Are you thinking about extending the endpoint capabilities of your Security Solution? Join us for a dep dive into the value of embedding patch management capabilities into your security software. Learn how other security companies have chosen to add patching and remdiation. Why in 2018 patching is more important than ever as your customers confront ransomware, zero day attacks, and more.
2. Presenters Today:
Phil Richards, CISO
Our Security Model at Ivanti utilizing CIS Controls
Russ Eddleman, Director of OEM Partnerships
Overview of OEM Program
Nik Patronas, Sr Solutions Architect
OEM Patching Architecture and Demo
3. Agenda
• Why Patching Was Critical in 2017
• Ivanti Security Model – CISO perspective
• Embedded Patch Management API and Architecture
• Demo of Shavlik Patch from Ivanti
• Ivanti OEM Patch Program
• Q&A
5. 30%
of recipients open phishing messages.
click on
attachments.12%
90+%
of security incidents/breaches
involve phishing.
Verizon 2016 Data Breach Investigations Report
Verizon 2017 Data Breach Investigations Report
6. The present? The struggle is already real.
72%
49%
of security
professionals
experienced a
WannaCry-like event.
experienced 3
such events.
20%
experienced 6 such
events.
More than 4,000 ransomware attacks per day since Jan. 2016,
a 300% increase over 2015 (U.S. Department of Justice)
Farsight Security
And in the past year?
8. SamSam Attacks
Targeted attacks
City courts
Water system
Medical records
Limited IT staff
Smaller, manageable payments
Exploitation of known vulnerabilities
Multiple layers of system penetration
Preventable with patching!
Source: Wired
12. Cloud or Premise based
Patch Management
solution
Ivanti Patch Management Overview
Asset Inventory Automation
13. Cloud or Premise based Patch Management solution
• Microsoft, Linux, Mac and 3rd Party Patch Management
• Physical, virtual servers, and workstations
• Integrate seamlessly with current OEM technology
• VMware virtual environments
• On-line virtual machines, off-line virtual machines, templates
• ESXi Host Patching
Asset Inventory
• Hardware, Software, BIOS, etc.
Automation
• Unique scheduling abilities
• Allow IT Administrators to fully automate their patch management process
• From initial scan to deployment
Ivanti Patch Management Overview
14. OEM Patch Content
Support for automated and managed patching of:
Windows, Mac and Linux OS
Hundreds of 3rd party software applications
Adobe, Java, Google, Apple, Microsoft, etc.
Dedicated team continually research, monitor, validate and
publish new patch content.
Released at least 2 times a week, often more frequently
Includes patch metadata, e.g. type, vendor, name, security,
supersedence, pre-requisites, reboot necessity, cve’s, etc.
Global Security Content Delivery Network (CDN)
Market-leading CDN partner, 40,000+ cache distribution points
worldwide
Delivered via HTTP(S) protocols, MD5 checksum for every file
and many more…
15. Scans for missing patches
(agent or agentless)
Returns patch info and
other key metadata for OS
and 3rd party applications
Creates install scripts for
patch installation
Outputs URL’s for all
patches with flags for silent
install, reboot requirements
etc.
Input parsed from Patch
Scan results
Downloads incremental
updates for patch
catalog/signatures
De-obfuscates Ivanti’s
patch metadata for
UI/Reports
Keep Ivanti’s patch
components and data files
up to date
Ivanti Windows Patch SDKs
Patch Assessment Patch UtilitiesPatch Packaging
16. Windows SDK – Technical Highlights
Agent-based or agentless assessment and patching
Near real-time assessment (5-10 seconds)
Quickest verified patch availability in the market
Support for physical and virtual systems, including hypervisor
and offline VMs
Comprehensive and “smart” reboot options
Multiple integration options: structured interface, in/out of
process COM interface, managed .NET interface, CLI
17. Ivanti Mac and Linux SDKs
Patch Api Library – Endpoint
Assessment & Remediation
Patch Utilities
Standard API for all target endpoint platforms
Native libraries for Mac OS
Assess and remediate applicable endpoints
Java-based API facilitates download of patch
content from CDN of HTTP(S)
Easily configured to meet OEM server needs
Downloaded security content typically stored
in “patch management” tables within OEM
partner’s server DB
18. Mac and Linux – Technical Details
Cross-platform MacOS and Linux/UNIX
Assessment and patching
Native MacOS Libraries
Linux support for SUSE, Redhat, CentOS, Oracle,
Ubuntu distributions
C++ Native interface/Java JNI Wrapper
19. SDK/API OEM As A ServiceWhite-label
OEM PATCH MANAGEMENT OPTIONS
Embed into your product
Windows SDKs, Mac, Linux
APIs and Content
Cloud or premise
Patch for Microsoft SCCM
Patch for Endpoints
Patch from the Cloud
Ivanti Patch Catalog /
Content as a service
20. OEM
Console & Server
Machine Group 1 Machine Group 2
Agentless Architecture
Scan
When new patches come out,
The Ivanti Content team test and
determine detection and
deployment logic.
