Info Sec2007 End Point Final


Published on

Presentation from InfoSecWorld 2007 - How to Plan for and Use Endpoint Security by Ben Rothke

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Info Sec2007 End Point Final

  1. 2. How to Plan for and Use Endpoint Security <ul><li>Session E3 </li></ul><ul><li>Ben Rothke, CISSP CISM </li></ul><ul><li>Wednesday, March 21, 2007 </li></ul><ul><li>11:30AM - 1:00 PM </li></ul>
  2. 3. About Me <ul><li>Ben Rothke, CISSP CISM </li></ul><ul><li>Senior Security Consultant – BT INS, Inc. </li></ul><ul><li>Previously with AXA Equitable, ThruPoint, Baltimore Technologies, Ernst & Young, Citibank. </li></ul><ul><li>Have worked in the information technology sector since 1988 and information security since 1994 </li></ul><ul><li>Frequent writer and speaker </li></ul><ul><li>Author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill 2006) </li></ul>
  3. 4. Agenda <ul><li>This session is: </li></ul><ul><li>Why you need endpoint security </li></ul><ul><li>Security risks of rogue devices </li></ul><ul><li>Endpoint security solutions: The Big Three </li></ul><ul><li>Universal product requirements </li></ul><ul><li>This session is not: </li></ul><ul><li>Product review </li></ul><ul><li>A monologue </li></ul><ul><ul><li>Feel free to ask a question, make a comment, etc. </li></ul></ul>
  4. 5. Key Takeaway Points <ul><li>Endpoint security is a powerful technology </li></ul><ul><li>Don’t underestimate the time and complexity it will take to deploy </li></ul><ul><li>Define your specific needs and requirements </li></ul>
  5. 6. Times have changed <ul><li>A few years ago, when you called and spoke to someone in area code 212, you could reasonably assume that the person was indeed in New York City. </li></ul><ul><li>Today, when you call area code 212, the person might be in Manhattan; but can also be in Los Angeles, Moscow, Rio or anyplace in the world. </li></ul><ul><li>Endpoints are clearly changing, both in the physical world and in the digital world. </li></ul>
  6. 7. Digital endpoint security <ul><li>Perimeter of old was simply a router or firewall </li></ul><ul><li>Today, the endpoint is the perimeter </li></ul><ul><ul><li>In most organizations, with a laptop and DHCP, everyone gets in with zero validation. </li></ul></ul><ul><ul><li>Old perimeter is dead </li></ul></ul><ul><li>Network perimeter weakness </li></ul><ul><ul><li>Remote access with 80% of enterprises using VPNs </li></ul></ul><ul><ul><li>Web-based extranet and partner connectivity </li></ul></ul><ul><ul><li>Some firewalls are so open, that all they do is simply slow down traffic. </li></ul></ul><ul><ul><li>In some organizations, it’s hard to tell the difference between a firewall and a router. </li></ul></ul>
  7. 8. Glass houses had no rogues <ul><li>In the mainframe era of glass houses and dumb terminals, there were simply no rogue devices </li></ul><ul><li>Networks were private, leased and closed </li></ul><ul><ul><li>Everything around the IBM mainframes was proprietary and closed. </li></ul></ul><ul><li>Today networks are made to be open </li></ul><ul><li>Today rogue devices are a bane </li></ul><ul><li>And endpoint security is becoming a crucial aspect of an information security endeavor. </li></ul>
  8. 9. Security risks of rogue devices <ul><li>The inability to control network admission exposes significant risk to an organization </li></ul><ul><ul><li>Can be accidental or malicious in nature </li></ul></ul><ul><ul><li>Often leads to network downtime or exposure of sensitive information </li></ul></ul><ul><li>Therefore, only allow authorized devices onto the network </li></ul><ul><li>With endpoint security, non-compliant endpoints attempt connection, but are first quarantined </li></ul><ul><ul><li>After inspection and remediation, only then are they admitted </li></ul></ul><ul><ul><li>Endpoints are now starting to be secure </li></ul></ul>
  9. 10. Definition <ul><li>While there is no single universal definition for endpoint security, a general definition is: </li></ul><ul><ul><li>Process of securing a host through a combination of policy management, configuration management, and desktop security software, such as anti-virus and anti-spyware. </li></ul></ul><ul><ul><li>Sum total of the measures taken to implement security concerning endpoints. </li></ul></ul><ul><ul><li>The use of a network access control system used to restrict network access only to systems that demonstrate adherence to a pre-defined corporate security policy </li></ul></ul>
