How to improve endpoint security on a SMB budget


Published on


Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • © Copyright 2008 - Lumension Security
  • See
  • See
  • See
  • How to improve endpoint security on a SMB budget

    1. 1. Effective and Efficient Security on a SMB Budget Part I – How to Improve SMB Endpoint Security
    2. 2. Today’s Speakers Chris Merritt Director of Solution Marketing Lumension Roger A. Grimes Security Consultant, Author and Columnist
    3. 3. Today’s Agenda Today’s Threats Defenses – and What Does & Does Not Work Improving SMB Security Q&A
    4. 4. Today’s Threats
    5. 5. Today’s Threats <ul><li>General Categories </li></ul><ul><li>Financially Motivated </li></ul><ul><ul><li>Bank Accts, Passwords, etc. </li></ul></ul><ul><ul><li>Identity Theft </li></ul></ul><ul><ul><li>Insiders </li></ul></ul><ul><li>Intellectual Property Theft </li></ul><ul><li>Hacktivists </li></ul><ul><ul><li>IP / Customer data </li></ul></ul><ul><ul><li>Denial of Service </li></ul></ul><ul><ul><li>Reputational Damage </li></ul></ul>
    6. 6. Today’s Threats <ul><li>Financially Motivated Examples </li></ul><ul><ul><li>Fraudulent Payroll / Accounting Transfers </li></ul></ul><ul><ul><li>Bank Info Stealing Trojans </li></ul></ul><ul><ul><li>Fake Invoices </li></ul></ul><ul><ul><li>Malicious Long Distance Service </li></ul></ul><ul><ul><li>Extortion </li></ul></ul>
    7. 7. Today’s Threats <ul><li>IP Theft Examples </li></ul><ul><ul><li>Corporate Espionage </li></ul></ul><ul><ul><li>Future Product Plans </li></ul></ul><ul><ul><li>Trade Secrets </li></ul></ul><ul><ul><li>Customer Lists </li></ul></ul><ul><ul><li>Lawyer Case Files (sold to opposing counsel) </li></ul></ul><ul><ul><li>RSA Attack </li></ul></ul>
    8. 8. Today’s Threats <ul><li>Hacktivist Examples </li></ul><ul><ul><li>Wikileaks </li></ul></ul><ul><ul><li>Retaliation </li></ul></ul><ul><ul><li>Distributed Denial of Service (DDOS) as a Protest </li></ul></ul>
    9. 9. Typical SMB Defenses
    10. 10. Defense-in-Depth <ul><li>Traditional Defenses … </li></ul><ul><ul><li>Antivirus </li></ul></ul><ul><ul><li>Patching Microsoft OS and Apps </li></ul></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>Strong Passwords </li></ul></ul><ul><ul><li>End-User Education Programs </li></ul></ul><ul><ul><li>… Don’t Always Work: If They Did, We Wouldn’t Have IT Security Breaches! </li></ul></ul>
    11. 11. Defenses – What Does Not Work
    12. 12. Defenses <ul><li>Where Traditional Defenses Fall Short </li></ul><ul><ul><li>Risk from Un-patched 3 rd Party Apps </li></ul></ul><ul><ul><li>Controlling Local Admins Gone Wild </li></ul></ul><ul><ul><li>Preventing Zero-Day Attacks and Targeted Malware </li></ul></ul><ul><ul><li>End-User Education Isn’t Keeping Up </li></ul></ul><ul><ul><li>Actionable Reporting and Security Measurement </li></ul></ul>
    13. 13. Why Antivirus Doesn’t Work <ul><ul><li>Swamped by the Deluge </li></ul></ul><ul><ul><li>Can’t keep up with rising daily volume of malware </li></ul></ul><ul><ul><li>Can’t defend against zero-day threats (on average, only 19% of new malware signatures are detected on day 1) </li></ul></ul><ul><ul><li>Severely impacts endpoint performance </li></ul></ul><ul><ul><li>36% of SMBs rely on free AV </li></ul></ul>
    14. 14. Hidden Costs of Antivirus <ul><li>Acquisition Costs </li></ul><ul><ul><li>Licensing (license cost, maintenance, support) </li></ul></ul><ul><ul><li>Installation (HW / SW, roll-out, other) </li></ul></ul><ul><li>Operational Costs </li></ul><ul><ul><li>System Managemenet </li></ul></ul><ul><ul><li>Incident Management (help desk, escalation, re-imaging) </li></ul></ul><ul><ul><li>Lost Productivity </li></ul></ul><ul><li>Extraordinary Costs </li></ul><ul><ul><li>Data Breach </li></ul></ul>Operational (60~80%) Acquistion (20~40%)
