The next step in workspace | Simple, Scalable, Secure

Uw werkplek- en datacenterspecialist
Ontwerpen • Implementeren • Optimaliseren

The next step in workspace
Simple, Secure & Scalable

Agenda
• 12.00 - 13.00 uur Lunch
• 13.00 - 13.10 uur Welkom
• 13.10 - 13.30 uur Werkplektransformatie
• 13.30 - 14.00 uur Citrix
• 14.00 - 14.30 uur Koffiepauze
• 14.30 - 15.15 uur Nutanix
• 15.15 - 15.45 uur AppSense
• 15.45 - … uur Afsluiting & borrel

Even voorstellen
Harry Beekman
Sr. Account Manager

Over ICT-Partners
• 80 experts
• Meer dan 14 jaar ervaring
• Twee vestigingen

Cultuur
• Balans
• Duurzaamheid
• Efficiency

ICT-Partners over ICT
Optimaliseer investeringen en investeer in innovatie
Maak van ICT een echte business-enabler
Een juist strategisch ICT-beleid omarmt technologische ontwikkelingen
die de concurrentiepositie van de business versterken.

Werkplektransformatie:
van paard & wagen naar Tesla
Door Frans Loth, ICT-Partners

Werkplek 0.0!
• Craftsmanship
• Alleen voor de elite
• Tijdrovende (re)productie
• Indirecte 1-op-1 communicatie
• Extreem foutgevoelig
• Onveilig, opkomst cryptografie
• Opkomst mechanische reproductie
• Grote afstand in tijd

Werkplek 1.0
• Alleen op kantoor beschikbaar
• Eenvoudige reproductie
• 1-op-1 gesproken communicatie
• Introductie van mail, 1-op-n
communicatie
• Minder foutgevoelig
• Afstand van realtime tot uren
• Diversiteit, complexiteit in beheer
• Personal services
• Gebruiker moet tech savvy zijn
• Digitale bedreigingen

Werkplek 2.0
• Beheersing van werkplekcomplexiteit
• Technische centralisatie (SBC, VDI, virtualisatie)
• Versnelling van deployment
• Toename DC complexiteit
• Internet / massacommunicatie / Information at your fingertips
• Mobiliteit: werkplek op kantoor, thuis en onderweg
• Generic Services
• Security is een vakgebied

Ultimate WorkspaceLeef je droom!

Leef je droom! Ultimate Workspace
• Virtuele teams
• In line vertaling
• Voice command & response
• Nieuwe projectietechnieken (glas, holo)
• Artificial Intelligence
• Virtual Reality
• Augmented Reality
• Instant data analyse
• Volledige persoonlijke afstemming

Gas los!! Terug naar Werkplek 3.0 …

Werkplek 3.0 uitdagingen
• Reductie van technische complexiteit
• Vraagfluctuatie, ongebreidelde groei
• Veeleisende gebruikers en klanten
• Zelfredzaamheid, gebruikersgemak
• Afgestemde, consistente user experience
• Access anywhere anytime any device
• Cloud Apps / Cloud integratie / Sourcing
• Snel evoluerende bedreigingen
• Kosten!
• ICT als business enabler & innovatie driver

Haal meer uit uw werkplek
met Citrix & Nutanix!
Door Corné van Ginkel, ICT-Partners

Historie van Citrix Systems
• 1995 Winframe
• 1997 Metaframe 1.8
• 2001 Metaframe XP
• 2004 Presentation Server 3.0
• 2005 Presentation Server 4.0, Access Gateway Appliance 4.0
• 2006 Access Gateway Appliance
• 2007 Presentation Server 4.5, Citrix Desktop Server 1.0, Citrix
WanScaler, Provisoning Server 4.5 (=Ardence), XenServer
• …
• 2016

Productportfolio
• Citrix XenApp
• Citrix XenDesktop
• Citrix XenServer
• Citrix XenClient
• VDI-in-a-box
• NetScaler
• Workflow Studio
• NetScaler Gateway
• NetScaler CloudBridge
• Provisioning Server
• XenMobile
• Citrix Receiver
• ShareFile
• GoToMeeting
• GoToWebinar
• GoToAssist
• GoToMyPC

COMPLEXITEIT voor de ICT-organisatie

Facts
• 2 x Citrix NetScaler Gateway appliances
• 2 x Citrix XenDesktop Delivery Controllers
• 2 x Microsoft SQL Servers
• 2 x Citrix StoreFront servers
• 1 x Citrix License Server
• 3 x Citrix Provisioning Services
• 12 componenten in een ‘minimale’ setup (enkelvoudig datacenter)
• Hoog kennisniveau vereist door complexe stack
• Nog geen rekening gehouden met:
• Enterprise Mobility Management (Citrix XenMobile)
• Enterprise File Sharing (Citrix Sharefile)

