SlideShare a Scribd company logo

Endpoint Security Shifting Paradigms 5

T
tafinley

Please contact Noklek Finley or Doug Finley to discuss Naknan's endpoint security solutions. Naknan offers integrated whitelisting, patch management, and other controls to prevent malware execution and enforce compliance. Their solutions audit endpoints, update whitelists automatically during patching, and provide command/control of individual systems. Naknan differentiates itself through automated whitelist maintenance and its ability to schedule commands remotely.

1 of 19
Download to read offline
Endpoint Security Shifting Paradigms
Malware Outbreaks Growing • Constant morphing ● Constant attacks ● No target is too small ● Damage to victims goes far beyond money ● Government (and trial lawyers) growing interest ● Everyone is at risk
Today's Paradigm ● We know what malware looks like; ● Our users won't accept changes that impact the way they work; ● We can train our users so well they'll never make a mistake; ● And, our techs and SysAdmins; ● With just a little more effort we can deploy all patches to all devices on time every time, without fail; ● We've always used blacklists; they work; ● We're smarter than the bad guys; and, ● We just got breached.
A New Paradigm ● We can't recognize everything that's bad; ● Users can accept reasonable changes because they all know an identity-theft victim; ● We can know what is permitted on each computer; ● Whitelisting works because ✔ We now do it at the executable level (executables and shared libraries); ✔ White lists can be updated each time a patch or update is deployed; ✔ White list maintenance is mostly automated; ✔ Whitelisting is augmented with other endpoint controls. ● No matter what kind of malware gets in because of user errors, misconfigurations, or missing patches, it can't execute.
Security Assistant ● Stops everything not on white list ● Deploys patches, automates whitelist maintenance ● Audits endpoints by opening each file on all drives ● Semi-NAC ●Console window for every endpoint with schedule-capable commands
Full Stop ● Stops everything not on white list ✔ Monitors hard drive writes (including browser cache) ✔ Quarantines if executable/shared library & not on white list ✔ Monitors process starts ✔ Blocks if starting program not on white list ✔ Monitors removable media ✔ Blocks execution if not on white list
Integrated Patch/Whitelist Maintenance ● Deploys patches, automates whitelist maintenance ✔ Provisional whitelist includes pre- and post-patch file information, as well as the patch itself; ✔ Post-patch whitelist removes information for pre-patch conditions and the patch; ✔ ADDED VALUE – Endpoint restored to pre-patch restore point is immediately obvious; no more unknown lost patches.
Full System Audit Audits endpoints by opening each file on all drives ● ✔ Maps results to FDCC patch requirements Vulnerabilities Identified ✔ Maps results to CVE-type patchable vulnerabilities ✔ Can map to any similar standard or requirement ✔ Shows authorized software Consensus Audit Guidelines Critical Control #2 ✔ Shows unauthorized software ✔ "Click-to-Remove" builds script to remove unwanted files/applications, runs when initiated from GUI
Network-Related ● Semi-NAC ✔ Monitor network traffic ✔ Each node "knows" other devices on same subnet ✔ Reports and refuses to communicate with unknown devices on same subnet ✔ Early 2010, not limited to same subnet
Command Window ● Window into every node ✔ Do anything you could if you were at the node ✔ Schedule console commands; no commands excepted ✔ Highly secure and very mature interface ✔ Gives complete control of each node, realtime and/or scheduled
Critical Infrastructure FERC Critical Infrastructure Protection Requirements -- CIP-007-2 R3. Security Patch Management — establish, document and implement a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter(s). R3.1. document the assessment of security patches and security upgrades R3.2. document the implementation of security patches. R4. Malicious Software Prevention — use anti-virus software and other malicious software (“malware”) prevention [and removal] tools R4.1. implement anti-virus and malware prevention tools. R4.2. implement a process for the update of anti-virus and malware prevention “signatures.” Similar requirements in other CIP documents.
Consensus Audit Guidelines ● Critical Control 2: Know all authorized and unauthorized software; enforce whitelist – FULL ● Critical Control 10: Continuous Vulnerability Testing and Remediation – PARTIAL (no H/W configuration checking) ● Critical Control 12: Anti-Malware Defenses – FULL ● Critical Control 15: Data Leakage Protection – PARTIAL (log each USB drive inserted; write-to-removable media can be prevented; block execution of malware which steals data/information)
What Makes Us Different? ● Whitelisting with integrated Patch Management, making possible ● Automated whitelist maintenance ● Patch Compliance reporting without false positives (FDCC, CVE, others) ● Event scheduling Shut down apps, change user mode, ● Command console on target node schedule & execute any console command ● Network Access Control Detect/report newcomers on network Each node has its own white list, updated as patches, updates, and applications are deployed. Command console gives you a console window on the target node, and event scheduling lets you schedule any input that the target node's console will accept, as if you were there. Network Access Control discriminates between new authorized and new unauthorized devices, although both are initially unknown.
End-User Impacts ● Can't run "non-business" applications ● Can't install off-whitelist software ● Can't download software from the web ● Can't run file-sharing and IM applications ● Can't get infected by web browsing or opening infected email or attachments Once users understand the importance of culture changes, they go along Approved "Add To Whitelist" policy and procedure must be published to all
Organization Impacts ● No malware infections ● No patchable vulnerabilities ● No unauthorized software ● "Proof of Compliance" endpoint audits ● More orderly use of IT staff (fewer fire drills) Increased security at all endpoints makes your organization a less attractive target.
Demo ● Insert removable media – detected, reported, logged ● Execute file on removable media – blocked, reported, logged ● Copy executable from removable media to hard drive – quarantined, reported, logged ● Browse infected web site (assist malware download as necessary) – download quarantined ● Repeat at other infected web sites – quarantined Shouldn't your organization be so well protected?
Naknan Corporate Contacts • Noklek Finley, President & CEO - Doug Finley, Vice President 281-990-0030, Ext. 12 1300-A Bay Area Blvd., Suite 233 Houston, TX 77058 281-990-0030 www.naknan.com Business Development Team: Romani Perera, Business Development Romani_Perera@naknan.com Timi Finley John, Director-Support Services Timi_Finley@naknan.com

