Shift to IntelligentEndpoint SecurityManagementAndris SorokaData Security Solutions, andris@dss.lvRiga, Latvia24th of Nove...
Lumension Security business card                • Offices Worldwide + Strong Partner Base (500+)                • More tha...
Portfolio – ANNO 1991      Endpoint                Vulnerability                 Endpoint                  Data           ...
Agenda »Traditional Endpoint Security – threats, driversRecent/Upcoming Product Releases Security »Evolutions and shifts i...
Business Drivers and Threats     The Endpoint Security Landscape
Security TodayGeneral Categories• Financially Motivated » Bank Accts, Passwords, etc. » Identity Theft » Insiders• Intelle...
Threats and solutions of Security Today
Endpoint Security Today – most importantReality check• Weakest link - endpoint » 70% of incidents are caused on   the endp...
Today’s business environment» IT continues taking the lead in business (ERP,  CRM, document management, digital  prototypi...
Every technology is vulnerable
Not a Microsoft world anymore..Apple & Adobe two of the top three applications disclosing vulnerabilitiesApple and Linux t...
Endpoints are at risk every day  The applications we use today for productivityCollaborative / Browser-based / Open Source...
Growing Application Centric Risk                » Social networking applications were                  detected in 95% of ...
Growing Device Centric Risk                » Over 70% IT security incidents are                  caused by insider’s devic...
Endpoint Security TodayTraditional Defenses …• Antivirus• Patching Microsoft OS and Apps• Firewalls• Strong Passwords• End...
Summary of Endpoint threats                  Where Traditional Defenses Fall                  Short                  • Ris...
Results of threats                     We end up with -                     • There are Internet shops full of credit     ...
Some examplesFBI warns USA Congress that cybercriminals can hack anyinternet-linked systemGordon M. Snow, assistant direct...
Endpoint Security Today “Organizations are looking to application control solutions to augment signature-based antivirus p...
Endpoint Security Today Organizations do not feel more secure        than they did last year.   This is mainly due to the ...
Quotes from AV vendors Basic security protection         “You can’t just rely on   is not good enough,”           antiviru...
Changes of the traditional Endpoint Security            The Past, The Present and The Future
Endpoint Security – vendors and scope
Patching is the security priority•The top security priority is “patching client-side software”1 » Streamline patch managem...
Importance of Application Whitelisting• Blacklist (AV)        • Application Control       • Whitelist  » Detect, block and...
Endpoint Security requirements» Antivirus / Anti-malware» HIPS / File Integrity monitoring» Firewall / VPN» Encryption (wh...
Endpoint Security TodayPoint products tax IT resources with additional administration burden, custom     integration & mai...
Lumension Endpoint Management Security             Suite 2011             Introducing: Application Intelligent Whitelistin...
LEMSS 2011 – one agent platformL.E.M.S.S.: Patch and RemediationL.E.M.S.S.: Security Configuration ManagementL.E.M.S.S.: W...
LEMSS – principle of work
Clean IT» Role of AntiVirus                         » Features of AntiVirus  » Remove malware prior to lockdown          »...
Lock IT» Role of Application Control               » Features of Application Control  » Fast and easy policy definition   ...
Trust IT» Role of Patch & Remediation        » Features of Patch & Remediation  » Software and Patch                » 20 y...
Lumension Intelligent Application Whitelisting  Unifies workflows and technologies to deliver enhanced capabilities in the...
Lumension Intelligent Endpoint Integrity Service                            • Cloud repository that correlates files, hash...
Lumension Device Control     L.E.M.S.S.: Device Control• Central Control of ALL desktop I/O Devices   » USB Removable Medi...
Lumension Device Control                                  Supported Device Types:                                  • Biome...
Improving Endpoint Security with LEMSS   (Lumension Endpoint Management Security Suite)
Minimize Your True Endpoint RiskAugment existing defense-in-depth tools » Comprehensive Patch and                         ...
Minimize Your True Endpoint RiskRapid Patch and Configuration                               Areas of Risk                 ...
Stop Malware Payloads with App WhitelistingAntivirus                                          Apps                  Malwar...
Stop Unwanted ApplicationsImmediate and simple risk mitigation                                   Denied Application Policy...
Reduce Local Administrator RiskMonitor / Control Local Admin Usage• Local Admins can do ANYTHING on their systems » Instal...
Manage those Devices               Enforce Access                   Policy             Enforce Encryption                 ...
