The Case for  Application Control With Jeff James Security Columnist,  Windows IT Pro
Meet our Expert Jeff James  is industry news analyst for  Windows IT Pro . He was previously editor in chief of Microsoft ...
What is Application Control? Windows Server 2008 and Windows 7 are the most secure versions of Windows ever. Yet even with...
Application Control Growth “ Organizations are looking to application control solutions to augment signature-based antivir...
Application Control Tips <ul><li>Embrace Patch Management </li></ul><ul><li>Limit Admin Rights and Privileges </li></ul><u...
Tip #1-  Embrace Patch Management <ul><li>Keeping your OS, clients, and third-party applications patched an updated is a m...
Tip #2 - Limit Admin Rights and Privileges Limit the rights assigned to administrator accounts as much as possible, and us...
Tip #3 – Leverage Windows 7 User Access Control (UAC) UAC – when managed properly – can be a helpful tool in an IT adminis...
Tip #4 -  Explore Windows 7 AppLocker Applocker – a feature found in Windows 7 Ultimate and Enterprise -- can be used to p...
Tip #5 – Consider Whitelisting Software Anti-virus  (AV) and anti-malware software are important parts of any IT security ...
Bonus Tip -  Use Data Protection Create and enforce policies that outline best practices for data use and protection, incl...
Security Resources Windows IT Pro Security page http://www.windowsitpro.com/categories/category/Security.aspx Windows IT P...
Q & A For follow up information, contact Jeff James at  [email_address]  or on Twitter at @jeffjames3. Thank You!
Lumension® Intelligent Whitelisting™ Integrated Endpoint Protection using Lumension ® Endpoint Management and Security Sui...
Changing Role of IT Enabling the Use of New Technology <ul><ul><li>Major Shift For IT Security </li></ul></ul><ul><ul><li>...
Growing Application Centric Risk <ul><ul><li>Social networking applications were detected in 95% of organizations. </li></...
Using Lumension Intelligent Whitelisting to Mitigate Application Risk
Defense-in-Depth Against Malware <ul><li>Typical Approach  </li></ul><ul><li>Multiple layers </li></ul><ul><ul><li>Antivir...
Defense-in-Depth Against Malware <ul><li>Typical Approach  </li></ul><ul><li>Multiple layers </li></ul><ul><ul><li>Antivir...
Defense-in-Depth Against Malware <ul><li>For real defense-in-depth  </li></ul><ul><li>Additional layer needed </li></ul><u...
Application Whitelisting  Malware Applications <ul><li>Authorized </li></ul><ul><li>Operating Systems </li></ul><ul><li>Bu...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  Discovery & Agent Deployment Role Ba...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  Discovery & Agent Deployment Role Ba...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  <ul><li>Patch & Remediation </li></u...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  <ul><li>AntiVirus </li></ul><ul><li>...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  <ul><li>AntiVirus </li></ul><ul><li>...
Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S.  <ul><li>AntiVirus </li></ul><ul><li>...
 
Better Visibility and Control <ul><li>Easy Lockdown - discovers all local applications and creates a local whitelist </li>...
Eliminate Unwanted Applications <ul><li>Easily stop unwanted, unsupported or risky applications and plug-ins </li></ul><ul...
Reduce Local Admin Risk Control Panel – uninstall program Task Manager – kill process Regedit / Command  Install Applicati...
Lumension Intelligent Whitelisting The Efficiency of Antivirus The Flexibility and Ease Of Use  The Effectiveness of Appli...
Endpoint Protection Complexity <ul><li>Multiple Consoles </li></ul><ul><ul><ul><li>3 – 6 different management consoles (av...
With Lumension Device Control, You Can …
Defense-in-Depth with Intelligent Whitelisting Known Malware Unknown Malware Unwanted, Unlicensed, Unsupported application...
A Complete Defense With Lumension Intelligent Whitelisting Physical  Access Firewall / IPS Anti-Malware Patch Management
Next Steps <ul><li>Lumension ® Intelligent Whitelisting™  </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><ul><li>ww...
<ul><li>Global Headquarters </li></ul><ul><li>8660 East Hartford Drive </li></ul><ul><li>Suite 300 </li></ul><ul><li>Scott...
