. Data protection practices
    23. 23. User rights management</li></ul>Ineffectiveness of Anti-Virus<br /><ul><li>Increasing malware sophistication
    24. 24. Only19% of new malware is detected on first day
    25. 25. 50% of IT professionals point to malware as the leading cause of rising endpoint TCO</li></ul>12<br />
    26. 26. Traditional Endpoint Security Strategy<br />Traditional “Threat Centric” Endpoint Security<br />Is No Longer Relevant <br />“Basic security protection is not good enough.” Rowan Trollope SVP<br />BlacklistingAs The Core Endpoint Protection<br />Volume of Malware<br />“You can’t just rely on antivirus software – and we’re an antivirus company.” George Kurtz Worldwide CTO<br />Zero Day<br />MalwareAs a Service<br />3rd Party Application Risk<br />13<br />
    27. 27. Challenges of Endpoint Management<br />IT Operations<br />IT Security<br />Lack of integration across technologies is the<br />#1 IT security risk*<br />Challenges<br />Challenges<br /><ul><li>Lack of common management console
    28. 28. Increasing agent bloat
    29. 29. Increasing and costly back-end Integration
    30. 30. Lack of visibility and collaboration with IT security
    31. 31. Need for better accuracy
    32. 32. User access rights (Local Admin)
    33. 33. Lack of scalability
    34. 34. Silos and insufficient collaboration between IT and business operations* </li></ul>*Worldwide State of The Endpoint Report 2009<br />14<br />
    35. 35. What’s the Impact to Your Business?<br />
    36. 36. Complex IT Environment is Costly to Manage<br />Multiple Consoles<br /><ul><li>3-6 different consoles on average</li></ul>Agent Bloat<br /><ul><li>Increasing malware sophistication</li></ul>Lack of Control<br /><ul><li>54% of IT security pros cite managing security complexity as #1 challenge
    37. 37. Decreasing visibility – disparate data
    38. 38. Ad-hoc monitoring of security posture</li></ul>Increasing TCO of Point Technologies<br /><ul><li>Integration and maintenance</li></ul>Lumension Global State of The Worldwide Endpoint 2009<br />16<br />
    39. 39. Lack of Enterprise-Wide Visibility<br />Management and visibility in silos hurts effectiveness and efficiency<br /><ul><li>What endpoints are online/offline?
    40. 40. What apps are being used?
    41. 41. What devices are being used?
    42. 42. What user actions are concerning?
    43. 43. How is data being used?</li></ul>17<br />
    44. 44. Increased Complexity & Risk. Increasing Cost<br />Malware Signatures<br />Increasing Malware<br />Fractured Visibility<br />Complex Technology<br />Endpoint <br />TCO<br />Current Endpoint Security Effectiveness<br />2007:<br /> 250K Monthly<br />Malware Signatures Identified<br />2011: <br />2M Monthly <br />Malware Signatures Identified<br />18<br />
    45. 45. Traditional Balancing Act<br />19<br />security<br />productivity<br />Vs.<br />
    46. 46. Shift to a New Endpoint Security Approach<br />
    47. 47. Key Strategies<br />…to improve endpoint security and reduce complexity<br />Rethink Endpoint Security from the Outside In<br />Shift from “Threat-Centric” to “Trust-Centric” Approach<br />Implement Defense-in-Depth Strategy<br />Reduce Complexity through Integration and Standardization<br />People, Policy and Technology Must All Play a Role in Your Strategy<br />21<br />
    48. 48. Strategy 1: Rethink Endpoint Security<br />Data has effectively moved away from the data- center to a borderless endpoint <br />Cloud-based Computing<br />Remote Offices & Subsidiaries<br />Mobile Endpoints<br />WAN<br />Internet<br />Start to view your IT security requirements from the outside-in and not the inside-out<br />Corporate HQ<br />Data Center<br />22<br />
    49. 49. Strategy 2: Shift to Trust-Centric Security<br />THREAT<br />CENTRIC<br />TRUST<br />CENTRIC<br />
    50. 50. Strategy 3: Implement Defense-in-Depth<br />24<br />Traditional Endpoint Security<br />Defense-in-Depth<br />AntiVirus<br />Device Control<br />Device Control<br />Application Control<br />Application Control<br />BlacklistingAs The Core<br />Patch & Configuration<br />Mgmt.<br />Volume of Malware<br />Zero Day<br />3rd Party Application Risk<br />MalwareAs a Service<br />
    51. 51. Strategy 4: Reduce Endpoint Complexity<br />Effective <br />but not Efficient<br />Effective <br />AND Efficient<br />Many Consoles<br />IT Control<br />Made Simple<br /><ul><li>Agile platform architecture
    52. 52. Reduced integration and maintenance costs
    53. 53. Improved endpoint performance
    54. 54. Holistic endpoint visibility</li></ul>Single<br />Console <br />Agile architecture<br />Disparate Architecture<br />Single Promotable Agent<br />Many<br />Agents<br />25<br />
    55. 55. All three are dependent on each other for <br />effective and operational endpoint security.<br />Strategy 5: People, Policy and Technology<br />26<br />policy<br />technology<br />people<br />
    56. 56. Summary<br />
    57. 57. Shift to New Endpoint Management Approach<br />28<br />Threat centric <br />Point products <br />Multiple consoles<br />Multiple agents<br />Ad hoc processes<br />Reactive signatures<br />Ad hoc auditing<br />Compliance<br /><ul><li>Trust centric
    58. 58. Integrated platform
    59. 59. Single console
    60. 60. Single agent
    61. 61. Standardized processes
    62. 62. Proactive, real time
    63. 63. Continuous monitoring
    64. 64. IT Risk management</li></li></ul><li>Lumension: Leading the IT Security Shift<br />Market Leader<br />Agile Platform Architecture<br />Best-of-Breed Functionality<br />Global Footprint<br />Strong Customer and Partner Ecosystem<br />Deloitte 500 & Inc. Magazine 500 Fast Growth Leader<br />29<br />
    65. 65. Q&AFor more information come visit us at Booth #19 during these show hours:Tuesday, June 2111:45 a.m. – 1:45 p.m.Wednesday, June 22 12:00 p.m. – 1:30 p.m. <br />
    66. 66. Global Headquarters<br />8660 East Hartford Drive<br />Suite 300<br />Scottsdale, AZ 85255<br />1.888.725.7828<br /><br />