Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Management Overview


Published on

Mobility is a fact of organizational life, and administrators have a business imperative to make their end users as productive on the go as they are in the office. But mobile productivity can't come at the expense of security. Attend this session to learn about Novell ZENworks Endpoint Security Management and its role in enabling secure mobile productivity. Keeping your network safe, your data protected and you users productive is more important than ever. Learn how you do all three with comprehensive and centralized endpoint security management solutions from Novell.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Management Overview

  1. 1. Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Management Overview ® ® Ross Chevalier CTO Americas, President Novell Canada Novell, Inc /
  2. 2. Agenda What is Endpoint Security Management? How are you handling the market reality? Use cases What's in ZENworks Endpoint Security ® Management today Discussion around how to get started 2 © Novell, Inc. All rights reserved.
  3. 3. Endpoint Security Management
  4. 4. It's All About Balance Flexibility Control 4 © Novell, Inc. All rights reserved.
  5. 5. Seeing Reality • The workforce has become mobile – At the enterprise level, laptops have surpassed desktop deployments – Wireless NICs are standard on new PCs and wireless networks have proliferated – Mobility increases productivity and agility • What is the key requirement to enable mobility? – Remote access to data, which can be either locally stored or accessed via the Internet • A polar relationship – Increased agility and productivity requires moving data to the endpoint or providing remote access to the data, which increases risks and their associated costs. 5 © Novell, Inc. All rights reserved.
  6. 6. Are Your Endpoints Secure? of organizations said they would never 83% be able to prove if contents of a laptop were encrypted if a data breach occurred.1 Percentage of employees who say they copy sensitive or confidential information onto a USB memory stick.1 69% How much more expensive it can be to 20X fix a data breach than it is to invest in PCI compliance from the very start.3 Cost to replace a lost laptop (e.g., cost of data breach, lost IP, lost productivity, and legal and regulatory expenses).1 $49,000 1 – Ponemon, “The Human Factor in Laptop Encryption”, December 2009 2 – Ponemon, “Trends in Insider Compliance with Data Security Policies”, June 2009 3 – Solidcore Systems, Emagined Security, Fortrex, “PCI Compliance Cost Analysis”, December 2007 4 – Ponemon, “The Cost of a Lost Laptop”, April 2009 6 © Novell, Inc. All rights reserved.
  7. 7. Data Breach Sources 7 © Novell, Inc. All rights reserved.
  8. 8. Endpoint Security Considerations • Data - Information that is stored on and/or accessed by a computer • Access - The methods and controls for an endpoint’s communications • Device - The settings and states of the endpoint Data Protection + Access Control + Device Health = Endpoint Security 8 © Novell, Inc. All rights reserved.
  9. 9. The Pieces to Consider 9 © Novell, Inc. All rights reserved.
  10. 10. Mitigating Risk Case 1 • You have mobile users who use a variety of different network services to connect back to head office • Wireless security training is “unheard” • You need to be able to control both connection and in-stream security when many of these networks are not secure • The corporate firewalls don't exist when people are remote 10 © Novell, Inc. All rights reserved.
  11. 11. 11 © Novell, Inc. All rights reserved.
  12. 12. 12 © Novell, Inc. All rights reserved.
  13. 13. 13 © Novell, Inc. All rights reserved.
  14. 14. 14 © Novell, Inc. All rights reserved.
  15. 15. 15 © Novell, Inc. All rights reserved.
  16. 16. Mitigating Risk Case 2 • The removable storage conundrum • Users get access readily to all kinds of storage options – Most are “invisible” • Could result in data leakage or external infections • Turning off the USB ports is a non-starter • Need to be able to control which USB devices can be connected and active 16 © Novell, Inc. All rights reserved.
