Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

E is for Endpoint: 6 Security Strategies for High Effective IT Professionals


Published on

We all like the idea of a silver bullet—a single, simple solution to a complex problem. Some IT professionals still cling to the vain hope that antivirus alone will protect their endpoints entirely. But today’s endpoints demand even more protection.

In this presentation, led by expert IT security panelists, you will learn:

* The most common attack vectors in today’s IT environment
*Six steps to help you improve endpoint security
*Secrets to an effective defense-in-depth approach

Define a new way of thinking that goes beyond just battling threats to enabling operational improvement.

Published in: Technology
  • Be the first to comment

E is for Endpoint: 6 Security Strategies for High Effective IT Professionals

  1. 1. E is for Endpoint:6 Security Strategiesfor Highly Effective ITProfessionals
  2. 2. Today’s Agenda Most Common Threats in Today’s Environment 6 Steps to Improve Endpoint Security Secrets to Effective Defense-in-Depth Approach Q&A
  3. 3. Today’s Panelists Richard Stiennon Paul Henry Jim Czyzewski Chief Research Analyst Security & Forensics Analyst Supervisor – Clinical Desktop IT-Harvest Support MidMichigan Medical Center3
  4. 4. Most Common Threats• Hard to dispute the fact that patching an underlying software flaw in most cases is the best defense • In the current environment 72% of vulnerabilities have a patch available within 24 hours of disclosure • In the current environment 77% of vulnerabilities have a patch available within 30 days of disclosure• Microsoft data indicates that in the first half of 2011 Zero Day attacks amounted to less the 1% of the attack surfacePatch or get hacked the Source is yours… party-programs-rather-than-microsoft-programs- responsible-for-most-vulnerabilities/10383?tag=nl.e539 4
  5. 5. Most Common Threats• Vulnerable software is not just a Microsoft problem…• Third party software historically has had more unpatched vulnerabilities then Microsoft• Java is your number one issue today followed by Adobe – the leader for the past couple of years Source programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539Bottom line is WSUS isnot going to save you ! Source: insecure-java-versions/9541?tag=content;siu-container 5
  6. 6. Most Common Threats• Hackers are always going to take advantage of areas that simply are not properly handled by defenders• Looking at the chart on the right is there any question why Java, Adobe and QuickTime are favored by the Bad Guys • In case you missed it the chart is showing the “Most Outdated Web Browser Plugins”What did you really Source: was going tohappen? 6
  7. 7. Most Common Threats• It is important to remember that taking advantage of a vulnerability is not really the “End Game” for a bad guy • The Vulnerability only represents a “Delivery Mechanism” • The “End Game” is actually to allow them to Execute Malicious Code in your environment• Why are we focusing on the delivery method not the end game • Duh - because everyone else is• Hackers will always beat us in the delivery mechanism “Arms Race”• Get ahead of the problem by focusing on the End Game7
  8. 8. 6 Steps to Improve Endpoint Security
  9. 9. 1 - Think Different Traditional Emerging Defense Endpoint in Depth Endpoint Security Security Stack Blacklisting As The Core Consumerization Zero of IT Patch & Day Configuration Mgmt. Malware 3rd Party As a Application Service Risk9
  10. 10. 2 – Eliminate Exploitable Surface Area Areas of Risk• Patch and configuration analysis and delivery are at the Endpoint needed across all systems; operating systems 5% and applications. Zero-Day• Unmanaged endpoints on the network are unknown and unprotected. 30% Missing Patches• Application and operating system patching is not benchmarked or continuously enforced.• Standard configurations are not assessed or 65% enforced. Misconfigurations• Un-patched browsers represent the highest risk for web-borne malware. Source: John Pescatore Vice President, Gartner Fellow10
  11. 11. 3: Defining a Trusted Environment11
  12. 12. 4 - Protect Your Data Targeted Attacks Malicious Insider Negligent Insider12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  13. 13. 5 - Reduce Complexity and Cost Effective Effective but not Efficient And Efficient Many Consoles IT Control Made Simple Single Console • Agile platform architecture • Leverage existing endpoint technology • Reduced integration and maintenance costs Agile architecture Disparate Architecture • Improved endpoint performance • More effective endpoint security Single Promotable Agent Many Agents13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  14. 14. 6 – Relating Risk to the BusinessStrategic Tactical Business Impact Compliance & IT Risk Compliance Audit Operational Assessment Exposure & Reporting6 – Relating Risk to the Business Compliance & IT Risk Management Console Integrated strategic compliance and IT risk visibility with tactical assessment information to maintain continuous monitoring of organizational compliance & policy 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  15. 15. Best Practices: Lessons Learned From the Field • Virtualize the Endpoint » Security Management becomes easier since you are now only securing the virtual desktop pool instead of hundreds of endpoints » You remove the chance of any data residing on the endpoint • Scan Unmanaged Clients » Clients without security management software need to be identified, monitored and remediated (if possible) • Test, Test, Test » We have over 600 applications running » Patch, Remediation, and Configuration changes can have different effects » Utilize Production Testing • End User Education » Keep them aware of the threats » Inform them what it is you‟re are doing and why you‟re doing it15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  16. 16. Tips for Securing Endpoints• Think „least privilege‟ when choosing platforms » While Microsoft‟s strategy of the same code everywhere serves their purpose, it is not the most secure strategy for an enterprise. » Kiosks, single purpose machines (medical equipment), mobile devices, and embedded systems should run on specialized Oos with reduced functionality to reduce exposed attack surface.• NSA Approved Whitelisting for Most Critical Systems » Start the transition to whitelisting as the primary defense, and AV as the back-up.• What Endpoint Security Strategy is Best for New Data Centers & Cloud Environments? » Virtualization makes cleanup (post infection) easier but exposes critical systems to wide spread attacks.• Consider Virtual Desktops (VDI) » For tasks like call centers, data entry and accounting• Server Lockdown: Neglected in Many Environments » Systems that do not change, often should have rigid controls.A Secure endpoint should consider the network hostile, just as a secure network should consider the endpoints as hostile. (And secure apps should treat the user as hostile.)
  17. 17. More Information• Quantify Your IT Risk with Free E is for Endpoint: 6 Strategies for Scanners Highly Effective IT Pros » premium-security-tools.aspx• Lumension® Endpoint Management and Security Suite » Demo: management-security-suite/demo.aspx » Evaluation: management-security-suite/free-trial.aspx17
  18. 18. Q&A
  19. 19. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.com