Lumension Endpoint Management and Security Suite 2012


Published on

Presentation of new endpoint security management platform from Lumension. Done by Andris Soroka in Warsaw, in headtechnology Poland event Headlight2012.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Lumension Endpoint Management and Security Suite 2012

  1. 1. Shift to IntelligentEndpoint SecurityManagementAndris SorokaWarsaw, Poland17th of May, 2012
  2. 2. Lumension’s business card • Offices Worldwide + Strong Partner Base (500+) • More than 6000 customers in 70 countries • More than 14 million endpoints protected • Award-Winning Innovator
  3. 3. Lumension History Market Share Leader: Patch Management, Enterprise Risk Management, Device Control First cross-platform First credentialed First to introduce First Patent pending First and application patch based vulnerability whitelisting / patented Risk Intelligence Intelligent management solution scanner file “shadowing” Engine Whitelisting technology1991 2007 2009 2010 3
  4. 4. Portfolio – ANNO 1991 Endpoint Vulnerability Endpoint Data Compliance and Operations Management Protection Protection IT Risk ManagementPower Management Vulnerability Assessment AntiVirus/Malware Device Control Compliance-Control MappingLicense Monitoring Patching and Remediation Malware Remediation Data Encryption Continuous MonitoringApplication Deployment Security Configuration Application Control- Whole Disk Encryption Management Intelligent White-lisiting Control HarmonizationAsset Identification and Content FilteringInventory X-Platform Content Application Identity & IT Risk Assessment Support Assurance Data DiscoveryContract Management Deficiency Remediation Mobile Devices Management
  5. 5. Agenda »Traditional Endpoint Security – threats, drivers »Evolutions and shifts in Endpoint SecurityRecent/Upcoming Product Releases Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker »Lumension LEMSS – the innovative platform » Device Control » Application Control » Antivirus » Whole Disk Encryption » Mobile Device Management » Risk & Compliance » Patch & Remediation and more
  6. 6. Business Drivers and Threats The Endpoint Security Landscape
  7. 7. Today’s business environment» IT continues taking the lead in business (ERP, CRM, document management, digital prototyping etc.)» Development of e-World continues (B2B, B2C, e-Services, e-Government, e-Health, social networking, Web 2.0, unified communications etc.)» Consumerization, virtualization, clouds, mobility and borderless enterprise is a reality» Cyber culture grows faster than cyber security (as well – not all countries have compliance, directives or penalties)
  8. 8. Every technology is vulnerable
  9. 9. Malware continues its perfect storm
  10. 10. New king of malware - Java
  11. 11. Mac OS X malware
  12. 12. Mobile malware Source: Juniper Mobile Threat Report
  13. 13. 2011 – year of targeted attacks Attack Type Bethesda Software SQL Injection URL Tampering Northrop Italy Grumman IMF PM Fox News Site Spear Phishing X-Factor 3rd Party SW Citigroup Spanish Nat. Sega DDoS Police Secure ID Gmail Booz Accounts Epsilon PBS Allen Hamilton Unknown Vanguard Sony PBS SOCA Defense Monsanto Malaysian Gov. Site Peru HB Gary RSA Lockheed Special Police Martin Nintendo Brazil Gov. L3 SK Communications Sony BMG CommunicationsSize of circle estimates relative Greece Turkish Government Koreaimpact of breach AZ Police US Senate NATO Feb Mar April May June July Aug IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011
  14. 14. Security TodayGeneral Categories• Financially Motivated » Bank Accts, Passwords, etc. » Identity Theft » Insiders• Intellectual Property Theft• Hacktivists » IP / Customer data » Denial of Service » Reputational Damage
  15. 15. Threats and solutions of Security Today
  16. 16. Results of threats We end up with - • There are Internet shops full of credit card, bank account, privacy, business and other confidential data • Also there are available services to rent a botnet, malicious code and attack anyone • Video trainings and eLearning available in social media, such as YouTube • «Black market community» (forums, blogs, interest groups, conferences etc.) • Lost business & reputation
  17. 17. Crybercrime works..Final Facts• General loss of year 2011 » 2011 – 431 billion people affected, with more than 114 billion USD directly and another 274 billion USD related to direct loss » (Source: Symantec, Dec 2011)Cybercrime costs the worldsignificantly more than the globalblack market of marijuana, cocaineand heroin combined (~$228 billionworld wide)
  18. 18. What about technologies for protection?
