Best Practices inDevice ControlAn In-Depth Look at EnforcingData Protection Policies      PROPRIETARY & CONFIDENTIAL - NOT...
Today’s Agenda             Introduction             Augment Your Endpoint Security with Device             Control to Prot...
Why Device Control Is Important    Today’s Endpoint Security Stack                                   Significant Data Loss...
Benefits of Enforceable Device Control Policy    Malware Costs Money                                           Data Breach...
Device Control Best Practices                                                    Laying the                               ...
Laying the Groundwork
Know Your Organization’s Security Profile    Permissive                               Moderate               Stringent7   ...
Policy ConsiderationsDevices and                                                          Who, WhereConnectionsPermission ...
Active Directory Synchronization Schedule9      PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
What Can You Control?Physical Interfaces                     Wireless Interfaces                Device Types•   USB       ...
A Good Device Control Strategy                                            Policy Scope                   Policy Assignment...
Permission Types & Times of Enforcement12      PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Discovery13      PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Very Important                                                  User                                               Communi...
Preparing for Enforcement
Creating Policies     Work one class at a time                                           For each class         Biometric ...
Device Collections17      PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Encryption Options                                                           • Don’t allow users to encrypt               ...
Enforcing Policy
Phased Rollout• User communication• Start with a small group of users/endpoints• Proceed one device class at a time until ...
Managing Device Control
Dashboard Widgets     Look for anomalies                                       Look for suspicious use or needed          ...
Temporary Policies23      PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Temporary Permissions (offline endpoints)                                 Challenge/response tool24      PROPRIETARY & CON...
Password Recovery                                Challenge/response tool25     PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC...
Adding Individual AD UsersFor exceptions only26          PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Adding Devices to CollectionsAllowing use of new devices27          PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
More Information• Free Security Scanner Tools                                       • Get a Quote (and more) » Application...
Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumens...
Upcoming SlideShare
Loading in …5
×

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

663 views

Published on

The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has resulted in sensitive corporate and customer data leaking through the corporate firewall, exposing the organization to data loss, data theft and malware propagation. Understanding the powerful data protection tools available to your organization can help you mitigate these risks, while still enabling the flexible and managed use of these productivity devices.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
663
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

  1. 1. Best Practices inDevice ControlAn In-Depth Look at EnforcingData Protection Policies PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  2. 2. Today’s Agenda Introduction Augment Your Endpoint Security with Device Control to Protect Your Data • Laying the Groundwork • Preparing for Enforcement • Enforcing Policy • Managing Device Control Q&A
  3. 3. Why Device Control Is Important Today’s Endpoint Security Stack Significant Data Loss / Theft Issues AV Device Control Application Control Patch & Configuration Management3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  4. 4. Benefits of Enforceable Device Control Policy Malware Costs Money Data Breaches Cost Money4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  5. 5. Device Control Best Practices Laying the Groundwork Device Managing Preparing for Management Device Control Enforcement Process Enforcing Policy5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  6. 6. Laying the Groundwork
  7. 7. Know Your Organization’s Security Profile Permissive Moderate Stringent7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  8. 8. Policy ConsiderationsDevices and Who, WhereConnectionsPermission Types When8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  9. 9. Active Directory Synchronization Schedule9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  10. 10. What Can You Control?Physical Interfaces Wireless Interfaces Device Types• USB • Wi-Fi • Removable Storage Devices• FireWire • Bluetooth • External Hard Drives• PCMCIA • IrDA • CD / DVD Drives• ATA / IDE • Wireless NICs • Floppy Drives• SCSI • Tape Drives• LPT / Parallel • Printers• COM / Serial • Modems / Secondary Network• PS/2 Access Devices • PDAs and other handhelds • Imaging Devices (Scanners) • Biometric Devices • Windows Portable Devices • Smart Card Readers • PS/2 Keyboards • User-Defined Devices10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  11. 11. A Good Device Control Strategy Policy Scope Policy AssignmentsPreferred Entire Device Class ‘Everyone’ Device Collection - Models AD User Group Device Collection - Devices Individual AD User Endpoint Create policies at the Endpoint Group (static) highest level possible Endpoint Group (dynamic)11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  12. 12. Permission Types & Times of Enforcement12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  13. 13. Discovery13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  14. 14. Very Important User Communication Executive Sponsor14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  15. 15. Preparing for Enforcement
  16. 16. Creating Policies Work one class at a time For each class Biometric Sensors Do we use these? Can they be managed USB Printers as a single class? What types of DVD/CD permissions? Everyone, User Groups, Removable Storage Users, Endpoints What exceptions need et cetera to be accounted for?16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  17. 17. Device Collections17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  18. 18. Encryption Options • Don’t allow users to encrypt devices and DVD/CD media • Allow users the option to encrypt devices and DVD/CD media • Force users to encrypt devices and DVD/CD media • Encrypted Device Access » Password » User certificate18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  19. 19. Enforcing Policy
  20. 20. Phased Rollout• User communication• Start with a small group of users/endpoints• Proceed one device class at a time until all are enforcing your policies• Confirm – monitor, adjust• Expand users/endpoints• Confirm – monitor/adjust• Expand users/endpoints• …20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  21. 21. Managing Device Control
  22. 22. Dashboard Widgets Look for anomalies Look for suspicious use or needed policy adjustments22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  23. 23. Temporary Policies23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  24. 24. Temporary Permissions (offline endpoints) Challenge/response tool24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  25. 25. Password Recovery Challenge/response tool25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  26. 26. Adding Individual AD UsersFor exceptions only26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  27. 27. Adding Devices to CollectionsAllowing use of new devices27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  28. 28. More Information• Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network intelligent-whitelisting/buy-now.aspx#5 » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx• Lumension® Device Control » Online Information: http://www.lumension.com/device-control » Free Downloadable Trial: http://www.lumension.com/device-control- software/usb-security-protection/free-trial.aspx28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  29. 29. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com

×