Complexiteit verminderen door…
…introductie van Citrix Cloud

Service available now
Service available soon
Secure
Browser
service
Lifecycle
Management
AppDNA
Express
IoT
Automation
3rd Party
Services
Hybrid Cloud | Private Cloud | Any Public Cloud | Any Hypervisor
XenApp and
XenDesktop
service
XenMobile
service
ShareFile
NetScaler
Gateway
Service
Cloud-Based Delivery Fabric Unites and Deploys
all Workspace Technologies

Fast
Flexible
Simple
•Fastest way to adopt core Citrix technology
•Instantly integrate Citrix services – XA, XD, XM, SF
•Deploy onto Any cloud, infrastructure, location
•Preserve existing HW investments
•Less to install
•No More upgrades
Secure
•IP located where you want it
•No Data handled by cloud management
A New Approach to Adding Customer Value

Simplicity: All Services Are Pre-Integrated
…. So customers don’t have to
XenApp and XenDesktop service
The power of secure access to virtual
Windows, Linux, Web apps and desktops
XenMobile service
End-to-end mobile app
delivery and device security
ShareFile
Share, sync and secure content from
cloud & on-premise storage services
Lifecycle Management
Blueprint, automate and manage the
design and deployment of enterprise
workloads
Secure Browser service
Simple, secure, high-performance remote
access to any internal or external web app

Customer Value of Citrix Cloud Subscriptions
Citrix Operates the platform
Platform is all-inclusive
Fewer servers to own/operate
Transparent upgrades
Citrix integrates the services
Inherent multi-site capable
Maintenance and support included
Connectivity included

Complexiteit verminderen door…
…introductie van Citrix Cloud
…van Citrix Provisioning Services naar Machine Creation Services

Citrix Provisioning Services
• Stream van ‘image’ (vDisk) naar meerdere machines tegelijkertijd
• Maakt gebruik van PXE boot technology
• Sterke afhankelijkheid van goede netwerk-setup, DHCP
• Sizing is van groot belang (minimaal twee additionele servers)
• Ardence

Citrix Machine Creation Services

Citrix Machine Creation Services
• Functionaliteit van PVS
• Eenvoud van MCS
• Geen afhankelijkheid van PXE en DHCP
• Sizing niet van belang
• Geen additionele servers vereist

Door Bart Donders, ICT-Partners

Evolution of Enterprise Infrastructure
Scale-Out
Scale-Up
Server
App
Storage
Server
App
Storage
1990s Today
Storage
Controller
Storage
Controller
Storage
Controller
Storage
Controller
Server Server
Virtualization
App App
Storage
Controller
Storage
Controller

BUY
Purchase in big increments, incur
prediction risk, overprovision
MANAGE
Multiple management panes,
manual operations
DEPLOY
Deployment takes weeks to months --
complex, big footprint
SCALE
Difficult to grow quickly
SUPPORT
Multi-hop support, lack of end-to-end
visibility, firefighting
Legacy causes complexity at every step
Storage
Controller
Storage
Controller
Storage
Controller
Storage
Controller
Server Server
Virtualization
App App
Storage
Controller
Storage
Controller

Ontwikkelingen binnen IT-organisaties
• Infrastructuur geen focus meer
• Van specialisten naar generalisten
• Transformatie van beheer- naar regieorganisatie
• Van uitvoerend naar regisserend
• Outsourcing infrastructuur
• Iaas, PaaS
• Self-Service
• Flexibel op- en afschalen
• Automation

The Cloud Era Is Well Underway
“I deployed my application
in five minutes.”
Rapid Time to Market
“No more time spent on low-
level infrastructure
management.”
One-Click Simplicity
“I use and pay for just what I
need only when I need it.”
Fractional IT Consumption
“New capabilities are
available on a regular basis.”
Continuous Innovation

Why Not Cloud For All Workloads?
Predictable Workloads
Elastic Workloads
25%
75%
Balance Owning and Renting For
Today’s Enterprise Workloads
Spin up and down resources
on the public cloud
Lower costs with private cloud
infrastructure

How Should Infrastructure Be Delivered?
Privacy and control without
significant overhead
Predictable capacity growth
with consumption-based
pricing
No specialized skills
required to operate
Provisioning in hours,
not days or weeks
Secure Scale-out
SimpleAgile