  10. 11. Endpoint security vs. NAC <ul><li>Endpoint security </li></ul><ul><ul><li>Securing the endpoint computing device </li></ul></ul><ul><li>NAC </li></ul><ul><ul><li>Prevents unauthorized access to network resources </li></ul></ul><ul><ul><li>Eliminates intrusions onto the network via worms, spyware, viruses, malware, etc. </li></ul></ul><ul><li>Significant overlap between the two </li></ul><ul><ul><li>Industry and media are using them synonymously </li></ul></ul><ul><ul><li>For the purposes of this talk, I will also </li></ul></ul>
  11. 12. Why do we need endpoint security? <ul><li>Viruses and worms continue to disrupt business </li></ul><ul><li>Zero-day attacks make reactive solutions less effective </li></ul><ul><li>Point technologies preserve host rather than network availability and enterprise resiliency </li></ul><ul><li>Non-compliant servers and desktops are difficult to detect and contain </li></ul><ul><li>Locating and isolating infected systems takes significant time and is extremely resource intensive </li></ul><ul><li>Users are often authenticated, but devices are not </li></ul><ul><li>Non-compliant/unmanaged devices pose an unacceptable risk </li></ul><ul><ul><li>Often source of infection </li></ul></ul><ul><ul><li>Rogue assets untracked, invisible </li></ul></ul><ul><li>Device compliance as important as user authentication </li></ul>
  12. 13. Worldwide NAC enforcement device revenue Source: Infonetics Research June 2006
  13. 14. Endpoint threat sources <ul><li>Remote users </li></ul><ul><li>Mobile users </li></ul><ul><li>Regional, remote and branch offices </li></ul><ul><li>Non-compliant laptops </li></ul><ul><li>Interconnected networks </li></ul><ul><li>Distributed data </li></ul><ul><li>Business extranets </li></ul><ul><li>Guests </li></ul><ul><li>Contractors </li></ul><ul><li>Remote access </li></ul><ul><li>Web services </li></ul><ul><li>Wireless </li></ul><ul><li>Mobile smart devices </li></ul><ul><li>VoIP phones </li></ul><ul><li>and many more… </li></ul>
  14. 15. Endpoint threat activities <ul><li>Rogue wireless access </li></ul><ul><li>Keystroke loggers </li></ul><ul><li>Contractor with latest worm or virus on their laptop </li></ul><ul><li>Kiosks </li></ul><ul><li>Backdoor listening for inbound connections </li></ul><ul><li>Spyware download via P2P </li></ul><ul><li>IM </li></ul><ul><li>and more… </li></ul>
  15. 16. Origination points <ul><li>Accessed by employees, consultants, customers, trading partners </li></ul><ul><li>From home office, hotel, branch office, client site, airport, conference, restaurant, home, trains, planes, automobiles </li></ul><ul><li>Using laptops running Windows, Linux, Mac OS/X; </li></ul><ul><li>PDA running PocketPC, Symbian or PalmOS; mobile phone, public kiosk </li></ul><ul><li>Dial-up modem, hotel Ethernet, Wi-Fi, mobile carrier, cable modem, DSL </li></ul><ul><li>To connect with email, Web-based intranet, terminal services, CRM, ERP, partner data </li></ul><ul><li>Contrast this with the old dumb terminals </li></ul><ul><ul><li>One location, one hard connection. </li></ul></ul>
  16. 17. Endpoint security benefits <ul><li>Manage zero-day threats </li></ul><ul><li>Reduce incident response cost </li></ul><ul><li>Eliminate system downtime </li></ul><ul><li>Reduce hot fixes and patching </li></ul><ul><li>Lower recovery cost </li></ul><ul><li>Comply with regulatory requirements </li></ul><ul><li>Single solution, multiple security functions, low performance impact </li></ul><ul><li>Increased security of corporate resources </li></ul><ul><li>Ensures endpoints (laptops, PC, PDA, servers, etc.) conform to security policy </li></ul><ul><li>Proactively protects against worms, viruses, spyware and malware </li></ul><ul><li>Reduced risk of outbreak due to infected endpoints </li></ul><ul><li>Safe access to networks through VPN access </li></ul><ul><li>Controlled remediation and patching of unhealthy endpoints </li></ul>