Upcoming SlideShare
Loading in …5
×

Why Application Control is Vital for IT Security

1,341 views

Published on

Ensuring that your enterprise IT infrastructure is secure is a challenging job even under ideal conditions. Using endpoint security, deploying firewalls and keeping your servers and clients patched with the latest security updates can only go so far. Over the last few years, an increasing number of attacks have been aimed at attacking vulnerabilities in third-party applications. IT administrators would be wise to discover, analyze, and either patch or remove third-party applications as yet another aspect of a cohesive security posture. In this security webinar, Windows IT Pro Industry News Analyst and security columnist Jeff James and Chris Merritt, director of solution marketing for Lumension, discuss some tips and best practices for managing and securing third-party applications in your IT environment.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,341
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
45
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Talking Points Intro / CC DC Module, now an integrated part of LEMSS another component of integrated defense-in-depth provides visibility, control (ports, devices, data and malware), encryption and reporting CC is going to demo, but first let me frame the discussion a bit.
  • browser is delivering unprecedented levels of business productivity and IT risk everyday to your endpoint environment. Most organizations can’t stop it business productivity younger workforce blends social-business-personal communications together as one Social networking applications are in use in 95% of businesses today 78% of these applications support file transfers, many are known to be propagators of malware and have vulnerabilities associated with them. Same in industries like Fin Services and healthcare-95% usage of social network across the board Cybercriminals are targeting these social applications greatest opportunities for them is the amount of trust end users put into these social applications. Once in they can replicate their malware with amazing speed and devastating impact. browser based risk we then are in reality starting to talk about cloud computing. isn’t anyone in IT today who hasn’t heard or discussed cloud computing.
  • Application control or whitelisting provides a new layer in the foundation for endpoint protection. Whitelisting is about identifying the known good and by default not letting anything other than what’s on the whitelist from executing. Simply put, any executable – whether a business application, a video driver, or a web browser plug-in – not specified on the whitelist cannot load and run. It’s the most effective security layer as its prevents execution in the kernel.
  • The new way of thinking means nothing will execute unless we know it’s trusted. This shift in thinking requires asking new questions about change coming into our IT environment,… … such as is where did this application come from, who or what installed it, and what vendor wrote it.
  • Many users in today’s organizations are “Local Admins” Legacy operating systems and software require users to have Local Admin accounts in order to install and run correctly Local Admins can make any changes they wish on their own machines Install &amp; remove software Change configurations Kill processes to defeat security tools Removing “local admin” privileges for many organizations is not something that is fees able to do in the short-term The resulting lack of control leads to increased Endpoint Risk and IT management overhead
  • It’s not about blacklisting versus whitelisting. It’s about being intelligent in the way we can take the best of both worlds and deliver a new solution that’s effective , efficient and operational .   An intelligent approach makes it easy for your sales manager at an airport in Singapore to download the latest WEBEX update, without any delays or calls into your help desk.   It allows your IT operations team to quickly deploy new software, and patches without having to constantly and manually update the whitelist. And gives you the ability to “optimize” your policy level of security based on user, machine, or group. This approach also allows you to throttle your level of control for different assets in your enterprise. Lockdown servers completely and give your sales force the flexibility required to remain productive. It’s about understanding acceptable risk vs. required productivity and managing towards that goal.  
  • Endpoint Protection Complexity
  • Using Lumension Device Control, you can mitigate these insider risks by: »» Enforcing a device and media access policy on your endpoints which won’t impede the productivity of the business; »» Enforcing a data encryption policy for removable storage devices and media to protect that valuable data when is copied off of your endpoints; and by »» Monitoring what’s happening in your environment; You can manage and report on all endpoint activity in your organization.
  • Why Application Control is Vital for IT Security

    1. 1. The Case for Application Control With Jeff James Security Columnist, Windows IT Pro
    2. 2. Meet our Expert Jeff James is industry news analyst for Windows IT Pro . He was previously editor in chief of Microsoft TechNet Magazine , was an editorial director at the LEGO Company, and has more than 15 years of experience as a technology writer and journalist.
