SlideShare a Scribd company logo

Protecting endpoints from targeted attacks

Download as PPTX, PDF
AppSense
AppSense

This document discusses strategies for protecting endpoints from targeted attacks. It begins with an overview of the increasing threats facing organizations from malware and cyber attacks. It then outlines five principles for an effective endpoint security strategy: 1) get organizational endpoints in order through vulnerability management and application control, 2) focus on protecting data rather than infrastructure on unmanaged devices, 3) utilize thin clients and cloud-based solutions, 4) implement a zero-trust approach to authentication, and 5) maintain visibility into endpoint activity. The document recommends implementing application control, patching vulnerabilities, deploying recommended security practices, improving authentication, and integrating network and endpoint security controls. It emphasizes continuing to shift focus to securing unmanaged devices by decoupling protection from infrastructure.

Technology
1 of 44
® Protecting endpoints from targeted attacks. Forrester / Dell / AppSense
® Every company is becoming an IT company they’re just focused on different verticals.” John Chambers, Cisco = Huge attack surface
Today’s Session Security, user experience & visibility State of threats and security and the need to “think different” Two domains: Managed endpoints and unmanaged endpoints 5 design principles for an effective endpoint security strategy How VDI plays a big role in security and security plays a big role in VDI Thin clients’ natural malware resistance
Presenters Chris Sherman, Analyst Security and Risk Dan O’Farrell, Sr. Director of Product Marketing, Cloud Computing Bassam Khan, VP of Product Marketing
© 2015 Forrester Research, Inc. Reproduction Prohibited Five Steps To Protect Your Endpoints From Targeted Attacks Chris Sherman, Analyst May 2015
© 2015 Forrester Research, Inc. Reproduction Prohibited 6 Orgs will continue to struggle with 0-Day malware through 2015 0 10 20 30 40 50 60 Q1 2010 Q2 2010 Q3 2010 Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013 Q1 2014 Q2 2014 Q3 2014 Q4 2014 Varients(inMillions) Unique Variants of Malware Per Quarter 600,000 new malware variants/day! Source: McAfee Threats Report: First Quarter 2015
© 2015 Forrester Research, Inc. Reproduction Prohibited Orgs will continue to struggle with targeted attacks Publicly reported cyber incidents and breaches in the US Source: Cyberfactors, LLC
© 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 8 The Golden Age Of Hacking Continues
© 2015 Forrester Research, Inc. Reproduction Prohibited 9 1% 7% 23% 24% 49% 33% 39% Other Don't Know Lost/stolen asset (e.g., smartphone, tablet, laptop, external hard drive, USB flash drive, etc) Internal incident within a business partner/third party supplier’s organization Internal incident within our organization External attack targeting a business partner/third-party supplier External attack targeting our organization “What were the most common ways in which the breach(es) occurred in the past 12 months?” Source: Forrester BT Security Survey, Q3 2014 Base: 457 North American and European IT security executives and technology decision makers whose firms had experienced a breach in the past 12 months Thieves go for the gold: PII and IP Data breaches have led to 330,000,000 lost records in 2014 alone* *Cyberfactors, LLC
© 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 10 Breach Costs Will Continue To Increase In 2015 › Average total cost: $3.5 million › Up 15% from 2013 › Each lost record cost $136 › Up 9% from 2013
© 2015 Forrester Research, Inc. Reproduction Prohibited 11 This Much Is Clear: Traditional Endpoint Security Tools Are Failing And Will Continue To Fail Through 2015
© 2015 Forrester Research, Inc. Reproduction Prohibited 12 An Ongoing Anti-Malware Technology Arms Race Signature based detection Encrypted payloads Decryptor matching/pas sive heuristics Polymorphic code Active heuristics/sandbo xing Sandbox evasion techniques Sandbox hardening Self-directed (metamorphic) code Runtime behavior detection Further obfuscation techniques/signed binaries/behavior randomization
© 2015 Forrester Research, Inc. Reproduction Prohibited 13 The 90’s called, they want their endpoint security strategy back Despite… Anti-Virus Application Whitelisting 80% 52% 48% 54% reporting frequent attacks involving software vulnerabilities 92% reporting rising operation costs involving malware Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2014 …Many organizations still rely heavily on antivirus. A New Approach Is Needed! 48% Application Priv. Mgmt. 52% 48% Application Sandboxing