Recommended

Staying One Step Ahead with Zero-Day Protection
Staying One Step Ahead with Zero-Day ProtectionStaying One Step Ahead with Zero-Day Protection
Staying One Step Ahead with Zero-Day Protection
MarketingArrowECS_CZ
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
MarketingArrowECS_CZ
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
UC2
 
Making Sense of Threat Reports
Making Sense of Threat ReportsMaking Sense of Threat Reports
Making Sense of Threat Reports
DLT Solutions
 
GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the Cheap
Joel Cardella
 
Mender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io | Securing the Connected Car
Mender.io | Securing the Connected Car
Mender.io
 
Ubuntu en AAO
Ubuntu en AAOUbuntu en AAO
Ubuntu en AAO
Elvira Martínez
 
Leveraging social-networks-for-results-13338
Leveraging social-networks-for-results-13338Leveraging social-networks-for-results-13338
Leveraging social-networks-for-results-13338
Spreeas
 

Recommended

Staying One Step Ahead with Zero-Day Protection
Staying One Step Ahead with Zero-Day ProtectionStaying One Step Ahead with Zero-Day Protection
Staying One Step Ahead with Zero-Day Protection
MarketingArrowECS_CZ
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
MarketingArrowECS_CZ
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
UC2
 
Making Sense of Threat Reports
Making Sense of Threat ReportsMaking Sense of Threat Reports
Making Sense of Threat Reports
DLT Solutions
 
GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the Cheap
Joel Cardella
 
Mender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io | Securing the Connected Car
Mender.io | Securing the Connected Car
Mender.io
 
Ubuntu en AAO
Ubuntu en AAOUbuntu en AAO
Ubuntu en AAO
Elvira Martínez
 
Leveraging social-networks-for-results-13338
Leveraging social-networks-for-results-13338Leveraging social-networks-for-results-13338
Leveraging social-networks-for-results-13338
Spreeas
 
Virtual Worlds Final Revised
Virtual Worlds Final RevisedVirtual Worlds Final Revised
Virtual Worlds Final Revised
arupert
 
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating ParishesPilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Matthew 13 Catholic Collaborative
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
Naknan Capabilities
Naknan CapabilitiesNaknan Capabilities
Naknan Capabilitiestafinley
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
The Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And DinnerThe Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And Dinner
chevalier96
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
Mahaut Gouhier
 