  19. 19. Ponemon Institute Survey 2011 (December)
  20. 20. Endpoint Security Today – most importantReality check• Weakest link - endpoint » 70% of incidents are caused on the endpoint » >2 million unique malware samples every day » On average lifetime of a malware is less than 24 hours » Traditional defense is not enough » At least 50 new vulnerabilities found and reported daily
  21. 21. Endpoint Security TodayTraditional Defenses …• Antivirus• Patching Microsoft OS and Apps• Firewalls• Strong Passwords• End-User Education Programs … Don’t Always Work: If They Did, We Wouldn’t Have IT Security Breaches!
  22. 22. Most Common Threats - N1• Hard to dispute the fact that patching an underlying software flaw in most cases is the best defense • In the current environment 72% of vulnerabilities have a patch available within 24 hours of disclosure • In the current environment 77% of vulnerabilities have a patch available within 30 days of disclosure• Microsoft data indicates that in the first half of 2011 Zero Day attacks amounted to less the 1% of the attack surfacePatch or get hacked the Source is yours… party-programs-rather-than-microsoft-programs- responsible-for-most-vulnerabilities/10383?tag=nl.e53922
  23. 23. Most Common Threats – N2• Vulnerable software is not just a Microsoft problem…• Third party software historically has had more unpatched vulnerabilities then Microsoft• Java is your number one issue today followed by Adobe – the leader for the past couple of years Source programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539Bottom line is WSUS isnot going to save you ! Source: insecure-java-versions/9541?tag=content;siu-container23
  24. 24. Most Common Threats – N3• Hackers are always going to take advantage of areas that simply are not properly handled by defenders• Looking at the chart on the right is there any question why Java, Adobe and QuickTime are favored by the Bad Guys • In case you missed it the chart is showing the “Most Outdated Web Browser Plugins”What did you really Source: was going tohappen?24
  25. 25. Most Common Threats – N4• It is important to remember that taking advantage of a vulnerability is not really the “End Game” for a bad guy • The Vulnerability only represents a “Delivery Mechanism” • The “End Game” is actually to allow them to Execute Malicious Code in your environment• Why are we focusing on the delivery method not the end game • Duh - because everyone else is• Hackers will always beat us in the delivery mechanism “Arms Race”• Get ahead of the problem by focusing on the End Game25
  26. 26. Summary of Endpoint threats Where Traditional Defenses Fall Short • Risk from Un-patched 3rd Party Apps • Controlling Local Admins Gone Wild • Preventing Zero-Day Attacks and Targeted Malware • End-User Education Isn’t Keeping Up • Actionable Reporting and Security Measurement
  27. 27. Changes of the traditional Endpoint Security The Past, The Present and The Future
  28. 28. Quotes from AV vendors Basic security protection “You can’t just rely on is not good enough,” antivirus software – and Rowan Trollope Senior we’re an antivirus Vice President, Symantec company” George Kurtz, Worldwide CTO, McAfee [Standard] antivirus is not "[signatures are] completely effective anymore... Raimund ineffective as the only layer [of Genes, CTO Trend Micro Inc endpoint security]… Nikolay Grebennikov, CTO, Kaspersky
  29. 29. Endpoint Security – vendors and scope
  30. 30. Endpoint Security TodayPoint products tax IT resources with additional administration burden, custom integration & maintenance limited user productivity across multiple management consolesVulnerability Patch Systems AntiVirus Data ComplianceAssessment Management Management Malware Protection45% of IT operationsprofessionals workacross 3-5 differentsoftware consoleswhile managingsecurity & operationalfunctions.* Colleen Pat Rich IT Ops Manager CIO IT Security Manager *Worldwide State of The Endpoint Report 2009