Solution to the Virtualization Problem
Built-in Virtualization and
Integrated Management
Virtualization
App App
Storage Services
Storage Services
Virtualization
App App
Storage
Controller
Storage
Controller
Storage
Controller
Storage
Controller
Server Server
Storage
Controller
Storage
Controller

Scalable Distributed System Design
VM VM VM CVM
Hypervisor
VM VM VM CVM
Hypervisor
Tier 1 Workloads
(running on all nodes)
Nutanix Controller VM
(one per node)
VM VM VM CVM
Hypervisor
Distributed Storage Fabric
ü Snapshots ü Clones ü Compression ü Deduplication
ü Locality ü Tiering ü Erasure Coding ü Resilience
Node 1 Node 2 Node N
X86 X86 X86

Nutanix platform hardware
• NX-1065(S)
• ROBO
• NX-30x0
• CPU-intensief, ideaal voor VDI
• Optioneel Grid-kaarten
• NX-60x0
• Storage-Heavy / Storage-Only
• NX-8000
• High-Performance
• Exchange / Databases

Eliminate
Complexity…
Integrated Consumer-Grade Management
Intuitive
Beautiful
Insightful

Acropolis Hypervisor (AHV)
• Gebaseerd op KVM
• Wordt gratis meegeleverd met de Nutanix software
• VM beheer geïntegreerd in Prism
• API driven (acli, Powershell, REST)

Disaster Recovery & Data Protection
• Metro Availability
• Synchrone replicatie naar tweede Nutanix cluster
• (Ultimate licentie benodigd)
• (Maximale roundtrip latency 5ms)
• Asynchrone replicatie
• Tijdsinterval > 1 uur
• Local snapshots
• Geen performance impact
• ‘Ongelimiteerd aantal snapshots’

Disaster Recovery Scenario’s

Acropolis Block Services
• Block Storage middels iSCSI
• Guest virtual machines
• Bare metal servers
• Use Cases
• Exchange op vSphere (Microsoft support)
• Shared disks voor clusters (Microsoft, Oracle Rac)
• Licenties issues (Oracle)

Waarom Nutanix?
• Inspanningen voor beheer zijn minimaal
• Rolling upgrade zonder downtime
• Self-healing platform
• Flexibel en schaalbaar
• Per node uitbreidbaar
• Lineaire performance
• Goede performance
• All-flash of hybride
• Uitstekende support
• Support voor de gehele stack, inclusief hypervisor en (enkele) applicaties

Layered Approach to Desktop Virtualization
Compute and Storage (HW)
Hypervisor
Control and Access Layer
Desktop Layer
User Layer
Infrastructure (Studio, file, AD, SQL, License)
Nutanix Acropolis Hypervisor / Vmware ESX / Microsoft Hyper-V
Desktop Delivery (XD) & Image Controllers (MCS)
Access Controllers (StoreFront) and Networking (NetScaler)
Profile management, golden image, and apps
Nutanix Xtreme Computing Platform
User type and end-points (Receiver)
Citrix ShareFile and file services

Number of virtual desktops
SAN
Performance
MCS on a traditional SAN?

MCS on distributed storage benefits?
Further simplifying the MCS architecture!
Simpler configuration in XenDesktop Studio makes your life easier:
Multiple
image
copies
Maintain
multiple
datastores
IO issues
and hotspots

More MCS on distributed storage benefits!
VM
Movability
Reduced
Boottimes
Better
scalability

Linearly Scaling Virtual Desktop
InfrastructureVMs(Desktops)
• Scale incrementally one node at a time
• Protect infrastructure investment by eliminating forklift upgrades
• Scale storage capacity & performance linearly
Pay-as-you-grow
Number of Nodes

0
0,2
0,4
0,6
0,8
1
1,2
1,4
1,6
1,8
300 600 1200 1500 3000
Seconds
Number of Virtual Desktops
Relative Application Performance
Consistent response time while incrementally scaling blocks
Truly Linear Scalability
Predictable performance for 300 to 3000 desktops

HP, Dell, Cisco, Lenovo
Cisco, HP, Arista, Mellanox
Qlogic, Emulex
EMC, NetApp, HP, Dell, HDS
Cisco, Brocade
VMware, Microsoft, XenServer
Cisco, HP, Arista, Mellanox
VMware, Microsoft
Simplifying the XenDesktop
Infrastructure Stack
Network
Scale out compute
and storage
Virtualization
Network
Virtualization
Compute
SAN Fabric
Storage
AHV
Nutanix