© 2015 Forrester Research, Inc. Reproduction Prohibited 14 We are hyper focused on the WRONG things
© 2015 Forrester Research, Inc. Reproduction Prohibited 15 Organizations Must Refocus Their Endpoint Security Strategies In 2015
© 2015 Forrester Research, Inc. Reproduction Prohibited 16 Do a better job of endpoint protection. Managed endpoints Unmanaged endpoints Your Challenges are Twofold Protect your data and operations without owning the assets!
© 2015 Forrester Research, Inc. Reproduction Prohibited Five design principles for an effective endpoint security strategy Get your house in order (managed endpoints) Focus on data (unmanaged endpoints) Think thin, think cloud (combined) Zero trust (combined) Eye in the sky (combined)
© 2015 Forrester Research, Inc. Reproduction Prohibited 18 Principle No. 1: Get your house in order –attack surface reduction This completes 75% of the work. • Limit Firefox, Opera, and QuickTime • Options include application whitelisting, execution isolation, privilege management • Weigh the pros and cons of each form of app control Exercise application control. Disable Java in web browsers. Deploy the Enhanced Mitigation Experience Toolkit. • Eliminate superfluous applications from your environment. While you are at it:
© 2015 Forrester Research, Inc. Reproduction Prohibited 19 Get your house in order — manage your vulnerabilities You need an intelligent patch management system. Endpoint security products that sandbox code within browser is a plus! IE is a bit more complex. Consider this strategy: Browse the Net with Chrome. Keep IE for internal applications. If you see a patch for Flash, Java, or Reader: Patch it, patch it as fast as you can.
© 2015 Forrester Research, Inc. Reproduction Prohibited 20 Get your house in order (Summary) An effective endpoint security strategy must: Start with managing vulnerabilities. • Leverage a patch management solution which supports 3rd party applications • Focus on vulnerabilities with an existing exploit • Patch it well, and patch it early. Reduce attack surface through some form of application control. • Figure out which risky applications you don’t need, and eliminate them. • Policy-driven solutions require less effort (ex. trusted publisher, vendor signature, application category, etc) • Build a good exception-handling workflow. Augment with antimalware. • A layered defense = best for security • Measure solutions based on zero-day effectiveness
© 2015 Forrester Research, Inc. Reproduction Prohibited 21 Enter unmanaged devices…
© 2015 Forrester Research, Inc. Reproduction Prohibited 22 Principle No. 2: Focus on the data, not infrastructure Decouple data and threat protection from the infrastructure • Build security capabilities into the application. • E.g., encryption in the application • E.g., threat detection in the application • Malware • Fraud • Jailbreak Application Data Fortifying this
© 2015 Forrester Research, Inc. Reproduction Prohibited Principle No. 3: Think Thin, Think Cloud • If possible: • Thin client • Thin device • Process centrally, present locally • Leverage on cloud delivery and scaling • Requires connection • High Server-side operational load • Endpoint security tools still required
© 2015 Forrester Research, Inc. Reproduction Prohibited 24 Principle No. 4: Zero Trust • Authentication is always contextual: › Location, environment, and malware detection . . . all factor into authentication/authorization. • Authorization to access services must be evaluated dynamically • Trust is derived and verified, never assumed
© 2015 Forrester Research, Inc. Reproduction Prohibited 25 Principle No. 5: Eye In The Sky • Provides intelligence to focus on the right things • Monitor and control data flows across logical security boundaries • Requires data classification • Increased situational awareness Unmanaged devices, infrastructure Managed devices
© 2015 Forrester Research, Inc. Reproduction Prohibited 26 Principle No. 5: Eye In The Sky (Cont’d) › Endpoint Visibility & Control (EVC) provides detailed visibility into activity occurring on the endpoint: • Process executions • Application/file/registry modifications • Network activity • Active memory • Kernel-driver activity › Some provide containment