  31. 31. Endpoint Security requirements» Antivirus / Anti-malware» HIPS / File Integrity monitoring» Firewall / VPN» Encryption (whole disk, devices)» Device Control» Application Control / System Lockdown» Vulnerability management, patch and update management» Configuration management» NAC / Visibility» Mobile Device Management
  32. 32. Lumension Endpoint Management Security Suite 2012 Introducing: Application Intelligent Whitelisting Single Agile n-tier pluggable Single Promotable Console architecture Agent
  33. 33. LEMSS 2012 – one agent platformL.E.M.S.S.: Patch and Remediation & ConfigL.E.M.S.S.: Mobile Device ManagementL.E.M.S.S.: Wake on LAN & Power Mgmt.L.E.M.S.S.: Whole Disk EncryptionL.E.M.S.S.: Device ControlL.E.M.S.S.: App Control & AntivirusL.E.M.S.S.: Risk & Compliance Management
  34. 34. Lumension Intelligent Application Whitelisting Unifies workflows and technologies to deliver enhanced capabilities in the management of endpoint operations, security and complianceEndpoint Operations Intelligent Endpoint Security Whitelisting Asset Patch Device Control Management Management Application Control Software Configuration Trusted DLP Management Management Change AntiVirus/Spyware Power Compliance/ Content Wizard Management Firewall Risk Mgt. Management Whole Disk Reporting / Alerting / Logging Mobile Device Encryption Management» Remove whitelisting market adoption barriers
  35. 35. LEMSS – principle of work
  36. 36. Clean IT» Role of AntiVirus » Features of AntiVirus » Remove malware prior to lockdown » Sandbox » Scan for malware not identified at » Antispyware / Antivirus time of lockdown » DNA matching » Scan when making changes » Exploit detection• Defense in depth » AntiVirus no longer the primary defence mechanism » Less of a reactionary role L.E.M.S.S.: Antivirus
  37. 37. LEMSS: AV Key FeaturesHighlights Complete Listing • Antivirus» AV Signatures and Scan Engine • Antispyware Updates • DNA Matching (partial signature matching)» Policy Scans • SandBox (behavorial analysis) • Recurring Scan Policy • Exploit Detection (hidden malware) • AV Signature and Scan Engine Downloads • Real Time Monitoring (LAN and Internet) • Scan Now • Recurring Scan Policy» Alerts & Notifications • Real-time Monitoring Policy • Centralized Alerts Page • Scan Now • Dashboard Widgets • Alerts (Status) • Email Notification • Email Notifications • Dashboard Widets • Reports • Reports» Agent Control Panel • LEMSS Integration (single agent) • Agent Control Panel37 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  38. 38. Lock IT» Role of Application Control » Features of Application Control » Fast and easy policy definition » Kernel level solution » Unique whitelist for every endpoint » ~ 10 years in development » No disruption to productivity » Exploit detection » Stops any executable after locking it » Granularity of control » Integration with Patch & Remediation module for automated and first in market - “Intelligent Application Whitelisting” L.E.M.S.S.: Application Control
  39. 39. How Application Control Security Works AntiVirus Application ControlMalware Signatures Hash of Approved Application30 Million and growing @ 2 Million / Month As defined by IT Security DLoader.AMHZW Exploit_Gen.HOW Word.exe Excel.exe Winnet.dll Mozilla.exe Hacktool.KDY INF/AutoRun.HK JS/BomOrkut.A JS/Exploit.GX JS/FakeCodec.B JS/Iframe.BZ JS/Redirector.AH KillAV.MPK LNK/CplLnk.K Run as a Service Run in the Kernel CPU Usage: CPU Usage: Low Intensive Proactive Reactive Effective for: Ineffective on: Zero day, Zero Day, Polymorphic Polymorphic 95% 13%