  17. 18. Evolution of endpoint security <ul><li>Today </li></ul><ul><li>Static network access </li></ul><ul><li>Every device is permitted </li></ul><ul><li>Infected or unhealthy devices are frequently the root of an outbreak </li></ul><ul><li>Tomorrow…but more realistically in 5+ years </li></ul><ul><li>Dynamic network access based on policies </li></ul><ul><li>Screen devices before granting access </li></ul><ul><li>Infected or unhealthy devices treated separately </li></ul>
  18. 19. Endpoint security deployment
  19. 20. Start thinking about endpoint security <ul><li>Know what you want to inspect </li></ul><ul><li>What policies do you want? </li></ul><ul><li>Risk assessment </li></ul><ul><ul><li>Define in detail what are your risks </li></ul></ul><ul><ul><li>Not all risks are created equal </li></ul></ul><ul><ul><li>Not all endpoints are created equal </li></ul></ul><ul><li>What is your security problem and how do you expect an endpoint security solution to solve it? </li></ul>
  20. 21. Questions you need to ask <ul><li>How do we enforce compliance with our security policies in order to provide a safe and secure network environment for everyone? </li></ul><ul><li>How do we identify unmanaged desktops to deliver our security message? </li></ul><ul><li>How do we ensure all types of users have adequate awareness and training of security issues? </li></ul>
  21. 22. Budget and Staffing <ul><li>Ensure that you have adequate budget and staff to support endpoint security </li></ul><ul><ul><li>Endpoint projects take a lot of money and manpower to deploy </li></ul></ul><ul><ul><li>Regardless of what the vendor tells you, endpoint security costs a lot of $$$$ </li></ul></ul><ul><ul><li>It is worth it, but it is in no way cheap </li></ul></ul><ul><li>If you don’t have the budget and staff, don’t even think of deploying endpoint security. </li></ul>
  22. 23. Next steps <ul><li>Define very specific goals for endpoint security </li></ul><ul><li>Assessment of endpoint security requirements and needs </li></ul><ul><li>Decision making based on policy compliance </li></ul><ul><li>Admission enforcement at the network infrastructure level </li></ul><ul><li>Quarantining/remediation of unhealthy devices </li></ul>
  23. 24. Context of the endpoint device <ul><li>Function </li></ul><ul><li>Location </li></ul><ul><li>Criticality </li></ul><ul><li>Compliance state </li></ul>
  24. 25. What are your minimums? <ul><li>Define and evaluate what is necessary </li></ul><ul><li>What is to be allowed? </li></ul><ul><li>Obligatory compliance of all desktops to minimum corporate security policy </li></ul><ul><ul><li>Define minimum desktop requirements </li></ul></ul><ul><ul><li>Current OS patches </li></ul></ul><ul><ul><li>Latest Web browser </li></ul></ul><ul><ul><li>Latest anti-virus/spyware signatures and definitions </li></ul></ul><ul><ul><li>Up-to-date personal firewall </li></ul></ul><ul><ul><li>Latest spyware signatures and definitions </li></ul></ul><ul><ul><li>Other security configurations </li></ul></ul><ul><li>Exceptions </li></ul><ul><ul><li>CEO and friends </li></ul></ul>
  25. 26. Strategic endpoint security <ul><li>Effective endpoint security requires a strategic approach that understands the need to optimize connectivity while also ensuring protection for all critical resources </li></ul><ul><ul><li>This is not a trivial task </li></ul></ul><ul><li>Endpoint security is not plug and play </li></ul><ul><ul><li>deployments require a lot of initial TLC </li></ul></ul><ul><ul><li>can break many applications </li></ul></ul><ul><ul><li>cause others to crash </li></ul></ul>
  26. 27. NAC - one-size does not fit all <ul><li>Biggest mistake in NAC design </li></ul><ul><ul><li>taking a one-size fits all approach </li></ul></ul><ul><li>NAC policies must address </li></ul><ul><ul><li>Who </li></ul></ul><ul><ul><li>What </li></ul></ul><ul><ul><li>Where </li></ul></ul><ul><ul><li>When </li></ul></ul><ul><ul><li>Why </li></ul></ul>
  27. 28. NAC - one-size does not fit all <ul><li>Second biggest mistake in NAC design </li></ul><ul><ul><li>Inadequate piloting </li></ul></ul><ul><ul><li>First pilot groups should be with users who are computer savvy </li></ul></ul><ul><ul><li>NAC policies take a lot of tweaking to get them right </li></ul></ul><ul><li>Start small </li></ul><ul><ul><li>Don’t try a global deployment until you have a few successful localized deployments </li></ul></ul>