Built on a Hyperconverged Architecture
Eliminates
SAN and NAS
arrays
Workload
Mobility and
Hypervisor
Choice
Virtual Desktops
(running on all nodes)
Nutanix Controller VM
(one per host)
Node 2
VM VM VM CVM
X86
Node N
VM VM VM CVM
X86
Node 1
VM VM VM CVM
X86
Local + Remote
(Flash + HDD) Distributed Storage Fabric
intelligent tiering, VM-centric management and more…
ü Snapshots ü Clones ü Compression ü Deduplication
Acropolis App Mobility Fabric
Acropolis
Hypervisor
Acropolis
Hypervisor
Acropolis
Hypervisor

Citrix XenDesktop/XenApp on Nutanix AHV
VM VM VM
VM VM VM
VM
VM
VM
VM
AHV
Nutanix AHV is
Citrix XenApp/XenDesktop
Citrix NetScaler VPX*
Citrix ShareFile
Citrix Cloud
Citrix
StoreFront
XenDesktop
Delivery Controller
AHV
Citrix Sharefile &
File services
SQL Server & Infra
/network services
Citrix Studio, Director
VM
Citrix
NetScaler VPX

Native Citrix Studio Integration

Citrix – Nutanix Integration
Production
Ready for AHV
Integrated Management Fast Provisioning
No vTax to run Citrix on Nutanix
Fully integrated with Desktop
Studio UI
High speed image updates and
operations
Includes Nutanix standard benefits
• Shadow clones and boot-storm handling
• Rapid troubleshooting and clear ops line-of-sight
• Linear scaling and pay-as-you-grow consumption model

MCS architecture with Nutanix AHV
Citrix Studio
Citrix Services
Provisioning SDK
PS Cmdlets
MCS–AHV interface
Nutanix AHV plugin needs to be installed on all XD controllers
REST API
Services:
Brokering
Host
Machine Creation
AD Identity
snapshot
Cloning
ID
Power Management &
Provisioning
XenDesktop
Controller

Going distributed simplifies things..
Before After

Werkplek 3.0:
maximaal beheersbaar & veilig
Door Jaap-Sander de Vries, AppSense

“SET THE USER FREE”
e n d p o i n t s e c u r i t y s i m p l i f i e d
AppSense now part of the LANDESK family

“Set the User Free”
Simplicity
Flexibility
User Experience
Security
Productivity

Mobile
VIRTUALPHYSICAL AND
UNMANAGEDMANAGED AND
BYODCOPE AND
PERSONAL APPSCORPORATE APPS AND
PERSONAL DATACORPORATE DATA AND
IT’S NEVER OR
I.T.
MANAGED
USER MANAGED

Delivering a secure and
cost effective
workspace has become
very complex.

• Endpoint manageability
• Profile management
• Reducing overhead, IT
Ops time and effort
• Reducing user
inconvenience and IT
helpdesk calls
• Improving operational
efficiency
• User analytics
Simple Desktop IT Administration
• Ransomware, phishing,
social engineering
• Unnecessary privileges
• Eliminate vulnerabilities
• Audit & Compliance
• Increase visibility
• Holistic approach and
ecosystem
Effective Endpoint Security
• Performance
• Flexibility & control
• Consistency
• Availability – no downtime or disruptions
Excellent User Experience
Deliver Productive, Secure Cost
Effective Workspace

Users want to Personalize their workspace and access
their Data. IT wants to manage Policy, Privilege,
Performance and Analytics for each user.
Combined, these elements
define User DNA™
Workspace Management
IT Settings
User Settings
+
= User DNA™
AppSense unlocks User DNA™
so IT can manage it independently.
Personalization
Policy
Privileges
Performance
Data Access
Analytics

User DNA™ is stored, managed and distributed from a central
AppSense database, leveraging the AppSense platform. IT gets
granular, contextual control allowing User DNA™ to follow the user,
creating a seamless workspace experience.
AppSense
Database
Physical Virtual Cloud
Workspace Management

Creating a Balanced Portfolio
Patch
Management
Endpoint Security
Configuration
Management
Physical, Virtual
& Mobile
Service
Management
Asset
Management
User
Environment
Management
Security
AnalyticsandDashboards
Environment
Management
Privilege
Management
Application
Control
File & Profile
Migration

A Balanced Approach
- Gartner Model of PC Lockdown

Endpoint Security Best
Practices

Getting breached is inevitable
Threat Landscape has changed
Software vulnerability exploitation continues to be a
primary vector for attack, malware become more
sophisticated and a revenue-generating activity for
attackers.
The perimeter is no longer your best
defense
“De-perimeterisation” of networks now extends to on-
premise, public cloud, private cloud, Software as a Service
(SaaS), Infrastructure as a Service (IaaS) and the biggest
headache of all is these hybrid networks have to be
accessed anywhere, anytime and using any device.
Business enablement & Agility
Continuous emphasis on business enablement as
well as user productivity & experience
Endpoints & User Behavior
The endpoint is the new perimeter and
negligent, careless employees not following
policy are IT’s biggest threat
Windows desktops, Mac’s and
Apps are multiplying
Efficient workspace management in complex /
heterogenic IT environments
Where are we today?