© 2015 Forrester Research, Inc. Reproduction Prohibited Recommendations 1. Implement meaningful app control 2. Run a targeted patch program 3. Deploy recommended practices (DEP, EMET) 4. Improve authentication measures 5. Integrate network and endpoint security controls where possible; aim for increased visibility
© 2015 Forrester Research, Inc. Reproduction Prohibited Recommendations 1. Continue to shift focus to unmanaged or lightly managed endpoints 2. Decouple protection from device and infrastructure 3. Think thin, think cloud 4. Toss your trust assumptions 5. Maintain a high level of visibility over your endpoints and data
© 2015 Forrester Research, Inc. Reproduction Prohibited #ageofthecustomer Chris Sherman csherman@forrester.com @ChrisShermanFR
Cloud client- computing The ultimate secure, manageable and reliable end to end virtual desktop solutions.
Cloud client-computing • Dell - Internal Use - Confidential Deliver nearly any desktop app to any user on any device Move your desktops to the cloud and: Empower the workforce Enable BYOD, deliver securely to any device, enhance user collaboration Optimize IT resources Reduce IT resources, scale and speed deployment Improve security Control data, recover from disasters, apply policies, comply with regulations, and monitor risk Manage costs Monitor and optimize total cost of ownership, achieve greater utilization from infrastructure assets, reduce energy use
Cloud client-computing • Dell - Internal Use - Confidential Highly-regulated industries were first to embrace this model to increase security and reduce costs
Cloud client-computing • Dell - Internal Use - Confidential Solutions that scale with your needs Specialized appliances Reduced TCORapid deploymentEasy installation Your choice of datacenter hardware with… …your choice of pre-tested software options Wyse Datacenter Towers with local storage VRTX (new form factors) Full racks with modular options
Cloud client-computing • Dell - Internal Use - Confidential Wyse Clients Industry-leading thin clients Secure the most secure thin clients on the planet Versatile tailored clients for Citrix, VMware, and Microsoft Powerful handle demanding tasks from video editing to 3D modeling Connected support a broad range of peripherals Desktop All-in-one Mobile Ultra mobile Dell offers the most extensive selection of secure, easy-to-manage thin and zero clients to suit your budget, application, and performance needs.
Cloud client-computing • Dell - Internal Use - Confidential See for yourself - next steps More information On the web: Dell.com/wyse Schedule a demo Work with your sales representative to schedule a demo. Access a range of demos, including Dell Enterprise Solutions, Dell DaaS, Dell DVS Simplified Appliance and others. Learn More Engage the experts Engage with your cloud client-computing sales specialist early in the pursuit. Leverage the knowledge of Dell's desktop virtualization experts. a demo at a Dell Solution Center View Dell IT Consulting to assess your needs Engage an Executive Briefing on cloud client-computing strategy Schedule
Backup •Thank You
® We believe you can manage and secure while providing a great user experience
It’s Not Only About Security Needs Endpoint manageability License control Profile management Simple Desktop IT Administration Ransomware, phishing, social engineering Unnecessary privileges Audit & Compliance Effective Endpoint Security Performance Flexibility & control Consistency Excellent User Experience
The most comprehensive UEM platform. Personalization Environment Manager™ Security Application Manager™ Managed data DataNow™ AppSense management Management Center™ Endpoint analytics Insight™ Optimal capacity & responsiveness Performance Manager™ AppSense AppSense AppSense AppSense AppSense AppSense ® Personalization Policy Privileges Performance Data Analytics Personalization Policy Privileges Performance Data Access Analytics ®
® Endpoint Analytics Demo
®® AppSense User-First Security Secure, manageable, great user experience Privilege Management Least privileges with just in time self-elevation Application Control Manageability & security through Trusted Ownership™ Analytics Visibility into what’s really going on ®
Global UEM Leader Founded in 1999 to help customers deliver a great user experience. • 3400+ customers • 7.5M+ endpoints • 400+ employees AppSense Global HQ in Sunnyvale, California Manchester | Reading | Munich Amsterdam | Paris | Melbourne Sydney | NYC | Sunnyvale | Raleigh 10 GLOBAL LOCATIONS
® Question & Answer
® Thank you! For more information, visit www.appsense.com or email iwanttoknowmore@appsense.com