  28. 29. Converged devices <ul><li>Devices such as notebooks, tablet PCs, PDAs, smartphones, iPod, Zune and other types of mobile devices also need to be secured </li></ul><ul><li>They have increasing storage and performance capabilities </li></ul><ul><li>They travel outside the bounds of physical and logical perimeters – and they aren’t connected to the network at all times </li></ul><ul><li>These devices enter and leave your network many times over the course of the year </li></ul><ul><ul><li>That leaves myriad opportunities to return with malware </li></ul></ul>
  29. 30. Converged devices <ul><li>These devices present a significant potential for financial loss, legal liability and brand damage since they are unprotected </li></ul><ul><li>Many organizations have no idea if these devices are connected to their network or how many are connected </li></ul><ul><li>Endpoint security can offer protection against the threats that converged devices bring </li></ul>
  30. 31. Non-corporate owned devices <ul><li>Consultants, contractors, hackers, employees and more will attempt to connect their own devices to the corporate network </li></ul><ul><li>Be it a corporate-owned device or privately-owned endpoint, they all must be controlled before being given access to the network </li></ul>
  31. 32. Endpoint security recommendations <ul><li>An unsecured endpoint must not be allowed to connect to the network if doing so inappropriately increases the risk to the organization </li></ul><ul><li>Management must identify the state of the endpoints before they are allowed access to internal networks </li></ul><ul><li>CISO must be able to provide a level of assurance to management that information will be protected when it reaches the endpoint </li></ul><ul><li>Remediation plans must be created for remote endpoints </li></ul>
  32. 33. Endpoint security - not a silver bullet <ul><li>While endpoint security is a hot topic with myriad hardware and software solutions, the reality is that: </li></ul><ul><ul><li>There are no standards </li></ul></ul><ul><ul><li>Many current solutions are proprietary </li></ul></ul><ul><ul><li>Still an immature solution </li></ul></ul><ul><ul><li>Not a lot of experts in the field </li></ul></ul><ul><ul><li>Solutions are costly and complex to implement </li></ul></ul><ul><ul><li>Not all solutions address post-admission control </li></ul></ul><ul><ul><li>The endpoint security market is still evolving, and its noble objectives are still progressing. Many of which have yet to be achieved. </li></ul></ul>
  33. 34. What about post-admission control? <ul><li>Blocking access is easy </li></ul><ul><ul><li>The hard part is finding a way to safely conduct business when the unmanaged endpoint of a business partner or customer is not compliant </li></ul></ul><ul><ul><li>Asking third-parties to install NAC software clients is often infeasible </li></ul></ul><ul><li>NAC does not completely track and control the flow of confidential data </li></ul><ul><li>We must wait until the next generation of NAC/Endpoint security functionality </li></ul>
  34. 35. Endpoint Security Solutions - Big 3 <ul><li>Cisco Network Admission Control (NAC) </li></ul><ul><li>Microsoft Network Access Protection (NAP) </li></ul><ul><li>TCG Trusted Network Connect (TNC) </li></ul>
  35. 36. Other vendors in the space <ul><li>Check Point </li></ul><ul><li>Endforce </li></ul><ul><li>StillSecure </li></ul><ul><li>Symantec </li></ul><ul><li>Juniper </li></ul><ul><li>Configuresoft </li></ul><ul><li>Lockdown Networks </li></ul><ul><li>eEye </li></ul><ul><li>Qualys </li></ul><ul><li>Funk </li></ul><ul><li>3Com </li></ul><ul><li>Altiris </li></ul><ul><li>ISS </li></ul><ul><li>Citrix </li></ul><ul><li>ConSentry </li></ul><ul><li>Vernier </li></ul><ul><li>Senforce </li></ul><ul><li>McAfee </li></ul><ul><li>Forescout </li></ul><ul><li>InfoExpress </li></ul><ul><li>Intel </li></ul><ul><li>and many more…. </li></ul>