TCP139 /445
21. OEM
Console & Content
Server
Machine Group 1 Machine Group 2
Agent
Policy
An Agent policy defines how the agent is
going to scan and patch the device
Frequently disconnected
devices pose a different
problem to solve.
An agent can be installed.
Manage Agents from the
Protect Cloud
Agent Architecture
24. Drive profitable growth with
Competitive Advantage – INCREASED MARKET REACH
MINIMIZE
DEVELOPMENT
Costs and Time
Offer a
COMPLETE
SOLUTION
Extend your
BUSINESS
VALUE
Create
CROSS SELL
Opportunities
26. Why Have OEMs Chosen Ivanti?
Enterprise
class OEM
track record
Flexible
business
terms
Dedicated
OEM team
SDK
designed
for OEMs
Documented
roadmap &
regular
updates
27. Ivanti OEM Models
• Fully functional product
• Your logo
• Product documentation
TECHNOLOGY
Custom
SDK/API OEM
Componentized
WHITE-LABEL
Packaged
Fully functional product
Your logo
Product documentation
Fully functional SDK /API
API documentation
Licensed technology and capabilities
Custom documentation
28. White Label
TECHNOLOGY
Custom
SDK/API OEM
Componentized
WHITE-LABEL
Packaged
Patch for
Microsoft SCCM
• Snap-in to Microsoft SCCM
• Patches 3rd party application and device drivers (Lenovo, Dell, HP) using
standard SCCM flows.
Patch for
Windows
• Agent or Agentless patch-management
• Virtualization patching and VM patching
• Brandable GUI
• Patches OS and 3rd party apps
Xtraction
Reporting and
Dashboards
• Drag and drop dashboard and reporting tool
• Use your own or 3rd party data sources
• Display on a single dashboard, or wallboard
• Brandable Installation package and UI
29. SDK/API OEM
TECHNOLOGY
Custom
SDK/API OEM
Componentized
WHITE-LABEL
Packaged
Patch for
Windows SDK
Patch for Mac
API
• Core Patch SDK, patches OS and 3rd party apps
• Capable of scanning machines in less than 8 seconds without creating user
experience issues.
• Agentless or agent-based scan of Windows machines.
• Agent based
• Scans and remediates patch vulnerabilities in Mac OS and third party apps
Patch for Linux
API
• Agent based
• Scans and remediates Linux OS.
Device Control
API
• Enables granular control of connected devices and operations
• Combat insider threat risks
• Manage access and utilization
Patch for
Microsoft SCCM
• Snap-in to Microsoft SCCM
• Patches 3rd party application and device drivers (Lenovo, Dell, HP) using
standard SCCM flows.
Patch for
Windows
• Agent or Agentless patch-management
• Virtualization patching and VM patching
• Brandable GUI
• Patches OS and 3rd party apps
As many of you likely know, the Verizon Data Breach Investigations Report (DBIR) is one of the most respected annual reports in the security industry.
Just this year the Verizon RISK team found phishing is used in more than 90 percent of security incidents and breaches. (Source: Verizon 2017 DBIR)
And at equally alarming rates, users with their many devices are falling victim to ransomware and other malware via these user-targeted attacks. According to Verizon, 30 percent of phishing messages were opened in 2016—up from 23 percent the year before—and in 12 percent of those events users clicked to open the malicious attachment or link. (Source: Verizon 2016 DBIR)
The 2016 DBIR highlights the rise of a three-pronged phishing attack:
The user receives a phishing email with a malicious attachment or a link pointing to a malicious website.
The user downloads malware, which attackers can use to look for secrets and internal information, steal credentials to multiple applications through key logging, or encrypt files for ransom.