  40. 40. Trust IT» Role of Patch & Remediation » Features of Patch & Remediation » Software and Patch » 20 years market leadership deployment systems » Patented patch fingerprint » Automated discovery and technology assessment of assets » Largest coverage of OS’s and Apps » Trusted change manager » Automatically update of local whitelist » No disruption to productivity » Single solution for heterogeneous environment L.E.M.S.S.: Patch And Remediation
  41. 41. Lumension Application Support Updates • Apple (128) Adobe Reader » QuickTime Adobe Shockwave Player » iTunes Adobe Flash Player » Safari » iLife Suite Adobe Acrobat Pro Adobe Photoshop • Mozilla Firefox Content (818) Adobe InDesign » Firefox Adobe Air • RealNetworks (10) » RealPlayer More than any • Sun Microsystems (486) » Java JRE other patch vendor! • WinZip (2) » WinZip41 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  42. 42. More than just Windows patching….• Microsoft Windows• Apple Mac OS X, v.10.3–10.6, x86 (Intel)/PowerPC• HP-UX, v. 11.11–11.31, 64 bit PA-RISC• IBM AIX, v. 5.1–5.3, PowerPC• Sun Solaris, v. 9–10, SPARC, x86/x86_64• Linux Platforms: » Red Hat Enterprise Linux • RHEL 3, 4, and 5, x86 and x86_64 » CentOS • CentOS 4 and 5, x86 and x86_64 » Oracle Enterprise Linux • Oracle Enterprise Linux 4 and 5, x86 and x86_64 » SUSE Linux Enterprise • SLES/SLED 9, 10, and 11, x86 and x86_6442 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  43. 43. And more than just patching…Systems Management: » Inventory: » Software » Hardware » Services » Software Distribution » Remote Desktop » Power Management » Policy Setting / Enforcement » Wake on LAN » Report on Savings ($$) » Configuration setting / enforcement » Disable 3rd party vendor auto update, Adobe, Java » Compliance Controls43 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  44. 44. Lumension Endpoint Integrity Service Software Vendors Lumension Endpoint Integrity Service Lumension Certified Application (Sha-256 Hash Application Identification) Customized Whitelist Customer downloads Lumension certified application data to build unique whitelist. Whitelist Updated Lumension dynamically updates customer whitelist with latest vulnerability information. Customer44 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  45. 45. Lumension Device Control Supported Device Types: • Biometric devices • COM / Serial Ports L.E.M.S.S.: Device Control • DVD/CD drives • Floppy disk drives • Imaging Devices / Scanners • LPT / Parallel Ports • Modems / Secondary Network Access Devices • Palm Handheld Devices • Portable (Plug and Play) Devices • Printers (USB/Bluetooth) • PS/2 Ports • Removable Storage Devices • RIM BlackBerry Handhelds • Smart Card Readers • Tape Drives • User Defined Devices • Windows CE Handheld Devices • Wireless Network Interface Cards (NICs)
  46. 46. Lumension Mobile Device Management
  47. 47. Improving Endpoint Security with LEMSS (Lumension Endpoint Management Security Suite)
  48. 48. Minimize Your True Endpoint RiskAugment existing defense-in-depth tools » Comprehensive Patch and »Device Control Configuration Management »Encryption » Application Control / Whitelisting Traditional Endpoint Security Blacklisting As The Core Zero Day Volume of Malware 3rd Party Malware Application As a Risk Service
  49. 49. Minimize Your True Endpoint RiskRapid Patch and Configuration Areas of Risk at the EndpointManagement 5% Zero-Day• Analyze and deploy patches across all OS’s and apps (incl. 3rd party) 30%• Ensure all endpoints on the network are Missing Patches managed• Benchmark and continuously enforce patch and configuration management processes 65%• Don’t forget about the browser! Misconfigurations » Un-patched browsers represent the highest risk for web-borne malware. Source: John Pescatore Vice President, Gartner Fellow
