20090106c Presentation Custom

Security and Control for Critical Infrastructure

Introduction to BOUNCER by CoreTrace™

January 2009

©2009 CoreTrace Corporation. All rights reserved.

Introduction to CoreTrace

CoreTrace protects critical environments with high-security, easy change
application whitelisting.

• CoreTrace is one of “Top 10 Security Companies to Watch in 2009.”
Industry
• BOUNCER named one of “Best Security Solutions.”
Accolades
• Bouncer earns an “A” grad.

Customers


Today’s Endpoint Control Challenges


Traditional Endpoint Security

Reactive response to new malware
User Actions
Vulnerabilities
Reactive discovery of unauthorized Compliance Reqs
applications Malware
Unauthorized Apps
...
Reactive and rushed patching of
new vulnerabilities

Reactive recovery from malicious or
accidental user actions

Reactive efforts to meet compliance
requirements


NERC Compliance

Responsible entity shall:
Limit ports and services to those required
Document implementation of security patches or have compensating control
Prevent malicious software
Monitor events, preventing unauthorized change to systems (CIP-007-R2, R3.2, R4, R6)

Challenges
Feasibility
Cost
True benefit to security of critical infrastructure


Example:
Tennessee Valley Authority

WASHINGTON (CNN) — The nation's largest publicly owned utility company
may be vulnerable to cyber attacks, according to a new report. May 21, 2008

Government watchdog agency findings:

Firewalls have been bypassed or are inadequately configured

Passwords are not effective

Servers and workstations lack key patches and effective virus protection

Intrusion-detection systems are not adequate


Fundamental Shift in Endpoint Control Offerings

Application Whitelisting “Trusted Change”
Only allow KNOWN Transparently add
and approved applications new applications or upgrades
to execute. to whitelists.


Kernel-Level Application Whitelisting

Whitelisted Rogue “BOUNCER
User Space Application Application
stopped 100% of
the entered viruses
while traditional
Kernel Space / OS blacklist-based
antivirus solutions
detected an
average of 60%.”
System Resources
Simon Howard
DEFCON 16
Race to Zero”
Enforce a whitelist of approved applications only Organizer

Enable dynamic updates to whitelist from trusted sources
Provide memory protection
Utilize minimal system resources


“Trusted Change”:
Easy, Immediate, and Ongoing Endpoint Control

Establish Deploy Auto-Generate
Trust Models in BOUNCER Client to Custom Whitelist
Administrator Console Multiple Endpoints for Each Endpoint

Trusted Updater:
SMSAdmin.exe

Trusted Application:
Project.msl Automatically
Enforce Whitelist
Trusted Network Share:
(Stopping Unauthorized
servershare
Applications & Malware)
Trusted User:
CORPTomJ Update Custom
Whitelist for New
Trusted Digital Certificate:
Trusted Applications
Microsoft Windows

Report on Security or
Configuration Issues


The Benefits of Shifting the Focus

Proactive elimination of all malware

Proactive elimination of
unauthorized applications

Measured and well-tested
patching Approved
Applications
Proactive elimination of malicious or
accidental user actions

Reduction of Help Desk requests
and reimaging efforts

Automatically meet compliance
requirements


Enabling CIP Compliance with BOUNCER

Limit ports and services to those required
BOUNCER controls network access within the operating system, limiting ports and protocols.

Document implementation of security patches or have compensating control
BOUNCER provides compensating control for systems where patching is not possible, practical,
or affordable and protects systems in legacy environments.

Prevent malicious software
BOUNCER prevents all unauthorized change, including all malware — such as zero-day
attacks, rootkits, buffer overflows, etc.

Monitor events and prevent unauthorized change to systems
BOUNCER provides monitoring and reporting of events and attack attempts.


Case Study:
City Public Service Energy (CPS Energy)

✘Difficulty in running and updating antivirus
✘Unable to patch consistently due to legacy systems
Problem
✘Need to enforce configuration control
✘Need to protect and control systems for NERC-CIP compliance

✔ Protect all Windows systems in SCADA control environments
✔ Provide compensating control for regulatory and audit
Solution
requirements
✔ Ensure security between patching opportunities and on legacy system

Increase system reliability
Compliance with applicable NERC-CIP requirements
Benefits
Able to use a single solution across platforms and requirements


BOUNCER Technical Overview & Demonstration


BOUNCER Is a
Turnkey Application Whitelisting Solution

Three-tiered secure, scalable infrastructure

Secures:
Desktops, laptops, and servers
Fixed, mobile, or disconnected systems

Low-impact on endpoint performance

Multi-platform:
Windows NT 4, 2000, XP, Server 2003
Solaris 7-10
Windows Server 2008/Windows Vista (Q2CY09)

Patented kernel-based network security
infrastructure


Unique Capabilities of BOUNCER

“Trusted Change” that leverages your EXISTING change processes and
technologies

Secure, tamper-proof architecture

Auto-generated whitelists accelerate deployment

Extended security platform (e.g., memory protection, network filtering)

Multi-platform coverage


Summary

BOUNCER directly addresses three major endpoint challenges:
Security
Manageability
Compliance

BOUNCER simplifies endpoint control by:
Ensuring that only approved applications can execute
Enabling transparent additions of new applications or upgrades to the whitelist

BOUNCER provides significant benefits:
Proactively eliminates malware & unauthorized applications
Enables measured and well-tested patching
Proactively eliminates malicious or accidental user actions
Reduce Help Desk requests and reimaging efforts
Helps automatically meet compliance requirements


20090106c Presentation Custom

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 20090106c Presentation Custom

Similar to 20090106c Presentation Custom (20)

Recently uploaded

Recently uploaded (20)

20090106c Presentation Custom