    3. 3. What is Application Control? Windows Server 2008 and Windows 7 are the most secure versions of Windows ever. Yet even with aggressive patching and updating of server and client OSes, far too many third-party and “rogue” apps create security vulnerabilities. An effective IT security posture needs to include avoidance of dangerous apps and effective management of approved third-party applications . “ Microsoft: Windows is Secure, Applications Not So Much” – Paul Thurrott, Windows IT Pro
    4. 4. Application Control Growth “ Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver
    5. 5. Application Control Tips <ul><li>Embrace Patch Management </li></ul><ul><li>Limit Admin Rights and Privileges </li></ul><ul><li>Leverage Windows 7 User Access Control (UAC) </li></ul><ul><li>Explore Windows 7 AppLocker </li></ul><ul><li>Consider Whitelisting Software </li></ul><ul><li>Bonus Tip: Use Data Protection </li></ul>
    6. 6. Tip #1- Embrace Patch Management <ul><li>Keeping your OS, clients, and third-party applications patched an updated is a must. Here are some IT patch management tips from Windows IT Pro author Orin Thomas: </li></ul><ul><li>Determine which updates have already been deployed </li></ul><ul><li>Prevent update traffic from saturating WAN links </li></ul><ul><li>Prevent update installation from interrupting end users' computer use </li></ul><ul><li>Test updates before deployment </li></ul>Resource : “Solve 4 Common Patch Management Problems” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 103599
    7. 7. Tip #2 - Limit Admin Rights and Privileges Limit the rights assigned to administrator accounts as much as possible, and use restricted groups policies to restrict membership of sensitive groups. Configure accounts to expire on a regular basis. 
    8. 8. Tip #3 – Leverage Windows 7 User Access Control (UAC) UAC – when managed properly – can be a helpful tool in an IT administrator’s application control toolbox.
    9. 9. Tip #4 - Explore Windows 7 AppLocker Applocker – a feature found in Windows 7 Ultimate and Enterprise -- can be used to prevent unlicensed software, stop users from running unauthorized applications, and only allow users to run approved applications and software updates. Resource : “AppLocker in Windows Server 2008 R2 and Windows 7” by Jan DeClercq - www.windowsitpro.com - InstantDoc ID 104625
    10. 10. Tip #5 – Consider Whitelisting Software Anti-virus (AV) and anti-malware software are important parts of any IT security toolbox, but the reality is that traditional signature-based AV doesn’t provide effective protection by itself in today’s threat environment. In addition to AV, implement an application white listing solution such as Microsoft AppLocker or a more robust and comprehensive third-party solution. Resource : “Comparative Review: Application Restriction Products” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 129350
    11. 11. Bonus Tip - Use Data Protection Create and enforce policies that outline best practices for data use and protection, including encryption usage and policies for removable media. Enforcing these policies will decrease the likelihood of manually-delivered malware and other malevolent software from attacking your network.
    12. 12. Security Resources Windows IT Pro Security page http://www.windowsitpro.com/categories/category/Security.aspx Windows IT Pro Security Blog http://www.windowsitpro.com/blogs/security.aspx Russell Smith’s Least Privilege Security Blog http://leastprivilegesecurity.blogspot.com
    13. 13. Q & A For follow up information, contact Jeff James at [email_address] or on Twitter at @jeffjames3. Thank You!
    14. 14. Lumension® Intelligent Whitelisting™ Integrated Endpoint Protection using Lumension ® Endpoint Management and Security Suite Chris Merritt, Solution Marketing
    15. 15. Changing Role of IT Enabling the Use of New Technology <ul><ul><li>Major Shift For IT Security </li></ul></ul><ul><ul><li>It’s now IT’s job to say YES! </li></ul></ul>
    16. 16. Growing Application Centric Risk <ul><ul><li>Social networking applications were detected in 95% of organizations. </li></ul></ul><ul><ul><li>78% of Web 2.0 applications support file transfer. </li></ul></ul><ul><ul><li>2/3 of applications have known vulnerabilities. </li></ul></ul><ul><ul><li>28% of applications were known to propagate malware. </li></ul></ul>Source: Palo Alto Networks Application Survey, 2010
    17. 17. Using Lumension Intelligent Whitelisting to Mitigate Application Risk