  50. 50. Stop Malware Payloads with App WhitelistingAntivirus Apps Malware• Use for malware clean-up and removal Authorized Known • Operating Systems • Viruses • Business Software • WormsApplication control • Trojans• Much better defense to prevent unknown or Un-Trusted unwanted apps from Unknown Unauthorized • Viruses running • Games • Worms • iTunes • Trojans • Shareware • Keyloggers • Spyware • Unlicensed S/W
  51. 51. EncryptionEndpoints (Whole Disk) Removable Devices• Secure all data on endpoint • Secure all data on removable• Enforce secure pre-boot devices (e.g., USB flash drives) authentication w/ single sign-on and/or media (e.g. CDs / DVDs)• Recover forgotten passwords and • Centralized limits, enforcement, data quickly and visibility• Automated deployment Lost UFDs (Ponemon 2011) Laptop Thefts (IDC 2010)
  52. 52. Back in 2009 / 2010 Patch & Application SCM Remediation Control Device Content AV Control Wizard Risk Scan PM Manager52
  53. 53. Lumension Endpoint Management Platform Single Integrated Console / Single Agent » Unified workflow » Consolidated data » Increased visibility » Operational & Strategic2009 Integration Reporting » Modular, extensible design Endpoint Operations » Power of granularity Endpoint Security » Improved productivity and Compliance lower TCO 53
  54. 54. Massive ongoing U.I. Integration201020112012 LPR LRS LCW AC DC AV PM SCM Scan LRM *2010 – each color represents a different product with a different user interface *2011 – Migration to a consolidated user interface. SCAN and LRM are also sold as separate stand alone products 54
  55. 55. Lumension Platform Advantage • Fully integrated UI across ALL technologies Many • Unified Policy Framework to automatically enforce Products and eliminate configuration drift Single UI Many Consoles Single Console • N-Tier Design • Full Integration for all technologies One Partner One Platform Many Solutions Disparate N Tier Agile n-tier pluggable Architecture architecture • Cross Platform • Single Communication Vector • One agent-all technologies Many SingleSingle Promotable Agent Agents Agent55 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  56. 56. Lumension Endpoint Management and Security Suite: Dashboard56 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  57. 57. Lumension® Risk Manager
  58. 58. Real time risk & compliance manager Regulation Authority Documents GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…Business Interests Corporate Policies Business Processes Revenue Streams Trade Secrets IT Assets Profile Risk Attributes Open to the Internet Contains Credit Card Information Contains Customer Data Applicable Controls Pass/Fail Regulation Assessment Password Length Data Encryption Power Save HIPAA SOX PCI NERC 100% 65% 65% 30%
  59. 59. Security Posture Index Contextual » High-level security posture objectives are captured in LRM » Combined KPI’s form a security posture report » Drill down on different sections of the SPI report for detailed assessment scores59 59 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  60. 60. More InformationSMB Security Series SMB Market Survey » Resource Center: » Webcast Part 2: /How-to-Reduce-Endpoint-Complexity-and- Costs.aspx E is for Endpoint Webcast andQuantify Your IT Risk with Free Whitepaper SeriesScanners » offer/PREMIUM-SECURITY-TOOLS.ASPXLumension® Endpoint Managementand Security Suite » Demo: management-security-suite/demo.aspx » Evaluation: management-security-suite/free-trial.aspx
  61. 61. Please consider next steps• Lumension® Intelligent Whitelisting™ » Overview • » Free Demo • » Free Application Scanner •• Whitepaper and Videos » Think Your Anti-Virus is Working? Think Again. • » Using Defense-in-Depth to Combat Endpoint Malware • » Reducing Local Admin Access •
  62. 62. Global Headquarters15880 N. Greenway-Hayden LoopSuite 100Scottsdale, AZ 85260