Attackers can also use stolen credentials for further attacks: for example, to log into third-party websites like banking or retail sites.
That’s a critical question, because they’re trying to do it right now.
When you consider just how common attacks really are and the kinds of attacks they are evolving into? The nightmare scenario we just visited has the heft of reality to it. Though WannaCry and NotPetya made the headlines, cybersecurity professionals work on major incidents in their own organizations throughout the year.
According to a 2017 survey from threat intelligence firm Farsight Security, 49% of cybersecurity professionals experienced a WannaCry-like security incident in the last year that the public never heard about. Of those, 72% said major security events had happened three times in that year, and 20% upped that to six. (Source: https://globenewswire.com/news-release/2017/06/27/1029363/0/en/WannaCry-Just-Another-Day-at-the-Office-Confirms-Cybersecurity-Professionals.html)
The U.S. Department of Justice reports the staggering figure of more than 4,000 ransomware attacks per day since January 1, 2016, a 300% increase over 2015. (Source: https://www.justice.gov/criminal-ccips/file/872771/download)
It’s easy to overlook how common attacks are, and how hard security and IT teams are working to keep infrastructure and data secure.
There is a really detailed article posted by the Infosec Institute entitled Most Exploited Vulnerabilities: by Whom, When, and How which goes into detail on the information presented here. This article is based on information collected and analyzed by Recorded Future as referenced here. It identifies the vulnerabilities exploited between November 2015 and November 2016 by threat actors such as nation states and criminal organizations and the availability of tools in exploit kits. It further describes some of the secondary activities such as injection of ransomware, malware, phishing, and outright data theft.
There are a number of sites that provide Top 10 lists of vulnerabilities and exploited applications. Use them to your advantage and prioritize applications to patch appropriately.
The SamSam attacks that have been in the news recently, the most notable being the attack on the City of Atlanta, are slightly different than the two we talked about so far. These attacks are very targeted in nature going after smaller organizations such as healthcare, university, and other local systems that have limited IT staffs. These organizations are more likely to pay a ransomeware payment than to deal with the notoriety or the resources needed to recover.
Also unique to SamSam is the organized methodology used to conduct the exploitation. This organization targets many known vulnerabilities to gain access to computer systems. Very methodical in their approach, the penetrate the ‘outer’ set of systems and continue the process to work their way deeper into many systems. Once they have achieved the desired level of penetration they will release the ransomware to encrypt the files.
The most important point here, is that the vulnerabilities being exploited have patches available. This could all be prevented!
Cloud or Premise based Patch Management solution
Microsoft, Linux, Mac and 3rd Party Patch Management
Physical, virtual servers, and workstations
Integrate seamlessly with current OEM technology
VMware virtual environments
On-line virtual machines, off-line virtual machines, templates
ESXi Host Patching
Asset Inventory
Hardware, Software, BIOS, etc.
Automation
Unique scheduling abilities
Allow IT Administrators to fully automate their patch management process
From initial scan to deployment
Cloud or Premise based Patch Management solution
Microsoft, Linux, Mac and 3rd Party Patch Management
Physical, virtual servers, and workstations
Integrate seamlessly with current OEM technology
VMware virtual environments
On-line virtual machines, off-line virtual machines, templates
ESXi Host Patching
Asset Inventory
Hardware, Software, BIOS, etc.
Automation
Unique scheduling abilities
Allow IT Administrators to fully automate their patch management process
From initial scan to deployment
Competitive advantage - Increase market reach to attract new customers
Minimize development costs and time - Accelerate time to market
Offer a more complete solution - Boost adoption of your application
Extend your business value - Generate additional revenue through larger deal sizes
Create new cross sell opportunities
Enterprise class OEM solutions
Track record of ongoing OEM relationships
Flexible business terms
Dedicated engineering and technical support
Access to SDK designed for OEMs,
Regular updates
Documented roadmap
White Label
Fully functional product with your logo on it. Your responsibilities include re-hosting the delivery of the executable, hosting online documentation and licensing interfaces.
SDK/API OEM
We deliver fully functional SDK’s and/or API’s to you complete with documentation and upgrades over time. You implement this into your code and call the engine as you need, customizing its access to your specific use cases.
Technology
We offer most of our capabilities and technologies for license. If you are looking for reputation content, patch content, or other capabilities, we supply these and you integrate directly into your product.