Internal Pressures External Pressures
Changing Threat
Landscape
Changing Demands on
Communication & Collaboration
By Workforce
Network Perimeter
is Dissolving
Increasing Regulatory
Demands
Business Enablement, Innovation
& Agility
User Productivity & Security
Awareness
IT Security
&
User
Today’s Challenges

“Well-planned application control
deployments are effective at
blocking malware infections and
targeted attacks, and have the
additional benefits of reducing the
operational burden of uncontrolled
application sprawl” – Gartner
“The Time Is Now To Protect
Your Digital Workforce With A
Reinvigorated Endpoint Security
Strategy” – Forrester
“Adopt a least privilege
strategy and strictly
enforce access control” –
Forrester
“Application control can be
useful — particularly for
stopping advanced attackers
and securing unsupported
operating systems” – Securosis
De-Perimeterisation –
The Endpoint Is “The New
Perimeter”

Common Security Weakness
§ Almost all forms of attack use privilege escalation when installing malware that needs
administrative privileges.
§ Phishing, which continues to be the most common front end for damaging attacks, is
used to obtain user credentials from which to start the escalation, and phishing
succeeds because of poor hygiene in application and privilege management.

85% of all Critical vulnerabilities documented
in the report can be mitigated by removing
admin rights *2015 Microsoft Vulnerabilities Report
99.5% of all vulnerabilities reported in Internet
Explorer in 2015 could be mitigated by
removing admin rights *2015 Microsoft Vulnerabilities Report
86% of reported vulnerabilities come from 3rd
party applications. *National Vulnerability Database
In 2015, Microsoft Windows represented the most targeted
software platform, with 42 percent of the top 20 discovered
exploits directed at Microsoft platforms and applications. *HP
Cyber Risk Report 2016
Malware Monetization and
Application Vulnerabilities
The average ransom discovered to date
in 2016 stands at US$679, up from $294
in 2015 *ISTR Ransomware & Business, Symantec
Feb 2016, the Hollywood
Presbyterian Medical Center
(HPMC) paying the attackers’
demand of US$17,000

Missing Patches
• Third Party
• MS Office
• Adobe
• Java
01
Dangerous
Applications
• Media
• Runtimes
• Web browsers
02
Misconfigured
User Access
• Admin rights
• Least Privilege
• Password
Management
03
Unprotected
Data
• Sensitive Data
• Unencrypted
• Multiple
Storage
04
Endpoint Security Threats

Patching
• Clear visibility
on all
endpoints
• Effective
Detection
• Automatic
Policy
Enforcement
• Single
Management
Console
01
Unhazardous
Applications
• Minimize
exposure
• Automatic
uninstall
• Application
Whitelist/Blac
klist
• EPC for
remote
connections02
Proper User
Access
• Remove
Admin rights
• Determine
Least
Privilege
• Automate
Elevation
• User self-
service Portal
03
Data Protection
• Enable Data
Encryption
• Automated
Scans
• Protect
External
Media
• Backup and
Recovery
04
Endpoint Security Best Practices

Strategic Approach & Benefit
MITIGATES AT LEAST
OF TARGETED
CYBER INTRUSIONS
• National Security Agency, Information Assurance Guidance, www.nsa.gov/ia/mitigation_guidance/
• Australian Government Department of Defence, Strategies to Mitigate Targeted Cyber Intrusions,
www.asd.gov.au/infosec/mitigationstrategies.htm
PATCH
Applications and
Operating System
CATCH
Malicious software with
a Whitelist
MATCH
The Right People with
the Right Privileges

Control
5 & 14
‘Center for Internet
Security’
Continuous Vulnerability
Assessment & Remediation
– Strong Patch
Management
Application
Control &
Privilege
Management
CSC
version
6
Control
4
SANS Institute Critical Security
Controls
For a complete copy of the SANS Institute report, “Updates to the CSCs: More Effective Threat Protection with
Privilege Management and Application Control,” visit http://bit.ly/1TsYvFB