EncryptionEndpoints (Whole Disk)               Removable Devices• Secure all data on endpoint        • Secure all data on ...
Defense-in-Depth with Intelligent Whitelisting                Known   Unknown   Unwanted,      Application       Configura...
A Complete Defense With Lumension                       Anti-Malware      Firewall / IPS                                  ...
Improving Endpoint SecurityFirst in market solution » Single Server / Management Console » Single Agent                   ...
Real time risk & compliance manager                                                                  Regulation Authority ...
More InformationSMB Security Series                              SMB Market Survey » Resource Center:   http://www.lumensi...
Please consider next steps• Lumension® Intelligent Whitelisting™ » Overview   •   www.lumension.com/Solutions/Intelligent-...
Global Headquarters15880 N. Greenway-Hayden LoopSuite 100Scottsdale, AZ 85260andris.soroka@dss.lvGSM: +371 29162784
Upcoming SlideShare
Loading in …5
×

DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whitelisting - Riga NOV 2011

1,019 views

Published on

Presentation from "DSS" organized ITSEC conference on 24th of November, RIga, Latvia.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,019
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whitelisting - Riga NOV 2011

  1. 1. Shift to IntelligentEndpoint SecurityManagementAndris SorokaData Security Solutions, andris@dss.lvRiga, Latvia24th of November, 2011
  2. 2. Lumension Security business card • Offices Worldwide + Strong Partner Base (500+) • More than 6000 customers in 70 countries • More than 5 million endpoints protected • Award-Winning Innovator
  3. 3. Portfolio – ANNO 1991 Endpoint Vulnerability Endpoint Data Compliance and Operations Management Protection Protection IT Risk ManagementPower Management Vulnerability Assessment AntiVirus/Malware Device Control Compliance-Control MappingLicense Monitoring Patching and Remediation Malware Remediation Data Encryption Continuous MonitoringApplication Deployment Security Configuration Application Control- Whole Disk Encryption Management Whitelsiting Control HarmonizationAsset Identification and Content FilteringInventory X-Platform Content Application Identity & IT Risk Assessment Support Assurance Data DiscoveryContract Management Deficiency Remediation
  4. 4. Agenda »Traditional Endpoint Security – threats, driversRecent/Upcoming Product Releases Security »Evolutions and shifts in Endpoint Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker »Lumension LEMSS – the innovative platform » Device Control » Application Control » Antivirus » Whole Disk Encryption » Patch & remediation and more
  5. 5. Business Drivers and Threats The Endpoint Security Landscape
  6. 6. Security TodayGeneral Categories• Financially Motivated » Bank Accts, Passwords, etc. » Identity Theft » Insiders• Intellectual Property Theft• Hacktivists » IP / Customer data » Denial of Service » Reputational Damage
  7. 7. Threats and solutions of Security Today
  8. 8. Endpoint Security Today – most importantReality check• Weakest link - endpoint » 70% of incidents are caused on the endpoint » >2 million unique malware samples every day » On average lifetime of a malware is less than 24 hours » Traditional defense is not enough
  9. 9. Today’s business environment» IT continues taking the lead in business (ERP, CRM, document management, digital prototyping etc.)» Development of e-World continues (B2B, B2C, e-Services, e-Government, e-Health, social networking, Web 2.0, unified communications etc.)» Consumerization, mobility and borderless enterprise is a reality» Cyber culture grows faster than cyber security (as well – not all countries have compliance, regulas or penalties)
  10. 10. Every technology is vulnerable
  11. 11. Not a Microsoft world anymore..Apple & Adobe two of the top three applications disclosing vulnerabilitiesApple and Linux two of the top three reporting vulnerabilitiesVirtualization vulnerabilities have grown in total # in recent yearsThe cycle from vulnerability to worm is shortening dramatically – puttingincreasing pressure on IT departments to remediate vulnerabilities faster thanever.
  12. 12. Endpoints are at risk every day The applications we use today for productivityCollaborative / Browser-based / Open Source Source: Verizon, 2010 Data Breach Investigations Report Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.