    15. 15. Why Patching Microsoft Alone Doesn’t Work <ul><li>Missing the Target </li></ul><ul><ul><li>Relying on “free” tools </li></ul></ul><ul><ul><li>Go beyond Microsoft </li></ul></ul><ul><ul><li>Most organizations take at least twice as long to patch 3 rd party application vulnerabilities than they do to patch OS vulnerabilities </li></ul></ul><ul><ul><li>60% of users are running un-patched versions of Adobe </li></ul></ul>
    16. 16. Hidden Costs of Free Patching <ul><ul><li>Why “Free” Can Cost You More </li></ul></ul><ul><ul><li>Speed and Accuracy </li></ul></ul><ul><ul><li>Time to deploy non-MSFT or custom application patches </li></ul></ul><ul><ul><li>No CVE information </li></ul></ul><ul><ul><li>Visibility and Compliance </li></ul></ul><ul><ul><li>Lack of hardware and software inventory </li></ul></ul><ul><ul><li>Limited reporting </li></ul></ul>
    17. 17. Defenses <ul><li>What Else Doesn’t Work </li></ul><ul><ul><li>Buying advanced tools, such as IDS, PKI, black-box solutions, while ignoring the basics </li></ul></ul><ul><ul><li>Preventing attack methods instead of shoring up IT risk sources and focusing on preventing malware execution </li></ul></ul>
    18. 18. Defenses <ul><li>Better End-User Education </li></ul><ul><ul><ul><li>Do your users know the company security policies and do they understand their importance? </li></ul></ul></ul><ul><ul><ul><li>Do you show your users what your “real” AV detection screen looks like? </li></ul></ul></ul><ul><ul><ul><li>Do they know that they are most likely to be infected from legitimate web sites, social media, USB keys, etc.? </li></ul></ul></ul>
    19. 19. Defenses – What Does Work
    20. 20. Defenses <ul><li>What Does Work </li></ul><ul><ul><li>Focusing on the Basics </li></ul></ul><ul><ul><li>Prioritize and Implement </li></ul></ul><ul><ul><li>Using past history to determine this year’s priorities </li></ul></ul><ul><ul><li>Make a ranked list and begin </li></ul></ul><ul><ul><li>Go for low hanging fruit first </li></ul></ul><ul><ul><li>Using Strong Data to Convince Management </li></ul></ul>
    21. 21. Focus on the Operational Basics Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010 Assess Prioritize Remediate Repeat <ul><li>Identify all IT assets (including platforms, operating systems, applications, network services) </li></ul><ul><li>Monitor external sources for vulnerabilities, threats and intelligence regarding remediation </li></ul><ul><li>Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations </li></ul><ul><li>Maintain an inventory of IT assets </li></ul><ul><li>Maintain a database of remediation intelligence </li></ul><ul><li>Prioritize the order of remediation as a function of risk, compliance, audit and business value </li></ul><ul><li>Model / stage / test remediation before deployment </li></ul><ul><li>Deploy remediation (automated, or manually) </li></ul><ul><li>Train administrators and end-users in vulnerability management best practices </li></ul><ul><li>Scan to verify success of previous remediation </li></ul><ul><li>Report for audit and compliance </li></ul><ul><li>Continue to assess, prioritize and remediate </li></ul>
    22. 22. Defenses – What Does Work <ul><ul><li>Augment existing defense-in-depth tools </li></ul></ul><ul><ul><li>Comprehensive Patch and Configuration Management </li></ul></ul><ul><ul><li>Application Control / Whitelisting </li></ul></ul><ul><ul><li>Device Control </li></ul></ul><ul><ul><li>Encryption </li></ul></ul>Blacklisting As The Core Zero Day 3 rd Party Application Risk Malware As a Service Volume of Malware Traditional Endpoint Security
    23. 23. Improving SMB Security