Recommended

Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
Sridhar Karnam
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
The Case for Continuous Open Source Management
The Case for Continuous Open Source ManagementThe Case for Continuous Open Source Management
The Case for Continuous Open Source Management
Black Duck by Synopsys
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
IBM Security
 

Recommended

Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
Sridhar Karnam
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
The Case for Continuous Open Source Management
The Case for Continuous Open Source ManagementThe Case for Continuous Open Source Management
The Case for Continuous Open Source Management
Black Duck by Synopsys
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
IBM Security
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
Eric Vétillard
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital
 
Using 80 20 rule in application security management
Using 80 20 rule in application security managementUsing 80 20 rule in application security management
Using 80 20 rule in application security management
DaveEdwards12
 
Chapter 15 Risk Mitigation
Chapter 15 Risk MitigationChapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
Cigital
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
Legal Services National Technology Assistance Project (LSNTAP)
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional
Outpost24
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
ssusera76ea9
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
SecPod Technologies
 

More Related Content

What's hot

4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
Cigital
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
 

What's hot (20)

Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teaming
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
Using 80 20 rule in application security management
Using 80 20 rule in application security managementUsing 80 20 rule in application security management
Using 80 20 rule in application security management
 
Chapter 15 Risk Mitigation
Chapter 15 Risk MitigationChapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional Outpost24 webinar - A day in the life of an information security professional
Outpost24 webinar - A day in the life of an information security professional
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
 

Similar to Protecting endpoints from targeted attacks

Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Netskope
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office Perimeter
Veriato
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 

Similar to Protecting endpoints from targeted attacks (20)

dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office Perimeter
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
Stu r35 a
Stu r35 aStu r35 a
Stu r35 a
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Protecting endpoints from targeted attacks