  13. 13. Growing Application Centric Risk » Social networking applications were detected in 95% of organizations. » 78% of Web 2.0 applications support file transfer. » 2/3 of applications have known vulnerabilities. » 28% of applications were known to propagate malware. » AV best rate of capture malware is 33% per day. After 30days 93%... » ~2M pieces of unique malware signatures detected each day.. And numbers are growing very fast
  14. 14. Growing Device Centric Risk » Over 70% IT security incidents are caused by insider’s device » 60% of confidential data resides on endpoints » Devices are bi-directional threats » USB devices are well known “weapons” of social engineering » 48% of users utilize company tools for personal usage
  15. 15. Endpoint Security TodayTraditional Defenses …• Antivirus• Patching Microsoft OS and Apps• Firewalls• Strong Passwords• End-User Education Programs … Don’t Always Work: If They Did, We Wouldn’t Have IT Security Breaches!
  16. 16. Summary of Endpoint threats Where Traditional Defenses Fall Short • Risk from Un-patched 3rd Party Apps • Controlling Local Admins Gone Wild • Preventing Zero-Day Attacks and Targeted Malware • End-User Education Isn’t Keeping Up • Actionable Reporting and Security Measurement
  17. 17. Results of threats We end up with - • There are Internet shops full of credit card, bank account, privacy, business and other confidential data • Also there are available services to rent a botnet, malicious code and attack anyone • Video trainings and eLearning available in social media, such as YouTube • «Black market community» (forums, blogs, interest groups, conferences etc.) • Lost business & reputation
  18. 18. Some examplesFBI warns USA Congress that cybercriminals can hack anyinternet-linked systemGordon M. Snow, assistant director of the FBI’s Cyber Division(13th of April, 2011)Exclusive: Computer Virus Hits U.S. Drone FleetNoah Shachtman, Wired Magazine(7th of October, 2011)Betfair admits data hack... after 18 months - over two millioncard details were stolenRory Cellan-Jones, BBC Technology(30th of September, 2011)
  19. 19. Endpoint Security Today “Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver
  20. 20. Endpoint Security Today Organizations do not feel more secure than they did last year. This is mainly due to the use of ineffectivetechnology solutions when better, more effective and efficient technologies exist but are not heavily implemented. Paul Henry Security & Forensics Analyst MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,- ISSAP, CISM, CISA, CIFI, CCE SANS Institute Instructor
  21. 21. Quotes from AV vendors Basic security protection “You can’t just rely on is not good enough,” antivirus software – and Rowan Trollope Senior we’re an antivirus Vice President, Symantec company” George Kurtz, Worldwide CTO, McAfee [Standard] antivirus is not "[signatures are] completely effective anymore... Raimund ineffective as the only layer [of Genes, CTO Trend Micro Inc endpoint security]… Nikolay Grebennikov, CTO, Kaspersky
  22. 22. Changes of the traditional Endpoint Security The Past, The Present and The Future
  23. 23. Endpoint Security – vendors and scope
  24. 24. Patching is the security priority•The top security priority is “patching client-side software”1 » Streamline patch management and reporting across OS’s AND applications•Patch and defend is not just a Microsoft issue » More than 2/3 of today’s vulnerabilities come from non- Microsoft applications Source: 1 - SANS Institute
  25. 25. Importance of Application Whitelisting• Blacklist (AV) • Application Control • Whitelist » Detect, block and » Allow known good » Allow only known remove known bad » Remove known bad good to execute » Scan everything » Allow trusted change » Lower resource » Higher resource » Insert AV scan into utilization utilization process strategically » Low risk » Risk of unknown » Optimize resource utilization » Optimize risk Lockdown Policy Open Lockdown 25
  26. 26. Endpoint Security requirements» Antivirus / Anti-malware» HIPS / File Integrity monitoring» Firewall / VPN» Encryption (whole disk, devices)» Device Control» Application Control / System Lockdown» Vulnerability management, patch and update management» Configuration management» NAC / Visibility
  27. 27. Endpoint Security TodayPoint products tax IT resources with additional administration burden, custom integration & maintenance limited user productivity across multiple management consolesVulnerability Patch Systems AntiVirus Data ComplianceAssessment Management Management Malware Protection45% of IT operationsprofessionals workacross 3-5 differentsoftware consoleswhile managingsecurity & operationalfunctions.* Colleen Pat Rich IT Ops Manager CIO IT Security Manager *Worldwide State of The Endpoint Report 2009