  17. 17. 17 © Novell, Inc. All rights reserved.
  18. 18. 18 © Novell, Inc. All rights reserved.
  19. 19. Mitigating Risk Case 3 • Mobile user may install or “get installed” applications that you don't want to gain access to the system or applications you don't want to run at all • User must retain some level of administrative authority, because it's Windows and too many things break when administrative authority is removed • User may “help” by disabling or uninstalling critical software required by the company 19 © Novell, Inc. All rights reserved.
  20. 20. 20 © Novell, Inc. All rights reserved.
  21. 21. 21 © Novell, Inc. All rights reserved.
  22. 22. 22 © Novell, Inc. All rights reserved.
  23. 23. 23 © Novell, Inc. All rights reserved.
  24. 24. 24 © Novell, Inc. All rights reserved.
  25. 25. Looking at ZENworks® Endpoint Security Management
  26. 26. ZENworks Endpoint Security Management: ® Unparalleled Security AD // eDirectory Integrated Central Control and Reporting ™ Application Connectivity Storage/Copy Integrity Control Advanced Control Control Control Firewall Control Deny: Control: Allow / deny use Ensure anti- NDIS-layer of thumb drives, virus, anti- Firewall –Undesired –All hw ports etc. spyware, etc. apps –Wi-fi access Stateful with Allow only Enforce any –Network ACL support Enforce VPN approved custom VB or access for thumbdrives Java Script No end-user specific apps Encrypt input req’d Quarantine via thumbdrive firewall block and/or disk folder Location-Aware, Self-Defending, Online/Offline Client 26 © Novell, Inc. All rights reserved.
  27. 27. Certifications • The only endpoint security enforcement solution with both patented technology and key U.S. government and industry certifications: – FIPS 140-2 Certified Cryptomodule – AES Encryption – Common Criteria EAL 4+ Certification (strongest in the space) – IPv6 Compliant – Microsoft WHQL Certified > Windows Hardware Quality Labs 27 © Novell, Inc. All rights reserved.
  28. 28. Summary of Benefits • Increase agility and productivity while managing associated risk • Protect data on the endpoint and accessed by the device • Protect system health–increase user up time and productivity • Decrease overhead – single console for configuration, management, reporting/alerts – single agent for security enforcement • Targeted enforcement to address specific issues • Centralize security decisions • Enforcement can not be circumvented 28 © Novell, Inc. All rights reserved.
  29. 29. The Other Piece of the Puzzle Network Access Control
  30. 30. Also For Consideration: ZENworks Network Access Control ® • Purpose-built network access control engine – Fast endpoint testing; minimal impact on network • Tests all categories of end users – Internal, visitors, contractors, home and mobile users, range of OSs and versions • Multiple endpoint testing options – Agent-less (via RPC), ActiveX, Persistent agent • Multiple enforcement options – 802.1x, DHCP, Endpoint-based, Inline, Cisco NAC • Testing depth: hundreds of off-the-shelf tests • Enterprise scalable – Hundreds of thousands of endpoints 30 © Novell, Inc. All rights reserved.
  31. 31. Network Access Control: Internal, Pre-connect Security is The Priority • The majority of security incidents are the result of internal actions • For the majority of respondents, pre-connect NAC is a priority over post-connect NAC Security Incidents High Priority NAC 100% 100% 90% 90% 80% 80% 70% 70% 60% 60% 50% 50% 40% 40% 80% 30% 61% 30% Pre-Connect 20% Internal 39% 20% 10% Perimeter 10% 20% 0% 0% Post-Connect Source: PricewaterhouseCoopers Source: Gartner 31 © Novell, Inc. All rights reserved.
  32. 32. Flexible Testing + Flexible Enforcement = Full Coverage Testing and Enforcement Options for Coverage of all Endpoints Your Network LAN Connected Branch Office Remote-VPN, RAS Wireless Visitor/Contractor Novell NAC ® Testing Options Enforcement Options Enforcement Agent-less ActiveX Agent Inline Endpoint 802.1x DCHP Through Cisco's NAC architecture Control (VPN) Based 32 © Novell, Inc. All rights reserved.
  33. 33. Where to Start?
  34. 34. Questions and Answers
  35. 35. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.