  • 2. ® Every company is becoming an IT company they’re just focused on different verticals.” John Chambers, Cisco = Huge attack surface
  • 3. Today’s Session Security, user experience & visibility State of threats and security and the need to “think different” Two domains: Managed endpoints and unmanaged endpoints 5 design principles for an effective endpoint security strategy How VDI plays a big role in security and security plays a big role in VDI Thin clients’ natural malware resistance
  • 4. Presenters Chris Sherman, Analyst Security and Risk Dan O’Farrell, Sr. Director of Product Marketing, Cloud Computing Bassam Khan, VP of Product Marketing
  • 5. © 2015 Forrester Research, Inc. Reproduction Prohibited Five Steps To Protect Your Endpoints From Targeted Attacks Chris Sherman, Analyst May 2015
  • 6. © 2015 Forrester Research, Inc. Reproduction Prohibited 6 Orgs will continue to struggle with 0-Day malware through 2015 0 10 20 30 40 50 60 Q1 2010 Q2 2010 Q3 2010 Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013 Q4 2013 Q1 2014 Q2 2014 Q3 2014 Q4 2014 Varients(inMillions) Unique Variants of Malware Per Quarter 600,000 new malware variants/day! Source: McAfee Threats Report: First Quarter 2015
  • 7. © 2015 Forrester Research, Inc. Reproduction Prohibited Orgs will continue to struggle with targeted attacks Publicly reported cyber incidents and breaches in the US Source: Cyberfactors, LLC
  • 8. © 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 8 The Golden Age Of Hacking Continues
  • 9. © 2015 Forrester Research, Inc. Reproduction Prohibited 9 1% 7% 23% 24% 49% 33% 39% Other Don't Know Lost/stolen asset (e.g., smartphone, tablet, laptop, external hard drive, USB flash drive, etc) Internal incident within a business partner/third party supplier’s organization Internal incident within our organization External attack targeting a business partner/third-party supplier External attack targeting our organization “What were the most common ways in which the breach(es) occurred in the past 12 months?” Source: Forrester BT Security Survey, Q3 2014 Base: 457 North American and European IT security executives and technology decision makers whose firms had experienced a breach in the past 12 months Thieves go for the gold: PII and IP Data breaches have led to 330,000,000 lost records in 2014 alone* *Cyberfactors, LLC
  • 10. © 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 10 Breach Costs Will Continue To Increase In 2015 › Average total cost: $3.5 million › Up 15% from 2013 › Each lost record cost $136 › Up 9% from 2013
  • 11. © 2015 Forrester Research, Inc. Reproduction Prohibited 11 This Much Is Clear: Traditional Endpoint Security Tools Are Failing And Will Continue To Fail Through 2015
  • 12. © 2015 Forrester Research, Inc. Reproduction Prohibited 12 An Ongoing Anti-Malware Technology Arms Race Signature based detection Encrypted payloads Decryptor matching/pas sive heuristics Polymorphic code Active heuristics/sandbo xing Sandbox evasion techniques Sandbox hardening Self-directed (metamorphic) code Runtime behavior detection Further obfuscation techniques/signed binaries/behavior randomization
  • 13. © 2015 Forrester Research, Inc. Reproduction Prohibited 13 The 90’s called, they want their endpoint security strategy back Despite… Anti-Virus Application Whitelisting 80% 52% 48% 54% reporting frequent attacks involving software vulnerabilities 92% reporting rising operation costs involving malware Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2014 …Many organizations still rely heavily on antivirus. A New Approach Is Needed! 48% Application Priv. Mgmt. 52% 48% Application Sandboxing
  • 14. © 2015 Forrester Research, Inc. Reproduction Prohibited 14 We are hyper focused on the WRONG things
  • 15. © 2015 Forrester Research, Inc. Reproduction Prohibited 15 Organizations Must Refocus Their Endpoint Security Strategies In 2015
  • 16. © 2015 Forrester Research, Inc. Reproduction Prohibited 16 Do a better job of endpoint protection. Managed endpoints Unmanaged endpoints Your Challenges are Twofold Protect your data and operations without owning the assets!