  28. 28. Lumension Endpoint Management Security Suite 2011 Introducing: Application Intelligent Whitelisting Single Agile n-tier pluggable Single Promotable Console architecture Agent
  29. 29. LEMSS 2011 – one agent platformL.E.M.S.S.: Patch and RemediationL.E.M.S.S.: Security Configuration ManagementL.E.M.S.S.: Wake on LAN & Power Mgmt.L.E.M.S.S.: Whole Disk EncryptionL.E.M.S.S.: Device ControlL.E.M.S.S.: App Control & AntivirusL.E.M.S.S.: Risk & Compliance Management
  30. 30. LEMSS – principle of work
  31. 31. Clean IT» Role of AntiVirus » Features of AntiVirus » Remove malware prior to lockdown » Sandbox » Scan for malware not identified at » Antispyware / Antivirus time of lockdown » DNA matching » Scan when making changes » Exploit detection• Defense in depth » AntiVirus no longer the primary defence mechanism » Less of a reactionary role L.E.M.S.S.: Antivirus
  32. 32. Lock IT» Role of Application Control » Features of Application Control » Fast and easy policy definition » Kernel level solution » Unique whitelist for every endpoint » ~ 10 years in development » No disruption to productivity » Exploit detection » Stops any executable after locking it » Granularity of control » Integration with Patch & Remediation module for automated and first in market - “Intelligent Application Whitelisting” L.E.M.S.S.: Application Control
  33. 33. Trust IT» Role of Patch & Remediation » Features of Patch & Remediation » Software and Patch » 20 years market leadership deployment systems » Patented patch fingerprint » Automated discovery and technology assessment of assets » Largest coverage of OS’s and Apps » Trusted change manager » Automatically update of local whitelist » No disruption to productivity » Single solution for heterogeneous environment L.E.M.S.S.: Patch And Remediation
  34. 34. Lumension Intelligent Application Whitelisting Unifies workflows and technologies to deliver enhanced capabilities in the management of endpoint operations, security and complianceEndpoint Operations Intelligent Endpoint Security Whitelisting Asset Patch Device Control Management Management Application Control Software Configuration Trusted DLP Management Management Change AntiVirus/Spyware Power Compliance/ Content Wizard Management Firewall Risk Mgt. Management Whole Disk Reporting Encryption» Remove whitelisting market adoption barriers
  35. 35. Lumension Intelligent Endpoint Integrity Service • Cloud repository that correlates files, hashes and attributes with applications » “Speaking applications, not hashes” Additional Partners • Positioned to provide HIGH INTEGRITY BY VALIDATING source of HASH DATA EIS Software Integrity » Not community based, not designed to be “the biggest” at Metadata Repository the sacrifice of integrity » Will be the most trusted and provide risk management EIS Services information » Partnership with Microsoft and additional vendors Lumension • Multiple hash types (SHA-1 SHA-256) will provide Application Control flexibility and stronger security
  36. 36. Lumension Device Control L.E.M.S.S.: Device Control• Central Control of ALL desktop I/O Devices » USB Removable Media, PDA’s, Cameras, CD/DVD R/W, modems etc. Future Proof• Device Usage Policy » Integrates with Active Directory » Policy per user, group or computer » Read, Read/Write or No Access » Temporary & Scheduled access – time of day/day of week » On-line/Offline Device Permissions (e.g. - No modems/3G Data Cards when connected)• Granularity of Control » White list of Make/Models allowed (e.g. only Lexar 256MB or Fuji camera) » Unique Identification of Device by serial number » Authorisation of specific CD media » USB Key-logger detection• Control What Data Is Copied » Limit how much data written out (e.g. Louis can copy 20MB per day max) » File-Type Filtering - control which File Types copied IN/OUT • Used for exception, e.g. cameras can be used for image file only and more…
  37. 37. Lumension Device Control Supported Device Types: • Biometric devices • COM / Serial Ports L.E.M.S.S.: Device Control • DVD/CD drives • Floppy disk drives • Imaging Devices / Scanners • LPT / Parallel Ports • Modems / Secondary Network Access Devices • Palm Handheld Devices • Portable (Plug and Play) Devices • Printers (USB/Bluetooth) • PS/2 Ports • Removable Storage Devices • RIM BlackBerry Handhelds • Smart Card Readers • Tape Drives • User Defined Devices • Windows CE Handheld Devices • Wireless Network Interface Cards (NICs)
  38. 38. Improving Endpoint Security with LEMSS (Lumension Endpoint Management Security Suite)