  36. 37. Commonalities <ul><li>All of the solutions are basically attempting to perform the same task </li></ul><ul><li>They all use routers, switches, wireless access points, software and security appliances to enforce endpoint security </li></ul><ul><li>Require security credentials from endpoint device </li></ul><ul><li>Relays them to a policy server </li></ul><ul><li>Policy servers evaluate credentials and make admission control policy decision (permit, deny, quarantine or restrict) </li></ul><ul><li>Network access device enforces admission control policy decision </li></ul>
  37. 38. Commonality – Policy Server <ul><li>The policy server is generally a RADIUS, Kerberos or 802.1x system and is the central point for establishing network access policies and is the primary mechanism for the endpoint security workflow </li></ul><ul><li>The policy server decides whether to allow an endpoint onto the network based on input from the baseline of the device </li></ul><ul><li>The server interfaces with other security configuration management functions that hold information such as OS updates, AV, patches, etc. </li></ul>
  38. 39. 802.1x is not NAC <ul><li>IEEE 802.1x – Standard for port-based network access control. </li></ul><ul><ul><li>It is not NAC as the industry knows it </li></ul></ul><ul><ul><li>Port-based authentication </li></ul></ul><ul><ul><li>Provides authentication to devices connected to a LAN port </li></ul></ul>
  39. 40. Cisco NAC <ul><li>API-level enforcement & quarantine technology being built into Cisco network infrastructure </li></ul><ul><li>In production </li></ul><ul><li>Multiple vendors in program </li></ul><ul><li>NAC focuses on network infrastructure, policy definition and management </li></ul><ul><li>Built on a foundation of installed Cisco devices </li></ul>
  40. 41. Cisco NAC <ul><li>NAC works via trusted modules that are installed on Windows and Linux desktops (Cisco Trusted Agent - CTA) and implemented in Cisco routers and switches </li></ul><ul><li>CTA gathers device information and passes it via 802.1x to the Cisco Secure Access Control Server (ACS) </li></ul><ul><li>ACS communicates with the policy server to determine compliance and enforce network access via the Cisco switching infrastructure </li></ul>
  41. 42. Cisco NAC <ul><li>NAC requires a Cisco infrastructure running a current version of IOS </li></ul><ul><ul><li>12.3(8)T or later </li></ul></ul><ul><li>For enterprises running legacy Cisco devices, this will require an expensive hardware upgrade </li></ul><ul><li>For enterprises running older versions of IOS, this will require plans to upgrade </li></ul>
  42. 43. Cisco NAC <ul><li>Benefits </li></ul><ul><li>Shipping now </li></ul><ul><li>Somewhat mature </li></ul><ul><li>Many deployments </li></ul><ul><li>Supports Linux clients </li></ul><ul><li>Disadvantages </li></ul><ul><li>Proprietary solution </li></ul><ul><ul><li>Full solution works only with Cisco 802.1x equipment and authentication server </li></ul></ul><ul><li>Cisco switch-based </li></ul><ul><li>Significant IOS upgrade may be required </li></ul><ul><li>Requires software agent </li></ul>
  43. 44. Microsoft NAP <ul><li>Health assessment of host device </li></ul><ul><li>API-level enforcement & quarantine technology via the Windows OS </li></ul><ul><li>Available in Vista </li></ul><ul><li>Multiple vendors in program and announcing support </li></ul><ul><li>Built on a Windows foundation and uses the Windows Quarantine Agent (QA) </li></ul>
  44. 45. NAP Components <ul><li>Administrators can use these technologies separately or together to limit noncompliant computers. </li></ul><ul><li>NAP provides limited access enforcement components for the following technologies: </li></ul><ul><ul><li>IPsec </li></ul></ul><ul><ul><ul><li>Health Registration Authority (HRA) and IPsec NAP Enforcement Client (EC) </li></ul></ul></ul><ul><ul><li>802.1x authenticated network connections </li></ul></ul><ul><ul><ul><li>NPS server and an EAPHost NAP EC component </li></ul></ul></ul><ul><ul><li>VPN </li></ul></ul><ul><ul><ul><li>VPN NAP Enforcement Server (ES) component/VPN NAP EC component </li></ul></ul></ul><ul><ul><li>DHCP </li></ul></ul><ul><ul><ul><li>NAP ES component/DHCP NAP EC component </li></ul></ul></ul>
