More Related Content
Similar to 20090106c Presentation Custom (20)
20090106c Presentation Custom
- 1. Security and Control for Critical Infrastructure
Introduction to BOUNCER by CoreTrace™
January 2009
©2009 CoreTrace Corporation. All rights reserved.
- 2. Introduction to CoreTrace
CoreTrace protects critical environments with high-security, easy change
application whitelisting.
• CoreTrace is one of “Top 10 Security Companies to Watch in 2009.”
Industry
• BOUNCER named one of “Best Security Solutions.”
Accolades
• Bouncer earns an “A” grad.
Customers
©2009 CoreTrace Corporation. All rights reserved.
- 4. Traditional Endpoint Security
Reactive response to new malware
User Actions
Vulnerabilities
Reactive discovery of unauthorized Compliance Reqs
applications Malware
Unauthorized Apps
...
Reactive and rushed patching of
new vulnerabilities
Reactive recovery from malicious or
accidental user actions
Reactive efforts to meet compliance
requirements
©2009 CoreTrace Corporation. All rights reserved.
- 5. NERC Compliance
Responsible entity shall:
Limit ports and services to those required
Document implementation of security patches or have compensating control
Prevent malicious software
Monitor events, preventing unauthorized change to systems (CIP-007-R2, R3.2, R4, R6)
Challenges
Feasibility
Cost
True benefit to security of critical infrastructure
©2009 CoreTrace Corporation. All rights reserved.
- 6. Example:
Tennessee Valley Authority
WASHINGTON (CNN) — The nation's largest publicly owned utility company
may be vulnerable to cyber attacks, according to a new report. May 21, 2008
Government watchdog agency findings:
Firewalls have been bypassed or are inadequately configured
Passwords are not effective
Servers and workstations lack key patches and effective virus protection
Intrusion-detection systems are not adequate
©2009 CoreTrace Corporation. All rights reserved.
- 7. Fundamental Shift in Endpoint Control Offerings
Application Whitelisting “Trusted Change”
Only allow KNOWN Transparently add
and approved applications new applications or upgrades
to execute. to whitelists.
©2009 CoreTrace Corporation. All rights reserved.
- 8. Kernel-Level Application Whitelisting
Whitelisted Rogue “BOUNCER
User Space Application Application
stopped 100% of
the entered viruses
while traditional
Kernel Space / OS blacklist-based
antivirus solutions
detected an
average of 60%.”
System Resources
Simon Howard
DEFCON 16
Race to Zero”
Enforce a whitelist of approved applications only Organizer
Enable dynamic updates to whitelist from trusted sources
Provide memory protection
Utilize minimal system resources
©2009 CoreTrace Corporation. All rights reserved.
- 9. “Trusted Change”:
Easy, Immediate, and Ongoing Endpoint Control
Establish Deploy Auto-Generate
Trust Models in BOUNCER Client to Custom Whitelist
Administrator Console Multiple Endpoints for Each Endpoint
Trusted Updater:
SMSAdmin.exe
Trusted Application:
Project.msl Automatically
Enforce Whitelist
Trusted Network Share:
(Stopping Unauthorized
servershare
Applications & Malware)
Trusted User:
CORPTomJ Update Custom
Whitelist for New
Trusted Digital Certificate:
Trusted Applications
Microsoft Windows
Report on Security or
Configuration Issues
©2009 CoreTrace Corporation. All rights reserved.
- 10. The Benefits of Shifting the Focus
Proactive elimination of all malware
Proactive elimination of
unauthorized applications
Measured and well-tested
patching Approved
Applications
Proactive elimination of malicious or
accidental user actions
Reduction of Help Desk requests
and reimaging efforts
Automatically meet compliance
requirements
©2009 CoreTrace Corporation. All rights reserved.
- 11. Enabling CIP Compliance with BOUNCER
Limit ports and services to those required
BOUNCER controls network access within the operating system, limiting ports and protocols.
Document implementation of security patches or have compensating control
BOUNCER provides compensating control for systems where patching is not possible, practical,
or affordable and protects systems in legacy environments.
Prevent malicious software
BOUNCER prevents all unauthorized change, including all malware — such as zero-day
attacks, rootkits, buffer overflows, etc.
Monitor events and prevent unauthorized change to systems
BOUNCER provides monitoring and reporting of events and attack attempts.
©2009 CoreTrace Corporation. All rights reserved.
- 12. Case Study:
City Public Service Energy (CPS Energy)
✘Difficulty in running and updating antivirus
✘Unable to patch consistently due to legacy systems
Problem
✘Need to enforce configuration control
✘Need to protect and control systems for NERC-CIP compliance
✔ Protect all Windows systems in SCADA control environments
✔ Provide compensating control for regulatory and audit
Solution
requirements
✔ Ensure security between patching opportunities and on legacy system
Increase system reliability
Compliance with applicable NERC-CIP requirements
Benefits
Able to use a single solution across platforms and requirements
©2009 CoreTrace Corporation. All rights reserved.
- 14. BOUNCER Is a
Turnkey Application Whitelisting Solution
Three-tiered secure, scalable infrastructure
Secures:
Desktops, laptops, and servers
Fixed, mobile, or disconnected systems
Low-impact on endpoint performance
Multi-platform:
Windows NT 4, 2000, XP, Server 2003
Solaris 7-10
Windows Server 2008/Windows Vista (Q2CY09)
Patented kernel-based network security
infrastructure
©2009 CoreTrace Corporation. All rights reserved.
- 15. Unique Capabilities of BOUNCER
“Trusted Change” that leverages your EXISTING change processes and
technologies
Secure, tamper-proof architecture
Auto-generated whitelists accelerate deployment
Extended security platform (e.g., memory protection, network filtering)
Multi-platform coverage
©2009 CoreTrace Corporation. All rights reserved.
- 16. Summary
BOUNCER directly addresses three major endpoint challenges:
Security
Manageability
Compliance
BOUNCER simplifies endpoint control by:
Ensuring that only approved applications can execute
Enabling transparent additions of new applications or upgrades to the whitelist
BOUNCER provides significant benefits:
Proactively eliminates malware & unauthorized applications
Enables measured and well-tested patching
Proactively eliminates malicious or accidental user actions
Reduce Help Desk requests and reimaging efforts
Helps automatically meet compliance requirements
©2009 CoreTrace Corporation. All rights reserved.