    18. 18. Defense-in-Depth Against Malware <ul><li>Typical Approach </li></ul><ul><li>Multiple layers </li></ul><ul><ul><li>Antivirus </li></ul></ul><ul><ul><li>Patching </li></ul></ul>
    19. 19. Defense-in-Depth Against Malware <ul><li>Typical Approach </li></ul><ul><li>Multiple layers </li></ul><ul><ul><li>Antivirus </li></ul></ul><ul><ul><li>Patching </li></ul></ul><ul><li>However, both are: </li></ul><ul><li>Reactive </li></ul><ul><li>Negative security model </li></ul><ul><li>Straining to deal with pace and sophistication of today’s financially- and politically-motivated attackers </li></ul>
    20. 20. Defense-in-Depth Against Malware <ul><li>For real defense-in-depth </li></ul><ul><li>Additional layer needed </li></ul><ul><li>Fundamentally different approach </li></ul><ul><li>Application Whitelisting </li></ul><ul><li>Proactive </li></ul><ul><li>Positive security model </li></ul>
    21. 21. Application Whitelisting Malware Applications <ul><li>Authorized </li></ul><ul><li>Operating Systems </li></ul><ul><li>Business Software </li></ul><ul><li>Known </li></ul><ul><li>Viruses </li></ul><ul><li>Worms </li></ul><ul><li>Trojans </li></ul><ul><li>Unauthorized </li></ul><ul><li>Games </li></ul><ul><li>iTunes </li></ul><ul><li>Shareware </li></ul><ul><li>Unlicensed S/W </li></ul><ul><li>Unknown </li></ul><ul><li>Viruses </li></ul><ul><li>Worms </li></ul><ul><li>Trojans </li></ul><ul><li>Keyloggers </li></ul><ul><li>Spyware </li></ul>Un-Trusted
    22. 22. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure
    23. 23. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure <ul><li>Device Control </li></ul><ul><li>Control Removable Devices </li></ul><ul><li>Enforced Encryption for Removable Storage </li></ul><ul><li>Filename Tracking & Full File Shadowing Audits </li></ul>
    24. 24. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. <ul><li>Patch & Remediation </li></ul><ul><li>Heterogeneous Support </li></ul><ul><li>Broadest 3 rd Party Vulnerability Content </li></ul><ul><li>Automated Baselines </li></ul><ul><li>Advanced Patch Deployment and Reboot Control </li></ul>Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure <ul><li>Device Control </li></ul><ul><li>Control Removable Devices </li></ul><ul><li>Enforced Encryption for Removable Storage </li></ul><ul><li>Filename Tracking & Full File Shadowing Audits </li></ul>
    25. 25. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. <ul><li>AntiVirus </li></ul><ul><li>Comprehensive Malware Signature Database </li></ul><ul><li>Variant and Exploit Detection </li></ul><ul><li>Sandbox Analysis </li></ul><ul><li>Run-time Scanning </li></ul><ul><li>Patch & Remediation </li></ul><ul><li>Heterogeneous Support </li></ul><ul><li>Broadest 3 rd Party Vulnerability Content </li></ul><ul><li>Automated Baselines </li></ul><ul><li>Advanced Patch Deployment and Reboot Control </li></ul>Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure
    26. 26. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. <ul><li>AntiVirus </li></ul><ul><li>Comprehensive Malware Signature Database </li></ul><ul><li>Variant and Exploit Detection </li></ul><ul><li>Sandbox Analysis </li></ul><ul><li>Run-time Scanning </li></ul><ul><li>Application Control </li></ul><ul><li>Application Whitelisting </li></ul><ul><li>Simplified Whitelist and Policy Creation </li></ul><ul><li>Automated “Trust Engine” whitelist maintenance </li></ul><ul><li>Deny unwanted Applications </li></ul><ul><li>Patch & Remediation </li></ul><ul><li>Heterogeneous Support </li></ul><ul><li>Broadest 3 rd Party Vulnerability Content </li></ul><ul><li>Automated Baselines </li></ul><ul><li>Advanced Patch Deployment and Reboot Control </li></ul>Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure
    27. 27. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. <ul><li>AntiVirus </li></ul><ul><li>Comprehensive Malware Signature Database </li></ul><ul><li>Variant and Exploit Detection </li></ul><ul><li>Sandbox Analysis </li></ul><ul><li>Run-time Scanning </li></ul><ul><li>Application Control </li></ul><ul><li>Application Whitelisting </li></ul><ul><li>Simplified Whitelist and Policy Creation </li></ul><ul><li>Automated “Trust Engine” whitelist maintenance </li></ul><ul><li>Deny unwanted Applications </li></ul><ul><li>Patch & Remediation </li></ul><ul><li>Heterogeneous Support </li></ul><ul><li>Broadest 3 rd Party Vulnerability Content </li></ul><ul><li>Automated Baselines </li></ul><ul><li>Advanced Patch Deployment and Reboot Control </li></ul>Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure <ul><li>Device Control </li></ul><ul><li>Control Removable Devices </li></ul><ul><li>Enforced Encryption for Removable Storage </li></ul><ul><li>Filename Tracking & Full File Shadowing Audits </li></ul>