No business disruption
OR huge increases in
help desk calls as
legitimate software and
business-critical access
are blocked.
PRODUCTIVITY
Preventing attackers
from using
Administrative
privileges or user
access rights, raising
the bar against both
installing/executing
software and
reading/modifying
sensitive data.
PREVENT
Actively managing
which executables
can run on a PC or
server presents a high
barrier to malware.
PROTECT
Application Control /
Whitelisting &
Privilege
Management should
be seen as high-
payback, quick win
ROI
Critical Security Controls - Need
PayOff

Introducing…
AppSense Endpoint Security
§ Privilege Management
§ Application Control with Trusted Ownership™
§ Granular Exceptions
§ Prescriptive Security Analytics
§ Automated Patch Management

APPLICATION CONTROL
& PRIVILEGE MANAGEMENT
Pragmatic Endpoint Security that Puts Users First

SANS Institute Critical Security
Controls
Application Control (Control 5)
& Privilege Management
(Control 5 & 14)

Kernel - level Physical &
Virtual
Online &
Offline
Malware
(Ransomware)
Protection
/ Application
Control
Context-based
Application
Access
Least
Privilege
Management
A Practical Means To Protect
Your Attack Surface

Regain Control of Applications
Regain control of applications running across the business without locking
down your users
Use cases – Security and beyond
• Deploy all users as standard users
• Assign privilege to individual applications based on user roles and needs
• Prevent execution of unauthorized applications

PROTECT
Protects against zero-day attacks by preventing malicious software
from executing
CONTROLEXECUTION
Apply precise control over how authorized applications execute and
whether applications can launch other applications to prevent stealth
rootkits from infiltrating your enterprise systems.
RANSOMWARECONTINUOUSTORISE
Ransomware is not going away any time soon, because the business
model offers high reward for minimal effort. Compared to 2015’s 29
ransomware families, 79 new families already emerged this year
PREVENT
Prevents malware from running when your host system reboots. Also locks
down the registry until rights are approved by the IT administrator
01
02
03
04
Protect Against Ransomware
Source: TrendLabs 2016 Security Roundup

Detection name: Trojan.Cryptolocker.AF
Ransom amount: 0.5 to 1 bitcoin ($200 to $400 on February 2016 rates)
Discovery: February 2016
Known infection vectors: Spam campaigns, Neutrino exploit
kit, Nuclear exploit kit
Locky Ransomware

Stop applications carrying possible risks and ones unsuitable for
business networks:
• PokerStars had Odlanor Trojan malware (Win32/Spy.Odlanor
),
• Trillain IM a strain of the Reveton ransomware family – Pony
Stealer and
• Kickass Torrents is so full of malware that Chrome and
Firefox now block it.
Do not allow non-trusted, unsupported /unpatched or risky
applications and plug-ins without requiring ‘whitelisting
enforcement and automated patching:
New skype malware (2016, April 25); trojan dubbed T9000 that
can record video calls, audio calls and chat messages
Adobe Air ; This particular product from Adobe is a cross-platform
system used for building desktop and mobile apps. In 2015 no less
than 17 vulnerabilities have been identified in this piece of software.
And it’s not the only one on your computer!
’
01
02
Eliminate Unwanted Applications

Productivity & Security
Control
Panel –
uninstall
program
Task
Manager –
kill process
Regedit /
Command
Action Example Solution
Install Applications
Change Configurations
Remove Patches &
Uninstall Software
Defeat Security Tools
control.exe
Denied Application:
Denied Application:
cmd.exe
regedit.exe
taskmgr.exe
Denied Application:
Application Control:

Downtime costs
Time IT spends on
troubleshooting and malware-
related issues
Dataloss
Loss of company records, customers’
personally identifiable information (PII),
or intellectual property, reputational
damage
Ransom
The average ransom demand has more
than doubled and is now $679, up from
$294 at the end of 2015
Financial costs
Helpdesk, incident response
and other security-related
solutions in response to
ransomware.
Legal & Regulatory costs
o Wet Meldplicht Datalekken penalty max €820.000 or 10%
previous year bookings,
o EU GDPR penalty lower threshold €10M or 2% Global
Annual Turnover
Sustainable workplace
Standard workspace cost and
exceptions to the build / management
Cost Effectiveness

System Level Visibility
System Level
(ActiveX controls, VBscripts, batch files, MSI packages and registry configuration files, .exe,
.dll processes, App launches, binaries created, drivers, etc.)