  39. 39. Minimize Your True Endpoint RiskAugment existing defense-in-depth tools » Comprehensive Patch and »Device Control Configuration Management »Encryption » Application Control / Whitelisting Traditional Endpoint Security Blacklisting As The Core Zero Day Volume of Malware 3rd Party Malware Application As a Risk Service
  40. 40. Minimize Your True Endpoint RiskRapid Patch and Configuration Areas of Risk at the EndpointManagement 5% Zero-Day• Analyze and deploy patches across all OS’s and apps (incl. 3rd party) 30%• Ensure all endpoints on the network are Missing Patches managed• Benchmark and continuously enforce patch and configuration management processes 65%• Don’t forget about the browser! Misconfigurations » Un-patched browsers represent the highest risk for web-borne malware. Source: John Pescatore Vice President, Gartner Fellow
  41. 41. Stop Malware Payloads with App WhitelistingAntivirus Apps Malware• Use for malware clean-up and removal Authorized Known • Operating Systems • Viruses • Business Software • WormsApplication control • Trojans• Much better defense to prevent unknown or Un-Trusted unwanted apps from Unknown Unauthorized • Viruses running • Games • Worms • iTunes • Trojans • Shareware • Keyloggers • Spyware • Unlicensed S/W
  42. 42. Stop Unwanted ApplicationsImmediate and simple risk mitigation Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
  43. 43. Reduce Local Administrator RiskMonitor / Control Local Admin Usage• Local Admins can do ANYTHING on their systems » Install unwanted and unauthorized software » Install malware » Remove patches » Bypass security measures » Change configurations
  44. 44. Manage those Devices Enforce Access Policy Enforce Encryption Policy Monitor, Manage, Report
  45. 45. EncryptionEndpoints (Whole Disk) Removable Devices• Secure all data on endpoint • Secure all data on removable• Enforce secure pre-boot devices (e.g., USB flash drives) authentication w/ single sign-on and/or media (e.g. CDs / DVDs)• Recover forgotten passwords and • Centralized limits, enforcement, data quickly and visibility• Automated deployment Lost UFDs (Ponemon 2011) Laptop Thefts (IDC 2010)
  46. 46. Defense-in-Depth with Intelligent Whitelisting Known Unknown Unwanted, Application Configuration Malware Malware Unlicensed, Vulnerabilities Vulnerabilities Unsupported applications AntiVirus X X Application X X Control Patch & X XRemediation SecurityConfiguration XManagement
  47. 47. A Complete Defense With Lumension Anti-Malware Firewall / IPS Patch Management Physical Intelligent Access Whitelisting
  48. 48. Improving Endpoint SecurityFirst in market solution » Single Server / Management Console » Single Agent Single Console » Modular, Extensible Design » Organization-wide Reporting Agile architecture » Lower Total Cost of Ownership (TCO) » Power of granularity Single Promotable Agent
  49. 49. Real time risk & compliance manager Regulation Authority Documents GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…Business Interests Corporate Policies Business Processes Revenue Streams Trade Secrets IT Assets Profile Risk Attributes Open to the Internet Contains Credit Card Information Contains Customer Data Applicable Controls Pass/Fail Regulation Assessment Password Length Data Encryption Power Save HIPAA SOX PCI NERC 100% 65% 65% 30%
  50. 50. More InformationSMB Security Series SMB Market Survey » Resource Center: http://www.lumension.com/smb-budget www.lumension.com/smb-survey » Webcast Part 2: http://www.lumension.com/Resources/Webinars /How-to-Reduce-Endpoint-Complexity-and- Costs.aspxQuantify Your IT Risk with FreeScanners » http://www.lumension.com/special- offer/PREMIUM-SECURITY-TOOLS.ASPXLumension® Endpoint Managementand Security Suite » Demo: http://www.lumension.com/endpoint- management-security-suite/demo.aspx » Evaluation: http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx
  51. 51. Please consider next steps• Lumension® Intelligent Whitelisting™ » Overview • www.lumension.com/Solutions/Intelligent-Whitelisting.aspx » Free Demo • www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx » Free Application Scanner • www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx• Whitepaper and Videos » Think Your Anti-Virus is Working? Think Again. • www.lumension.com/special-offer/App-Whitelisting-V2.aspx » Using Defense-in-Depth to Combat Endpoint Malware • l.lumension.com/puavad » Reducing Local Admin Access • www.lumension.com/special-offer/us-local-admin.aspx
  52. 52. Global Headquarters15880 N. Greenway-Hayden LoopSuite 100Scottsdale, AZ 85260andris.soroka@dss.lvGSM: +371 29162784

×