  45. 46. NAP characteristics <ul><li>Health Policy Validation </li></ul><ul><ul><li>When a user attempts to connect to the network, the computer’s health state is validated against the health policies as defined by the administrator. </li></ul></ul><ul><li>Health Policy Compliance </li></ul><ul><ul><li>Administrators can help ensure compliance with health policies by choosing to automatically update noncompliant computers with the missing requirements through management software. </li></ul></ul><ul><li>Limited Access </li></ul><ul><ul><li>Administrators can protect network assets by limiting the access of computers that do not comply with health policy requirements. </li></ul></ul><ul><ul><li>Non-compliant computers will have their access limited as defined by the administrator. </li></ul></ul>
  46. 47. Microsoft NAP <ul><li>Microsoft states that NAP is not designed to secure a network from malicious users. </li></ul><ul><li>It’s designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the network’s overall integrity. </li></ul><ul><li>Microsoft’s new platform to limit the access of connecting computers until they are compliant with system health requirements </li></ul>
  47. 48. Microsoft NAP <ul><li>QA gathers device information and passes it to the Microsoft Network Policy Server (NPS) </li></ul><ul><li>NPS works with other devices (DHCP, IPsec, VPN, 802.1x and more) for policy compliance </li></ul><ul><li>Supported in Vista and Windows XP SP2 </li></ul>
  48. 49. Microsoft NAP <ul><li>Benefits </li></ul><ul><li>Single policy solution for Windows devices </li></ul><ul><li>Supported by many vendors </li></ul><ul><li>Disadvantages </li></ul><ul><li>Just out of beta </li></ul><ul><li>Only Vista and XP support </li></ul><ul><li>No Linux support </li></ul><ul><li>Proprietary </li></ul>
  49. 50. Trusted Computing Group <ul><li>Creating TNC (Trusted Network Connect) Standard </li></ul><ul><li>Multiple API-level interfaces </li></ul><ul><li>Broad approach to endpoint security </li></ul><ul><li>Still in early stage of development </li></ul><ul><li>Built on the assumption that every device has a specialized piece of hardware to verify that the endpoint has not been compromised </li></ul><ul><li>Uses that hardware to monitor and enforce endpoint policies </li></ul>
  50. 51. Trusted Network Connect <ul><li>Trusted Network Connect is a set of open standards </li></ul><ul><ul><li>Mission is to develop and promote an open, vendor-neutral, industry standard specification for trusted computing building blocks and software interfaces across multiple platforms </li></ul></ul><ul><li>Not all of the standards have been fully defined </li></ul><ul><li>Little product support to date </li></ul><ul><li>Key components of TNC are a RADIUS server and 802.1x authentication servers, in addition to a trusted hardware chip (TPM) and software on the endpoint device </li></ul>
  51. 52. Trusted Network Connect <ul><li>The TPM (Trusted Platform Module) is used to authenticate the endpoint device </li></ul><ul><li>Once authenticated, the TPM passes control to a software agent, which checks the device for compliance </li></ul>
  52. 53. Trusted Network Connect <ul><li>Benefits </li></ul><ul><li>Provides security at the hardware level </li></ul><ul><li>Broad architecture </li></ul><ul><li>Wide support from laptop and other hardware vendors </li></ul><ul><li>Open specification </li></ul><ul><li>Disadvantages </li></ul><ul><li>Requires specialized TPM hardware </li></ul><ul><li>Standards are incomplete </li></ul><ul><li>Few major rollouts </li></ul>
  53. 54. References/Books <ul><li>NAP - </li></ul><ul><li>NAC - </li></ul><ul><li>TNC - </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>Essential Trends and Dynamics of the Endpoint Security Industry </li></ul><ul><ul><li> </li></ul></ul>
  54. 55. Books
  55. 56. Conclusions <ul><li>Endpoint security is a powerful technology whose time has come. </li></ul><ul><li>Don’t underestimate the time and complexity it will take to deploy. </li></ul><ul><li>Make sure you define your specific needs and requirements and map those to your environment. </li></ul><ul><li>You will have to live with and support your decision, so make sure you make the right choice. </li></ul>
  56. 57. QA/Thanks for attending <ul><li>Any questions? comments? </li></ul><ul><li>Please fill out your evaluation sheets </li></ul><ul><li>Ben Rothke CISSP, CISM </li></ul><ul><li>BT PS </li></ul><ul><li>[email_address] </li></ul>