  • 17. © 2015 Forrester Research, Inc. Reproduction Prohibited Five design principles for an effective endpoint security strategy Get your house in order (managed endpoints) Focus on data (unmanaged endpoints) Think thin, think cloud (combined) Zero trust (combined) Eye in the sky (combined)
  • 18. © 2015 Forrester Research, Inc. Reproduction Prohibited 18 Principle No. 1: Get your house in order –attack surface reduction This completes 75% of the work. • Limit Firefox, Opera, and QuickTime • Options include application whitelisting, execution isolation, privilege management • Weigh the pros and cons of each form of app control Exercise application control. Disable Java in web browsers. Deploy the Enhanced Mitigation Experience Toolkit. • Eliminate superfluous applications from your environment. While you are at it:
  • 19. © 2015 Forrester Research, Inc. Reproduction Prohibited 19 Get your house in order — manage your vulnerabilities You need an intelligent patch management system. Endpoint security products that sandbox code within browser is a plus! IE is a bit more complex. Consider this strategy: Browse the Net with Chrome. Keep IE for internal applications. If you see a patch for Flash, Java, or Reader: Patch it, patch it as fast as you can.
  • 20. © 2015 Forrester Research, Inc. Reproduction Prohibited 20 Get your house in order (Summary) An effective endpoint security strategy must: Start with managing vulnerabilities. • Leverage a patch management solution which supports 3rd party applications • Focus on vulnerabilities with an existing exploit • Patch it well, and patch it early. Reduce attack surface through some form of application control. • Figure out which risky applications you don’t need, and eliminate them. • Policy-driven solutions require less effort (ex. trusted publisher, vendor signature, application category, etc) • Build a good exception-handling workflow. Augment with antimalware. • A layered defense = best for security • Measure solutions based on zero-day effectiveness
  • 21. © 2015 Forrester Research, Inc. Reproduction Prohibited 21 Enter unmanaged devices…
  • 22. © 2015 Forrester Research, Inc. Reproduction Prohibited 22 Principle No. 2: Focus on the data, not infrastructure Decouple data and threat protection from the infrastructure • Build security capabilities into the application. • E.g., encryption in the application • E.g., threat detection in the application • Malware • Fraud • Jailbreak Application Data Fortifying this
  • 23. © 2015 Forrester Research, Inc. Reproduction Prohibited Principle No. 3: Think Thin, Think Cloud • If possible: • Thin client • Thin device • Process centrally, present locally • Leverage on cloud delivery and scaling • Requires connection • High Server-side operational load • Endpoint security tools still required
  • 24. © 2015 Forrester Research, Inc. Reproduction Prohibited 24 Principle No. 4: Zero Trust • Authentication is always contextual: › Location, environment, and malware detection . . . all factor into authentication/authorization. • Authorization to access services must be evaluated dynamically • Trust is derived and verified, never assumed
  • 25. © 2015 Forrester Research, Inc. Reproduction Prohibited 25 Principle No. 5: Eye In The Sky • Provides intelligence to focus on the right things • Monitor and control data flows across logical security boundaries • Requires data classification • Increased situational awareness Unmanaged devices, infrastructure Managed devices
  • 26. © 2015 Forrester Research, Inc. Reproduction Prohibited 26 Principle No. 5: Eye In The Sky (Cont’d) › Endpoint Visibility & Control (EVC) provides detailed visibility into activity occurring on the endpoint: • Process executions • Application/file/registry modifications • Network activity • Active memory • Kernel-driver activity › Some provide containment
  • 27. © 2015 Forrester Research, Inc. Reproduction Prohibited Recommendations 1. Implement meaningful app control 2. Run a targeted patch program 3. Deploy recommended practices (DEP, EMET) 4. Improve authentication measures 5. Integrate network and endpoint security controls where possible; aim for increased visibility