Hqs abatis hdf general overview
Hqs abatis hdf general overviewHqs abatis hdf general overview
Hqs abatis hdf general overview
Nine23Ltd
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
ImamBahrudin5
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
LibreCon
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
Ron Munitz
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
Chris Nickerson
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Rogue Wave Software
 
Application Software
Application SoftwareApplication Software
Application Software
Dasun Hegoda
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02technext1
 

More Related Content

Viewers also liked

Virtual Worlds Final Revised
Virtual Worlds Final RevisedVirtual Worlds Final Revised
Virtual Worlds Final Revised
arupert
 
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating ParishesPilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Matthew 13 Catholic Collaborative
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
Naknan Capabilities
Naknan CapabilitiesNaknan Capabilities
Naknan Capabilitiestafinley
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
The Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And DinnerThe Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And Dinner
chevalier96
 

Viewers also liked (6)

Virtual Worlds Final Revised
Virtual Worlds Final RevisedVirtual Worlds Final Revised
Virtual Worlds Final Revised
 
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating ParishesPilot New Media: Parish Websites: Best Practices for Collaborating Parishes
Pilot New Media: Parish Websites: Best Practices for Collaborating Parishes
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1
 
Naknan Capabilities
Naknan CapabilitiesNaknan Capabilities
Naknan Capabilities
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
The Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And DinnerThe Duquesne Club 2003 Bordeaux Tasting And Dinner
The Duquesne Club 2003 Bordeaux Tasting And Dinner
 

Similar to Endpoint Security Shifting Paradigms 5

Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
Mahaut Gouhier
 
Hqs abatis hdf general overview
Hqs abatis hdf general overviewHqs abatis hdf general overview
Hqs abatis hdf general overview
Nine23Ltd
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
ImamBahrudin5
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
LibreCon
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
Ron Munitz
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
Chris Nickerson
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Rogue Wave Software
 
Application Software
Application SoftwareApplication Software
Application Software
Dasun Hegoda
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02technext1
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Corporation
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
Jeffrey Reed
 

Similar to Endpoint Security Shifting Paradigms 5 (20)

Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
 
Hqs abatis hdf general overview
Hqs abatis hdf general overviewHqs abatis hdf general overview
Hqs abatis hdf general overview
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Application Software
Application SoftwareApplication Software
Application Software
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber Defense
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 