Intelligence
System Level
Application Control by :Trusted Ownership – IT Admin or Service Account
White / Blacklisting
Digital Signatures

Control
System Level
Application Control by: Trusted Ownership – IT Admin or Service Account
Digital Signatures
Network Access Control - Application Termination
Application Control - URL Redirection - Rights Management – Self Elevation –
Win Store App Control

Prevent & Awareness
System Level
Application Control by means of Trusted Ownership – IT Admin or Service Account
Digital Signatures
Quarantine Block Warn Dialogue Monitor Educate
Application Control - URL Redirection – Privilege Management – Self Elevation –
Granular Exceptions & Contextual Aware - Win Store App Control (Win8/8.1/10)

Response
System Level
Application Control by: Trusted Ownership – IT Admin or Service Account
Digital Signatures
Quarantine Block Warn Dialogue Monitor Educate
Auditing / Monitoring Advanced Reporting Application Admin Rights Discovery
Evidentiary Forensics License Management
Application Control - URL Redirection - Rights Management – Self Elevation –
Granular Exceptions & Contextual Aware - Win Store App Control (Win8/8.1/10)

PATCH & PROTECT
Simplified OS & Application Patch Management

SANS Institute Critical Security Controls
Control 4: Continuous Vulnerability
Assessment & Remediation –
Strong Patch Management

Automated Patch Management Valu
Proposition
Increase security, reduce
costs
• Look for unpatched
systems
• Solve the patch
management problem
• Add security to native
email apps
• Decrease overpayment
of unused software
Easy-to-use solutions for
enterprise problems
• Simple point solutions
with maximum power
• Easy to install,
configure, and use
• Protect data center,
endpoints, and virtual
environments
Maximize the value of
SCCM
• Increase functionality
of Microsoft System
Center Configuration
Manager (SCCM)
• Add third-party
patching
• Add software asset and
license management

Microsoft operating systems and applications not patched by WSUS
Patch & Protect covers all of these applications (1.800 and more…)
• 7-Zip
• Adobe Acrobat, Flash, Reader
• Adobe AIR, Bridge, Illustrator, In-Design,
Photoshop, Shockwave Player
• Apache Tomcat
• Apple App Support, iTunes, QuickTime
• Autodesk 360 and AutoCAD
• Citrix
• Salesforce Chatter Desktop
.NET Framework
Access 2000
Excel 2000, Excel Viewer
FrontPage Server Extensions
Hyper-V
Internet Explorer for XP*
Internet Information Services
Expressions
• Classic Shell
• FileZilla
• Mozilla Firefox
• Google Chrome, Chrome Frame
• Google Desktop, Earth, Picasa, Talk
• Sun/Oracle Java
• RealPlayer, RealVNC Free Edition
• Safari
Publisher 2000
SharePoint
SkyDrive Pro
Visio, Visio Viewer
Windows Media Player
Windows XP*
Word 2000, Word Viewer
And more…
• LibreOffice
• Notepad++
• SeaMonkey
• Opera
• VMware ESXi
• Winamp, WinRAR, WinZip
• Wireshark
• Yahoo Messenger
WSUS / SSCM only covers current Microsoft OS’s and applications
Lync 2010, 2013
BizTalk Server
SQL Server 2000, 2005, 2008, 2012
Visual Studio 2005, 2008, 2010, 2012, 2013
Office Communicator 2007
Office 2002, 2003, 2007, 2010, 2013
Silverlight
System Center 2012
Skype
ForeFront
Bing
Windows 7, 8, 8.1, RT, RT 8.1, Vista
Windows Server 2003, 2008, 2012
Windows Live
Windows Essential Business Server
Exchange Server
Active Directory Rights Management Server
FAST Search Server
FrontPage
MSN Messenger
Office 2000
Office Communicator 2005
OneNote
Outlook 2000, Outlook Express
PowerPoint 2000
Project 2000
* Patch data provided if the customer enrolls in Microsoft’s extended XP support program as well as Shavlik’s custom patch support program.
Comprehensive
Patch Management

Security Ecosystem
Visibility, Simplicity and Control

Visibility, Simplicity & Control
Microsoft System Center
Native plug-in to the SCCM console for
comprehensive MS & Third-Party patching
Business Intelligence for IT
Consolidate data from multiple data
sources to provide an end-to-end view of your
business
SIEM / Analytics
Fully documented Reporting Views with our product to
allow you to extract data from Protect to pull into
solutions like Splunk, Reporting Services, Archer,
Crystal Reports, etc.
Vulnerability Assessment
Automate the process of the latest vulnerability
assessment being imported into the next batch
of patches
Management Center & Insight
Control all aspects of the user from a central
location, deploying and managing tailored policy
and user personalization settings
Drive better decision-making through actionable
intelligence..