  • 28. © 2015 Forrester Research, Inc. Reproduction Prohibited Recommendations 1. Continue to shift focus to unmanaged or lightly managed endpoints 2. Decouple protection from device and infrastructure 3. Think thin, think cloud 4. Toss your trust assumptions 5. Maintain a high level of visibility over your endpoints and data
  • 29. © 2015 Forrester Research, Inc. Reproduction Prohibited #ageofthecustomer Chris Sherman csherman@forrester.com @ChrisShermanFR
  • 30. Cloud client- computing The ultimate secure, manageable and reliable end to end virtual desktop solutions.
  • 31. Cloud client-computing • Dell - Internal Use - Confidential Deliver nearly any desktop app to any user on any device Move your desktops to the cloud and: Empower the workforce Enable BYOD, deliver securely to any device, enhance user collaboration Optimize IT resources Reduce IT resources, scale and speed deployment Improve security Control data, recover from disasters, apply policies, comply with regulations, and monitor risk Manage costs Monitor and optimize total cost of ownership, achieve greater utilization from infrastructure assets, reduce energy use
  • 32. Cloud client-computing • Dell - Internal Use - Confidential Highly-regulated industries were first to embrace this model to increase security and reduce costs
  • 33. Cloud client-computing • Dell - Internal Use - Confidential Solutions that scale with your needs Specialized appliances Reduced TCORapid deploymentEasy installation Your choice of datacenter hardware with… …your choice of pre-tested software options Wyse Datacenter Towers with local storage VRTX (new form factors) Full racks with modular options
  • 34. Cloud client-computing • Dell - Internal Use - Confidential Wyse Clients Industry-leading thin clients Secure the most secure thin clients on the planet Versatile tailored clients for Citrix, VMware, and Microsoft Powerful handle demanding tasks from video editing to 3D modeling Connected support a broad range of peripherals Desktop All-in-one Mobile Ultra mobile Dell offers the most extensive selection of secure, easy-to-manage thin and zero clients to suit your budget, application, and performance needs.
  • 35. Cloud client-computing • Dell - Internal Use - Confidential See for yourself - next steps More information On the web: Dell.com/wyse Schedule a demo Work with your sales representative to schedule a demo. Access a range of demos, including Dell Enterprise Solutions, Dell DaaS, Dell DVS Simplified Appliance and others. Learn More Engage the experts Engage with your cloud client-computing sales specialist early in the pursuit. Leverage the knowledge of Dell's desktop virtualization experts. a demo at a Dell Solution Center View Dell IT Consulting to assess your needs Engage an Executive Briefing on cloud client-computing strategy Schedule
  • 37. ® We believe you can manage and secure while providing a great user experience
  • 38. It’s Not Only About Security Needs Endpoint manageability License control Profile management Simple Desktop IT Administration Ransomware, phishing, social engineering Unnecessary privileges Audit & Compliance Effective Endpoint Security Performance Flexibility & control Consistency Excellent User Experience
  • 39. The most comprehensive UEM platform. Personalization Environment Manager™ Security Application Manager™ Managed data DataNow™ AppSense management Management Center™ Endpoint analytics Insight™ Optimal capacity & responsiveness Performance Manager™ AppSense AppSense AppSense AppSense AppSense AppSense ® Personalization Policy Privileges Performance Data Analytics Personalization Policy Privileges Performance Data Access Analytics ®
  • 41. ®® AppSense User-First Security Secure, manageable, great user experience Privilege Management Least privileges with just in time self-elevation Application Control Manageability & security through Trusted Ownership™ Analytics Visibility into what’s really going on ®
  • 42. Global UEM Leader Founded in 1999 to help customers deliver a great user experience. • 3400+ customers • 7.5M+ endpoints • 400+ employees AppSense Global HQ in Sunnyvale, California Manchester | Reading | Munich Amsterdam | Paris | Melbourne Sydney | NYC | Sunnyvale | Raleigh 10 GLOBAL LOCATIONS
  • 44. ® Thank you! For more information, visit www.appsense.com or email iwanttoknowmore@appsense.com