    28. 29. Better Visibility and Control <ul><li>Easy Lockdown - discovers all local applications and creates a local whitelist </li></ul><ul><ul><li>Discovers everything </li></ul></ul><ul><ul><li>Accounts for all variations </li></ul></ul><ul><li>Application Library - aggregates all snapshot discovery results centrally </li></ul><ul><ul><li>Central visibility </li></ul></ul><ul><ul><li>Flexible application grouping with details (hash, name, certificate, path, etc.) </li></ul></ul><ul><li>Application Event Log - provide intelligence around how applications are being used, how they were introduced, and how prevalent they are </li></ul><ul><li>Easy Auditor - identifies change control policy violations through real-world analysis </li></ul>
    29. 30. Eliminate Unwanted Applications <ul><li>Easily stop unwanted, unsupported or risky applications and plug-ins </li></ul><ul><ul><li>Immediate and simple risk mitigation </li></ul></ul><ul><ul><li>Does not require “whitelisting enforcement” </li></ul></ul>Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications with Lumension Patch and Remediation
    30. 31. Reduce Local Admin Risk Control Panel – uninstall program Task Manager – kill process Regedit / Command Install Applications Change Configurations Remove Patches & Uninstall Software Defeat Security Tools control.exe Denied Application: Denied Application: cmd.exe regedit.exe taskmgr.exe Denied Application: Application Control: Easy Lockdown Trust Engine Action Example How Lumension Stops
    31. 32. Lumension Intelligent Whitelisting The Efficiency of Antivirus The Flexibility and Ease Of Use The Effectiveness of Application Control Intelligent Whitelisting
    32. 33. Endpoint Protection Complexity <ul><li>Multiple Consoles </li></ul><ul><ul><ul><li>3 – 6 different management consoles (avg range) </li></ul></ul></ul><ul><li>Agent Bloat </li></ul><ul><ul><ul><li>3 – 10 agents installed per endpoint (avg range) </li></ul></ul></ul><ul><ul><ul><li>Decreased network performance </li></ul></ul></ul><ul><li>Lack of Control </li></ul><ul><ul><ul><li>54% of IT security professionals cite managing security complexity as their #1 challenge </li></ul></ul></ul><ul><ul><ul><li>Decreasing visibility and disparate data </li></ul></ul></ul><ul><ul><ul><li>Ad hoc monitoring of security posture </li></ul></ul></ul><ul><ul><ul><ul><li>43% of existing access rights were either excessive or should have been retired </li></ul></ul></ul></ul><ul><li>Increasing TCO of Point Products </li></ul><ul><ul><ul><li>Integration and Maintenance </li></ul></ul></ul>
    33. 34. With Lumension Device Control, You Can …
    34. 35. Defense-in-Depth with Intelligent Whitelisting Known Malware Unknown Malware Unwanted, Unlicensed, Unsupported applications Application Vulnerabilities Configuration Vulnerabilities AntiVirus X X Application Control X X Patch & Remediation X X Security Configuration Management X
    35. 36. A Complete Defense With Lumension Intelligent Whitelisting Physical Access Firewall / IPS Anti-Malware Patch Management
    36. 37. Next Steps <ul><li>Lumension ® Intelligent Whitelisting™ </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><ul><li>www.lumension.com/Solutions/Intelligent-Whitelisting.aspx </li></ul></ul></ul><ul><ul><li>Free Demo </li></ul></ul><ul><ul><ul><li>www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx </li></ul></ul></ul><ul><ul><li>Free Application Scanner </li></ul></ul><ul><ul><ul><li>www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx </li></ul></ul></ul><ul><li>Whitepaper and Videos </li></ul><ul><ul><li>Think Your Anti-Virus is Working? Think Again. </li></ul></ul><ul><ul><ul><li>www.lumension.com/special-offer/App-Whitelisting-V2.aspx </li></ul></ul></ul><ul><ul><li>Using Defense-in-Depth to Combat Endpoint Malware </li></ul></ul><ul><ul><ul><li>l.lumension.com/puavad </li></ul></ul></ul><ul><ul><li>Reducing Local Admin Access </li></ul></ul><ul><ul><ul><li>www.lumension.com/special-offer/us-local-admin.aspx </li></ul></ul></ul>
    37. 38. <ul><li>Global Headquarters </li></ul><ul><li>8660 East Hartford Drive </li></ul><ul><li>Suite 300 </li></ul><ul><li>Scottsdale, AZ 85255 </li></ul><ul><li>1.888.725.7828 </li></ul><ul><li>[email_address] </li></ul><ul><li>http://blog.lumension.com </li></ul>

    ×