The document discusses the evolving challenges and landscape of endpoint security, highlighting the complexity and disjointed management of endpoint security amidst increasing threats, compliance demands, and the consumerization of IT. It underscores the need for improved collaboration between IT operations and security teams, as well as a shift towards a trust-centric approach to protect information flow rather than merely securing devices. Recommendations are made for organizations to adopt integrated security tools and re-evaluate their strategies in light of the changing technology landscape.

1. The Evolving State of the Endpoint: How Will You Cope?

2. Today’s AgendaShift Happens: How the Endpoint Environment Has EvolvedWorldwide State of the Endpoint:Survey ResultsSummary and RecommendationsConclusion and Q & A

3. Today’s PanelistsPage 3C. Edward BriceSVP Worldwide MarketingLumension SecurityPaul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCEDr. Larry PonemonFounderPonemon Institute

4. Shift Happens: How the Endpoint Management and Security Landscape Has Evolved

5. Shift Happens5Today’s endpoint management and security landscape has FUNDAMENTALLYchanged

6. 6Forces Impacting Today's Endpoint EnvironmentNew ThreatLandscapeThe Endpoint ComplianceConsumerization of IT66

7. The New Threat Landscape

8. The Increasing Value of Data8Informationin the 21st Century is the NEW CURRENCY

9. Sophisticated and Targeted Threats9Today We Deal with a Growing Cyber MafiaWell Funded.

10. Well Organized.

11. Financially Motivated.10Rising Insider Risk60%of a company’s employees would take confidential information if they left the organization.Ponemon Institute, 2009

12. 11Data Breach Costs Continue to GrowTotal Economic Impact From Data Loss & Security Breaches Is Estimated at Over$1 Trillion a YearThe cost of recovering from a single data breach now averages$6.6M.20% of customerswill discontinue the relationship immediately and 40% are likely to leave within 6 months.Ponemon Institute 2009, U.S. Costs of a Data BreachNovember 2008, Unsecured Economies Report 2009

13. Consumerization of IT

14. Web 2.0The applications we use today for productivityCollaborative / Browser-based / Open Source13Social Communities, Gadgets,Blogging and Widgets open up our networks to increasing risk everyday.

15. IT’s Role is Changing14IT Must Enable the Use of New TechnologyMajor Shift For IT Security

16. It’s now IT’s job to say YES!Employee provisioned laptop programs lead to greater user satisfaction and reduce total ownership costs up to 44%** Gartner 2008

17. Growing Compliance Burden

18. 16Mounting External Compliance Regulations75% of organizations must comply with two or more regulations and corresponding audits43% of organizations comply with 3 or more regulationsPII Security StandardsSarbanes-Oxley, Section 404PCI Data Security Standards (DSS)PCI Data Security Standards (DSS)Organizations spend 30-50% more on compliance than they shouldBasel IIBasel IISB1386 (CA Privacy Act)SB1386 (CA Privacy Act)SB1386 (CA Privacy Act)USA Patriot ActUSA Patriot ActUSA Patriot ActUSA Patriot ActGramm Leach Bliley (GLBA)Gramm Leach Bliley (GLBA)Gramm Leach Bliley (GLBA)Gramm Leach Bliley (GLBA)Gramm Leach Bliley (GLBA)21CFR1121CFR1121CFR1121CFR1121CFR1121CFR11HIPAAHIPAAHIPAAHIPAAHIPAAHIPAAHIPAAEU DirectiveEU DirectiveEU DirectiveEU DirectiveEU DirectiveEU DirectiveEU DirectiveEU Directive*The Struggle to Manage Security Compliance for Multiple Regulations”. IT Policy GroupTime

19. Worldwide State of The EndpointSurvey Results

20. PonemonInstituteLLCThe Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.

21. The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.

22. Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.

23. The Institute has assembled more than 50 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.18

24. About the studyState of the Endpoint was conducted by Ponemon Institute and sponsored by Lumension to better understand how organizations are responding to the threat of insecure endpoints.We asked respondents in IT operations and IT security to explore what they do to reduce or mitigate the risk of insecure endpoints, including enabling technologies.With input from our sponsor and recommendations for an expert panel of information security leaders, we implemented our study in five countries: United States, United Kingdom, Germany, Australia & New Zealand.19

25. Attributions about endpoint securityEach bar reflects the “strongly agree” and “agree” responses combined20

26. Technologies that affect endpoint securityPercentage “Yes” response21

27. Agents on endpoints and software management consoles22

28. Employee owned mobile data-bearing devicesPercentage “Yes” response23

29. Is your IT network more secure than it was a year ago?Percentage Yes response24

30. Is your IT network more secure than it was a year ago?Analysis by country25

31. The reasons why IT networks are more secure now26

32. The reasons why IT networks are more secure nowAnalysis by country27

33. Does your organization’s IT security budget support business objectives?28

34. Does your organization’s IT security budget support business objectives?Analysis by country29

35. What statement best describes how IT ops & IT security work together?Ponemon Institute© State of the Endpoint30

36. What statement best describes how IT ops and IT security work together?Analysis by country31

37. Difficulties in managing endpoint operations and security32

38. PC life cycle management and integrated endpoint security suite33

39. What features are important in an integrated endpoint management suite?34

40. What are the most important benefits of an integrated endpoint management suite?35

41. Have any of the following incidents happened during the past year?36

42. Which of the following security risks are most important to you in the coming year?37

43. How do regulations affect your organization’s endpoint security?Three statements to choose from38

44. How do regulations affect your organization’s endpoint security?Regulations improve endpoint security, analysis by country39

45. Why does compliance improve your organization’s endpoint security?40

46. Extrapolated values for annual compliance budgetsAnalysis by country41

47. Extrapolated values for annual compliance budgets by size42

48. Estimate that the budget for IT security will increase in FY 2010Analysis by country43

49. Conclusions

50. Summary Insights45Organizations are at risk because:The management of endpoint security appears to be overly complex and often a disjointed set of control activities.

51. Technologies and applications such as cloud computing, Web 2.0, open source software, and virtualization put the endpoint at risk because they create computing environments outside the direct control of the organization.

52. Mobility of the workforce presents a significant security risk because it is hard to enforce policies.

53. With respect to endpoint security, operations and security appear to have different priorities. Summary Insights46Collaboration between operations and security does not occur as frequently as it should, making it difficult to execute an enterprise-wide strategy for endpoint security.

54. In the countries we surveyed, both operations and security approach endpoint management and security from different perspectives. This suggests the possibility of significant challenges for organizations that operate globally.

55. While the risk of insecure endpoints seems to be on the rise, C-level executives may not fully understand and support endpoint management and security efforts. This could result in organizations not allocating appropriate resources to address the rash of problems caused by insecure endpoints.Recommendations

56. As the Landscape Evolves, So Must We48Its Time To BREAKwith the old approachIt’s No Longer RelevantPeople are “The New Perimeter”49Focus is no longer on securing the device but now on the information flow & policy

57. Siloed Roles Must ConvergeEndpoint Management & Security“By 2011, leading enterprise endpoint protection platform (EPP) and PC life cycle management (PCLM) vendors will offer mature integrated security and operations tools. IT organizations should understand the benefits of these tools and develop a strategy for adoption.”Peter FirstbrookGartner Analyst 200950

58. 51The Move to a Trust-Centric ApproachWe need to start thinking differently about IT SecurityIt’s not about the black list or the white list, but the intelligent list

59. We need a trust-centric approach to endpoint protectionQ&A

60. Global Headquarters15880 N. Greenway-Hayden LoopSuite 100Scottsdale, AZ 852601.888.725.7828info@lumension.com