• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
20090106c   Presentation   Custom
 

20090106c Presentation Custom

on

  • 382 views

Application Whitelisting for Endpoint Security

Application Whitelisting for Endpoint Security

Statistics

Views

Total Views
382
Views on SlideShare
368
Embed Views
14

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 14

http://www.linkedin.com 13
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    20090106c   Presentation   Custom 20090106c Presentation Custom Presentation Transcript

    • Security and Control for Critical Infrastructure Introduction to BOUNCER by CoreTrace™ January 2009 ©2009 CoreTrace Corporation. All rights reserved.
    • Introduction to CoreTrace CoreTrace protects critical environments with high-security, easy change application whitelisting. • CoreTrace is one of “Top 10 Security Companies to Watch in 2009.” Industry • BOUNCER named one of “Best Security Solutions.” Accolades • Bouncer earns an “A” grad. Customers ©2009 CoreTrace Corporation. All rights reserved.
    • Today’s Endpoint Control Challenges ©2009 CoreTrace Corporation. All rights reserved.
    • Traditional Endpoint Security Reactive response to new malware User Actions Vulnerabilities Reactive discovery of unauthorized Compliance Reqs applications Malware Unauthorized Apps ... Reactive and rushed patching of new vulnerabilities Reactive recovery from malicious or accidental user actions Reactive efforts to meet compliance requirements ©2009 CoreTrace Corporation. All rights reserved.
    • NERC Compliance Responsible entity shall: Limit ports and services to those required Document implementation of security patches or have compensating control Prevent malicious software Monitor events, preventing unauthorized change to systems (CIP-007-R2, R3.2, R4, R6) Challenges Feasibility Cost True benefit to security of critical infrastructure ©2009 CoreTrace Corporation. All rights reserved.
    • Example: Tennessee Valley Authority WASHINGTON (CNN) — The nation's largest publicly owned utility company may be vulnerable to cyber attacks, according to a new report. May 21, 2008 Government watchdog agency findings: Firewalls have been bypassed or are inadequately configured Passwords are not effective Servers and workstations lack key patches and effective virus protection Intrusion-detection systems are not adequate ©2009 CoreTrace Corporation. All rights reserved.
    • Fundamental Shift in Endpoint Control Offerings Application Whitelisting “Trusted Change” Only allow KNOWN Transparently add and approved applications new applications or upgrades to execute. to whitelists. ©2009 CoreTrace Corporation. All rights reserved.
    • Kernel-Level Application Whitelisting Whitelisted Rogue “BOUNCER User Space Application Application stopped 100% of the entered viruses while traditional Kernel Space / OS blacklist-based antivirus solutions detected an average of 60%.” System Resources Simon Howard DEFCON 16 Race to Zero” Enforce a whitelist of approved applications only Organizer Enable dynamic updates to whitelist from trusted sources Provide memory protection Utilize minimal system resources ©2009 CoreTrace Corporation. All rights reserved.
    • “Trusted Change”: Easy, Immediate, and Ongoing Endpoint Control Establish Deploy Auto-Generate Trust Models in BOUNCER Client to Custom Whitelist Administrator Console Multiple Endpoints for Each Endpoint Trusted Updater: SMSAdmin.exe Trusted Application: Project.msl Automatically Enforce Whitelist Trusted Network Share: (Stopping Unauthorized servershare Applications & Malware) Trusted User: CORPTomJ Update Custom Whitelist for New Trusted Digital Certificate: Trusted Applications Microsoft Windows Report on Security or Configuration Issues ©2009 CoreTrace Corporation. All rights reserved.
    • The Benefits of Shifting the Focus Proactive elimination of all malware Proactive elimination of unauthorized applications Measured and well-tested patching Approved Applications Proactive elimination of malicious or accidental user actions Reduction of Help Desk requests and reimaging efforts Automatically meet compliance requirements ©2009 CoreTrace Corporation. All rights reserved.
    • Enabling CIP Compliance with BOUNCER Limit ports and services to those required BOUNCER controls network access within the operating system, limiting ports and protocols. Document implementation of security patches or have compensating control BOUNCER provides compensating control for systems where patching is not possible, practical, or affordable and protects systems in legacy environments. Prevent malicious software BOUNCER prevents all unauthorized change, including all malware — such as zero-day attacks, rootkits, buffer overflows, etc. Monitor events and prevent unauthorized change to systems BOUNCER provides monitoring and reporting of events and attack attempts. ©2009 CoreTrace Corporation. All rights reserved.
    • Case Study: City Public Service Energy (CPS Energy) ✘Difficulty in running and updating antivirus ✘Unable to patch consistently due to legacy systems Problem ✘Need to enforce configuration control ✘Need to protect and control systems for NERC-CIP compliance ✔ Protect all Windows systems in SCADA control environments ✔ Provide compensating control for regulatory and audit Solution requirements ✔ Ensure security between patching opportunities and on legacy system Increase system reliability Compliance with applicable NERC-CIP requirements Benefits Able to use a single solution across platforms and requirements ©2009 CoreTrace Corporation. All rights reserved.
    • BOUNCER Technical Overview & Demonstration ©2009 CoreTrace Corporation. All rights reserved.
    • BOUNCER Is a Turnkey Application Whitelisting Solution Three-tiered secure, scalable infrastructure Secures: Desktops, laptops, and servers Fixed, mobile, or disconnected systems Low-impact on endpoint performance Multi-platform: Windows NT 4, 2000, XP, Server 2003 Solaris 7-10 Windows Server 2008/Windows Vista (Q2CY09) Patented kernel-based network security infrastructure ©2009 CoreTrace Corporation. All rights reserved.
    • Unique Capabilities of BOUNCER “Trusted Change” that leverages your EXISTING change processes and technologies Secure, tamper-proof architecture Auto-generated whitelists accelerate deployment Extended security platform (e.g., memory protection, network filtering) Multi-platform coverage ©2009 CoreTrace Corporation. All rights reserved.
    • Summary BOUNCER directly addresses three major endpoint challenges: Security Manageability Compliance BOUNCER simplifies endpoint control by: Ensuring that only approved applications can execute Enabling transparent additions of new applications or upgrades to the whitelist BOUNCER provides significant benefits: Proactively eliminates malware & unauthorized applications Enables measured and well-tested patching Proactively eliminates malicious or accidental user actions Reduce Help Desk requests and reimaging efforts Helps automatically meet compliance requirements ©2009 CoreTrace Corporation. All rights reserved.