Endpoint Security Shifting Paradigms 5

  • 1. Endpoint Security Shifting Paradigms
  • 2.
  • 3. Malware Outbreaks Growing • Constant morphing ● Constant attacks ● No target is too small ● Damage to victims goes far beyond money ● Government (and trial lawyers) growing interest ● Everyone is at risk
  • 4. Today's Paradigm ● We know what malware looks like; ● Our users won't accept changes that impact the way they work; ● We can train our users so well they'll never make a mistake; ● And, our techs and SysAdmins; ● With just a little more effort we can deploy all patches to all devices on time every time, without fail; ● We've always used blacklists; they work; ● We're smarter than the bad guys; and, ● We just got breached.
  • 5. A New Paradigm ● We can't recognize everything that's bad; ● Users can accept reasonable changes because they all know an identity-theft victim; ● We can know what is permitted on each computer; ● Whitelisting works because ✔ We now do it at the executable level (executables and shared libraries); ✔ White lists can be updated each time a patch or update is deployed; ✔ White list maintenance is mostly automated; ✔ Whitelisting is augmented with other endpoint controls. ● No matter what kind of malware gets in because of user errors, misconfigurations, or missing patches, it can't execute.
  • 6.
  • 7. Security Assistant ● Stops everything not on white list ● Deploys patches, automates whitelist maintenance ● Audits endpoints by opening each file on all drives ● Semi-NAC ●Console window for every endpoint with schedule-capable commands
  • 8. Full Stop ● Stops everything not on white list ✔ Monitors hard drive writes (including browser cache) ✔ Quarantines if executable/shared library & not on white list ✔ Monitors process starts ✔ Blocks if starting program not on white list ✔ Monitors removable media ✔ Blocks execution if not on white list
  • 9. Integrated Patch/Whitelist Maintenance ● Deploys patches, automates whitelist maintenance ✔ Provisional whitelist includes pre- and post-patch file information, as well as the patch itself; ✔ Post-patch whitelist removes information for pre-patch conditions and the patch; ✔ ADDED VALUE – Endpoint restored to pre-patch restore point is immediately obvious; no more unknown lost patches.
  • 10. Full System Audit Audits endpoints by opening each file on all drives ● ✔ Maps results to FDCC patch requirements Vulnerabilities Identified ✔ Maps results to CVE-type patchable vulnerabilities ✔ Can map to any similar standard or requirement ✔ Shows authorized software Consensus Audit Guidelines Critical Control #2 ✔ Shows unauthorized software ✔ "Click-to-Remove" builds script to remove unwanted files/applications, runs when initiated from GUI
  • 11. Network-Related ● Semi-NAC ✔ Monitor network traffic ✔ Each node "knows" other devices on same subnet ✔ Reports and refuses to communicate with unknown devices on same subnet ✔ Early 2010, not limited to same subnet
  • 12. Command Window ● Window into every node ✔ Do anything you could if you were at the node ✔ Schedule console commands; no commands excepted ✔ Highly secure and very mature interface ✔ Gives complete control of each node, realtime and/or scheduled
  • 13. Critical Infrastructure FERC Critical Infrastructure Protection Requirements -- CIP-007-2 R3. Security Patch Management — establish, document and implement a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter(s). R3.1. document the assessment of security patches and security upgrades R3.2. document the implementation of security patches. R4. Malicious Software Prevention — use anti-virus software and other malicious software (“malware”) prevention [and removal] tools R4.1. implement anti-virus and malware prevention tools. R4.2. implement a process for the update of anti-virus and malware prevention “signatures.” Similar requirements in other CIP documents.
  • 14. Consensus Audit Guidelines ● Critical Control 2: Know all authorized and unauthorized software; enforce whitelist – FULL ● Critical Control 10: Continuous Vulnerability Testing and Remediation – PARTIAL (no H/W configuration checking) ● Critical Control 12: Anti-Malware Defenses – FULL ● Critical Control 15: Data Leakage Protection – PARTIAL (log each USB drive inserted; write-to-removable media can be prevented; block execution of malware which steals data/information)
  • 15. What Makes Us Different? ● Whitelisting with integrated Patch Management, making possible ● Automated whitelist maintenance ● Patch Compliance reporting without false positives (FDCC, CVE, others) ● Event scheduling Shut down apps, change user mode, ● Command console on target node schedule & execute any console command ● Network Access Control Detect/report newcomers on network Each node has its own white list, updated as patches, updates, and applications are deployed. Command console gives you a console window on the target node, and event scheduling lets you schedule any input that the target node's console will accept, as if you were there. Network Access Control discriminates between new authorized and new unauthorized devices, although both are initially unknown.
  • 16. End-User Impacts ● Can't run "non-business" applications ● Can't install off-whitelist software ● Can't download software from the web ● Can't run file-sharing and IM applications ● Can't get infected by web browsing or opening infected email or attachments Once users understand the importance of culture changes, they go along Approved "Add To Whitelist" policy and procedure must be published to all
  • 17. Organization Impacts ● No malware infections ● No patchable vulnerabilities ● No unauthorized software ● "Proof of Compliance" endpoint audits ● More orderly use of IT staff (fewer fire drills) Increased security at all endpoints makes your organization a less attractive target.
  • 18. Demo ● Insert removable media – detected, reported, logged ● Execute file on removable media – blocked, reported, logged ● Copy executable from removable media to hard drive – quarantined, reported, logged ● Browse infected web site (assist malware download as necessary) – download quarantined ● Repeat at other infected web sites – quarantined Shouldn't your organization be so well protected?
  • 19. Naknan Corporate Contacts • Noklek Finley, President & CEO - Doug Finley, Vice President 281-990-0030, Ext. 12 1300-A Bay Area Blvd., Suite 233 Houston, TX 77058 281-990-0030 www.naknan.com Business Development Team: Romani Perera, Business Development Romani_Perera@naknan.com Timi Finley John, Director-Support Services Timi_Finley@naknan.com