    24. 24. Minimize Your True Endpoint Risk <ul><li>Rapid Patch and Configuration Management </li></ul><ul><li>Analyze and deploy patches across all OS’s and apps (incl. 3 rd party) </li></ul><ul><li>Ensure all endpoints on the network are managed </li></ul><ul><li>Benchmark and continuously enforce patch and configuration management processes </li></ul><ul><li>Don’t forget about the browser! </li></ul><ul><ul><li>Un-patched browsers represent the highest risk for web-borne malware. </li></ul></ul>Source: John Pescatore Vice President, Gartner Fellow 30% Missing Patches Areas of Risk at the Endpoint 65% Misconfigurations 5% Zero-Day
    25. 25. <ul><li>Antivirus </li></ul><ul><li>Use for malware clean-up and removal </li></ul><ul><li>Application control </li></ul><ul><li>Much better defense to prevent unknown or unwanted apps from running </li></ul>Stop Malware Payloads with App Whitelisting Malware Apps <ul><li>Known </li></ul><ul><li>Viruses </li></ul><ul><li>Worms </li></ul><ul><li>Trojans </li></ul><ul><li>Unknown </li></ul><ul><li>Viruses </li></ul><ul><li>Worms </li></ul><ul><li>Trojans </li></ul><ul><li>Keyloggers </li></ul><ul><li>Spyware </li></ul><ul><li>Authorized </li></ul><ul><li>Operating Systems </li></ul><ul><li>Business Software </li></ul><ul><li>Unauthorized </li></ul><ul><li>Games </li></ul><ul><li>iTunes </li></ul><ul><li>Shareware </li></ul><ul><li>Unlicensed S/W </li></ul>Un-Trusted
    26. 26. Stop Unwanted Applications <ul><li>Immediate and simple risk mitigation </li></ul>Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
    27. 27. Reduce Local Administrator Risk <ul><li>Monitor / Control Local Admin Usage </li></ul><ul><li>Local Admins can do ANYTHING on their systems </li></ul><ul><ul><li>Install unwanted and unauthorized software </li></ul></ul><ul><ul><li>Install malware </li></ul></ul><ul><ul><li>Remove patches </li></ul></ul><ul><ul><li>Bypass security measures </li></ul></ul><ul><ul><li>Change configurations </li></ul></ul>
    28. 28. Manage those Devices
    29. 29. Encryption <ul><li>Endpoints (Whole Disk) </li></ul><ul><li>Secure all data on endpoint </li></ul><ul><li>Enforce secure pre-boot authentication w/ single sign-on </li></ul><ul><li>Recover forgotten passwords and data quickly </li></ul><ul><li>Automated deployment </li></ul><ul><li>Removable Devices </li></ul><ul><li>Secure all data on removable devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs) </li></ul><ul><li>Centralized limits, enforcement, and visibility </li></ul>Laptop Thefts (IDC 2010) Lost UFDs (Ponemon 2011)
    30. 30. Improving SMB Security <ul><li>Problems </li></ul><ul><ul><li>Defense-In-Depth is not easy </li></ul></ul><ul><ul><li>Hard to manage it all </li></ul></ul><ul><ul><li>Different solutions don’t always work well together </li></ul></ul><ul><ul><li>The more consoles you have to monitor, the less you’ll do it </li></ul></ul><ul><ul><li>Unreviewed logs are useless </li></ul></ul><ul><ul><li>It’s NOT compliance vs. security … both are necessary </li></ul></ul>
    31. 31. Improving SMB Security <ul><li>Solution – Security Suites </li></ul><ul><ul><li>Single Server / Management Console </li></ul></ul><ul><ul><li>Single Agent </li></ul></ul><ul><ul><li>Modular, Extensible Design </li></ul></ul><ul><ul><li>Organization-wide Reporting </li></ul></ul><ul><ul><li>Lower Total Cost of Ownership (TCO) </li></ul></ul>Single Console Agile architecture Single Promotable Agent
    32. 32. More Information <ul><li>SMB Security Series </li></ul><ul><ul><li>Resource Center: </li></ul></ul><ul><ul><li>Webcast Part 2: </li></ul></ul><ul><li>Quantify Your IT Risk with Free Scanners </li></ul><ul><ul><li> </li></ul></ul><ul><li>Lumension ® Endpoint Management and Security Suite </li></ul><ul><ul><li>Demo: </li></ul></ul><ul><ul><li>Evaluation: </li></ul></ul>SMB Market Survey
    33. 33. <ul><li>Global Headquarters </li></ul><ul><li>8660 East Hartford Drive </li></ul><ul><li>Suite 300 </li></ul><ul><li>Scottsdale, AZ 85255 </li></ul><ul><li>1.888.725.7828 </li></ul><ul><li>[email_address] </li></ul><ul><li> </li></ul>