6 Simple Reasons Why this
Approach Works
PRODUCTIVITY & SYSTEM STABILITY
Just because an application is not malware doesn’t mean it is
good. Efficient patching helps improve productivity, reduce
downtime, malware, increase performance
PRACTICAL & EFFECTIVE SECURITY
Trusted application & least privilege management /
automated Patching to fix security vulnerabilities
VISIBILITY & CONTROL
Holistic approach to endpoint security by connecting to SIEM and
to automate the process of the latest vulnerability assessment being
imported into the next batch of patches
IMPROVE USER AWARENESS
Rather than blindly enforcing policies, AppSense uses
electronic notifications to educate employees as to why
their actions were blocked in the first place.
Simple explanation can actually decrease the volume of
policy violations by up to 90%.
COST EFFECTIVE
Bridges the endpoint gap between IT Ops
and security to reduce operational costs
while improving security posture
COMPLIANCY
Failure to comply to local and international laws &
regulations can result in losing opportunities,
incurring legal and financial penalties or even losing
your business.

AppSense Endpoint Security
Allows desktop and InfoSec teams to protect endpoints and enable
regulatory compliance without degrading the user experience.
Protection
Identify and block unauthorized applications
from running
Automate Microsoft and third-party
application patch assessment and deployment
Enforce software licensing and ensure
compliance
Detect suspicious endpoint behaviour
User Experience & Productivity
Manage user privileges and policies at a
highly granular level
Allow user self-elevation
Monitor admin rights and self-elevation
trends

Thank you
Contact Us
Jorrit van Eijk
Jaap-Sander de Vries
Entrada 501, 1096 EH Amsterdam
0031 (0)20 3701282
facebook.com/appsensebnl
@appsense

De vertaling naar een
uitvoerbare roadmap
Door Frans Loth, ICT-Partners

Afsluiting
Door Harry Beekman, ICT-Partners

User Settings
Apps
User Settings
Apps
User Settings
Apps
User Settings
Apps
User Settings
Apps

Onze oplossingen
ICT-Partners helpt u succesvol te zijn met uw ICT. Wij ontwerpen,
implementeren en optimaliseren ICT-omgevingen met de nieuwste
technologieën, die bijdragen aan continuïteit, stabiliteit en kostenbesparing.

Vier segmenten:
• Management
• Front-end
• Back-end
• Datacenter
Kernwaarden ICT-Partners: balans, duurzaam, innovatie
Beheerwaarde:verantwoordelijk,beheersbaar,schaalbaar,aanpasbaar
Gebruikswaarde:functionaliteit,toegankelijk,gebruikersgemak,flexibel
Bedrijfswaarde: beschikbaar, integer, veilig
Front-end
Management
Backup&DisasterRecoveryServices
SystemmanagementServices
SecurityServices
UsermanagementServices
Back-end
Datacenter
Management
User Device Services Desktop Delivery Services
Application Delivery Services Data Delivery Services
User Workspace Management Services
Application Services Data Services
Server Services Infrastructure Services
Compute Services Network Services
Storage Services Housing Services
Architectuurplaat

Optimalisatiepad
scans
workshops
adviesrapport
vernieuwingstraject
overdracht verbeterplan
Klanttevredenheid
Organisatiescans
• Gebruikersscan
• Processcan
Infrastructuurscans
• Applicatiescan
• Desktopscan
• Netwerkscan
• Beveiligingsscan
Workshops
• Visie & Scope
• Desktopvirtualisatie
• Desktopdeployment
• Uservirtualisatie
• Functionaliteiten Skype for Business
• Windows 7, 8 of 10
• Office 2016 of Office 365
• Applicatievirtualisatie
• Beveiliging

ICT-Partners
Vosselmanstraat 2
7311 CL Apeldoorn
T 055 528 22 22
E Connect@ict-partners.nl
Hoofdweg 290
9765 CN Paterswolde
T 050 364 31 02
E Connect@ict-partners.nl

The next step in workspace | Simple, Scalable, Secure

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The next step in workspace | Simple, Scalable, Secure

Similar to The next step in workspace | Simple, Scalable, Secure (20)

More from ICT-Partners

More from ICT-Partners (20)

Recently uploaded

Recently uploaded (20)

The next step in workspace | Simple, Scalable, Secure