The security community is amassing a wealth of intelligence about targeted attacks (aka APTs). One thing we are seeing is that the 2 weakest points in our defense against targeted attacks is the human element and the endpoint. We need to give more attention to the human element, but few of us are in a position to effect behavioral change in our organization. That is a long road requiring support from management and a more psychology-focused skill set.
On the other hand, most of us are in a position to help improve endpoint security. In this webinar I’ll be focusing on how to build a layered defense against targeted endpoint attacks. To build a true defense-in-depth strategy we will look at the phases of a targeted attack:
*Discover – reconnaissance, “casing the joint”
*Distribute – package and deliver the payload
*Exploit- trigger the payload and exploit the vulnerability
*Control- install persistent malware on system, connect back to command & control
*Execute – spread-out and begin taking action against planned objectives
We will identify controls and technologies that we can deploy to disrupt, hinder, detect and prevent attackers at each phase. These will include:
*Endpoint security best practices
*Endpoint management processes
*Hardening steps
*Monitoring techniques
*Endpoint security technologies
We will draw on the wealth of intelligence the security community is amassing and make this a data-driven presentation.
3. Preview of Key
Points
Phases of a targeted attack
How to disrupt, hinder, detect and prevent attackers at each phase
Endpoint security best practices
Endpoint management processes
Hardening steps
Monitoring techniques
Endpoint security technologies
Discover
Distribute
Exploit
Control
Execute
4. Discover
What it is
Reconnaissance
Casing the joint
How to fight it
Human
Difficult
5. Distribute
What it is
Package
Deliver the payload
How to fight it
Web
Content scanning
Website reputation
Email
Scanning
Filtering
Training
Device control
6. Exploit
What it is
Trigger the payload
Exploit the vulnerability
How to fight it
Configuration control
Attack surface reduction
Fast patching
Application control
Whitelisting
Memory protection
Anti-malware
7. Control
What it is
Install persistent malware on system
Connect back to command & control
How to fight it
Application control
Whitelisting
Anti-malware
Configuration control
Network egress scanning
8. Execute
What it is
Spread-out
Begin taking action against planned objectives
How to fight it
Application control
Whitelisting
Anti-malware
Configuration control
Network egress scanning
Host monitoring
New EXEs
New accounts
Suspicious access patterns to critical information
9. Bottom line
Fight them every step of the way
Defense-in-depth
Endpoint security is a many headed beast
So many risk vectors
So many security technologies
Integration between endp0int security techn0logies
One agent
One console
10. 18
Defense-in-Depth with Lumension
Click to edit
Master title
style
Physical
Access
Port/DeviceControlandEncryption
Full Disk
Encryption
FirewallManagement
PatchandConfigurationManagement
Anti-Malware
Network
Access
Sponsored by
11. Sponsored by
• Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the
devices being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Endpoint Management and
Security Suite
» Online Demo Video:
http://www.lumension.com/Resources/Demo-
Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
• Get a Quote (and more)
http://www.lumension.com/endp
oint-management-security-
suite/buy-now.aspx#2
11
Editor's Notes
Closing on this slide allows the audience to see the true defense in depth strategy Lumension provides. It is suggested to start from the left side and move to the right, highlighting each module/capability along the way.