Editor's Notes

  1. The pain of the Windows XP to Windows 7 migration is still fresh in many IT leaders’ minds. AppSense eliminates the need for complex migration projects by allow the full user persona, including user files, to follow users automatically between multiple operating systems.
  2. Desktop virtualization helps improve service delivery and competitiveness by simplifying how IT works on systems, dramatically reducing the complexity of the system and making it much more flexible. The IT group can then move from a largely reactive, technical group to a proactive strategic organization. Empowering the workforce – makes it possible for user to bring in an iPad, windows tablet, a Dell PC. Regardless of device your user is going to get the same look at the application, they are all going to have the same level of security. Nothing can be stored on a USB key nothing can be stored on a hard disk. It is secure as you need it to be. Optimize IT resources – managing a fleet of traditional PC is becoming increasing complex. With desktop virtualization, you are moving applications, data, and OS (the desktop) to the data center. There are certain advantages by doing this. IT is able to centrally manage “the virtual desktop” from the data center. Things like adds, moves, changes, back-ups and virus/malware protection. Virtual desktops in the data center also saves IT time and money from remotely troubleshooting PCs vs. physically visiting each PC. Improve security - Is by the design of the architecture. The virtual desktop is secure in the data center and is delivered over a video like protocol. Every end point is like a TV set. Desktop or applications are streaming down to the device, but once the device is turned off nothing resides on the device. One of Dell’s customers, a VA hospital, had a terrible situation where they move to a new ERM system. Someone stole a laptop in the AIDS ward. Normally the notebook hard drive is wiped and then goes up on eBay. The thief in this case knew what they had and the published all of the records on the internet. The hospital was embarrassed, the families were embarrassed. With cloud client-computing that cannot happen, because that data never lands on that laptop. Whenever a device connected to desktop virtualization goes out of its network, usually Wi-Fi, the user can get back to the server. There is no local storage so we can enforce security in a way that meaningful. Managing costs – the cost to deploy applications, the cost to deploy desktops is dramatically simpler when deploying from a data center. Add a user is nothing more that add a thin client on their desk, turning on the instance on the server, and you’re done. There are no installation of applications once its been done.
  3. 70% of our business is in 5 segments: Healthcare, Government, Education, finance, and retail. These are the highly regulated industries. These are the ones that if a mistake is made in security there can be a target loss of 10% of their business. This is where we focus and desktop virtualization shines.
  4. Your choice of datacenter hardware with… We have a complete selection of virtual datacenter infrastructure to meet the needs of our customers. Our Dell DVS brand infrastructure solutions is comprised by a series of offers designed to align with the unique needs of your customers. From on premises solutions from small to large installations, we have it all. And, for customers who would like to easily and quickly pilot or POC desktop virtualization, or deploy a full desktop virtualization solution without buying the infrastructure, Dell offers desktop as a service, running from our own datacenters around the world. Just plug a thin client into the network, and start working. We have virtual environment from virtual workstations which is new. We worked with AMD and NVIDA to develop. So if you have virtual workload that traditional could only have been preformed on Dell Precision workstation (i.e. Finance, CAD / CAM, tank simulations) we can now virtualize that workload. Then starting from a small deployment with 10 seat or a pilot, through mid size with our VRTX technology, up to 50,000 seats. Or largest customer has over 150,000 simultaneously connected thin clients worldwide. Comes down to better scalability due to better density. In January of this year (2014) The average cost to deliver a seat of VDI was $400. A lot of that cost was the SAN. We created a new desktop virtualization environment where we integrated the storage in with the server. We were able to take the cost from $400 a seat down to $190 a seat. More that 50% reduction of cost. Dell has a wide range of data center offerings, better energy utilization, a lot less tools needed. We can spin up an entire environment with the single console. …your choice of pre-tested software options
  5. Dell Wyse software, cloud clients, and services provide the ultimate desktop virtualization endpoint solution when it comes to security, ease of use, and ease of management. For organizations looking to invoke a BYOD program and the Dell Wyse Cloud Client Manager cloud-based fixed and mobile device management console allows this ubiquitous user access to be “locked down” safe for both the organization and the user. Dell Wyse cloud clients and software help companies increase security, make their IT teams much more efficient and proactive, and sharply reduce ongoing management, maintenance and energy costs. Dell Wyse thin clients have zero disk and no moving parts, and those based on Dell Wyse ThinOS are the only virus-immune thin client operating system on the planet. Built on a firmware base that has no APIs, addressable ports or any other network-accessible vulnerabilities, ThinOS-based thin clients completely erase the threat of endpoint viruses and malware from any organization’s security equation. Dell Wyse zero clients are designed and purpose-built to complement Citrix, Microsoft, and VMware virtual desktop environments with strong security, outstanding performance, and easy, hands-off device management. Dell Wyse Cloud Connect (ultra mobile) Is a portable enterprise IT-controlled HDMI/MHL cloud device that allows people to convert a capable screen (TV or monitor) into a functioning interactive display controlled through Bluetooth peripherals, touch Interface or remote control on monitor/TV or companion application for smartphones and tablets. “Secure productivity from work, home, and on the go” IT managed enterprise client with outstanding portability, security, and rich user experience accessing broad applications and content in the cloud.
  6. You probably have customers now who could benefit from Dell Cloud Client Computing. This presentation was meant as a starting point for the sales journey you’ll make with your customer. Use the links provided to understand more about the offer and what’s possible for your customer. Contact your sales solution representative and engage with them and your customer via demos and interaction.