Rethinking Your Endpoint Security Strategy
•Download as PPTX, PDF•
0 likes•794 views
The document discusses the need to rethink traditional endpoint security strategies. It notes that the threat landscape has evolved, with intellectual property and sophisticated attacks becoming bigger risks. Traditional antivirus and threat-centric approaches are no longer sufficient. The document recommends implementing a trust-centric, defense-in-depth strategy with integrated technologies to reduce complexity. It emphasizes taking a holistic people, policy and technology approach to endpoint security.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Rethinking Your Endpoint Security Strategy
Similar to Rethinking Your Endpoint Security Strategy (20)
More from Lumension
More from Lumension (20)
Recently uploaded
Recently uploaded (20)
Rethinking Your Endpoint Security Strategy
- 1. RETHINKINGYour Endpoint Security Strategy Paul Henry | Security and Forensics Analyst
- 2. The Threat Landscape has Evolved…
- 3. Shift in Information that is Targeted Market for stolen data is saturated Then - Stolen personally identifiable information sold on the black market for up to $15 per record Now - Credit card data has dropped to about 20 cents per record New, more valuable target is now intellectual property (IP) Revenue-generating information Much larger impact and value – organization versus individuals 3
- 4. Data Breaches Impact Your Bottom Line 4
- 6. Now-PC and 3rd party apps are the biggest source of enterprise risk5
- 8. Rising Cyber Terrorism… Impact of WikiLeaks 7
- 10. Physical access through data ports
- 12. Sony
- 13. Stuxnet
- 14. RSA8
- 15. APT Example… Stuxnet 9
- 17. Social media opens the door to even more risk of social engineering
- 18. The applications we use for productivity open networks and information to risk
- 19. Removable devices provide easy access, data mobility and… risk if not managed* Ponemon Institute, Annual Cost of Data Breach 2011 10
- 20. Security Status Quo is No Longer Effective
- 24. Only19% of new malware is detected on first day
- 25. 50% of IT professionals point to malware as the leading cause of rising endpoint TCO12
- 26. Traditional Endpoint Security Strategy Traditional “Threat Centric” Endpoint Security Is No Longer Relevant “Basic security protection is not good enough.” Rowan Trollope SVP BlacklistingAs The Core Endpoint Protection Volume of Malware “You can’t just rely on antivirus software – and we’re an antivirus company.” George Kurtz Worldwide CTO Zero Day MalwareAs a Service 3rd Party Application Risk 13
- 29. Increasing and costly back-end Integration
- 30. Lack of visibility and collaboration with IT security
- 31. Need for better accuracy
- 32. User access rights (Local Admin)
- 34. Silos and insufficient collaboration between IT and business operations* *Worldwide State of The Endpoint Report 2009 14
- 35. What’s the Impact to Your Business?
- 37. Decreasing visibility – disparate data
- 40. What apps are being used?
- 41. What devices are being used?
- 42. What user actions are concerning?
- 43. How is data being used?17
- 44. Increased Complexity & Risk. Increasing Cost Malware Signatures Increasing Malware Fractured Visibility Complex Technology Endpoint TCO Current Endpoint Security Effectiveness 2007: 250K Monthly Malware Signatures Identified 2011: 2M Monthly Malware Signatures Identified 18
- 45. Traditional Balancing Act 19 security productivity Vs.
- 46. Shift to a New Endpoint Security Approach
- 47. Key Strategies …to improve endpoint security and reduce complexity Rethink Endpoint Security from the Outside In Shift from “Threat-Centric” to “Trust-Centric” Approach Implement Defense-in-Depth Strategy Reduce Complexity through Integration and Standardization People, Policy and Technology Must All Play a Role in Your Strategy 21
- 48. Strategy 1: Rethink Endpoint Security Data has effectively moved away from the data- center to a borderless endpoint Cloud-based Computing Remote Offices & Subsidiaries Mobile Endpoints WAN Internet Start to view your IT security requirements from the outside-in and not the inside-out Corporate HQ Data Center 22
- 49. Strategy 2: Shift to Trust-Centric Security THREAT CENTRIC TRUST CENTRIC
- 50. Strategy 3: Implement Defense-in-Depth 24 Traditional Endpoint Security Defense-in-Depth AntiVirus Device Control Device Control Application Control Application Control BlacklistingAs The Core Patch & Configuration Mgmt. Volume of Malware Zero Day 3rd Party Application Risk MalwareAs a Service
- 52. Reduced integration and maintenance costs
- 54. Holistic endpoint visibilitySingle Console Agile architecture Disparate Architecture Single Promotable Agent Many Agents 25
- 55. All three are dependent on each other for effective and operational endpoint security. Strategy 5: People, Policy and Technology 26 policy technology people
- 56. Summary
- 59. Single console
- 60. Single agent
- 65. Q&AFor more information come visit us at Booth #19 during these show hours:Tuesday, June 2111:45 a.m. – 1:45 p.m.Wednesday, June 22 12:00 p.m. – 1:30 p.m.
- 66. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com
Editor's Notes
- $7.2 million per breach$214 per record
- Vulnerabilities affecting a typical end-user PC from 2007-2009 almost doubled from 220 to 420 and its expected to double again in 2010 (Secunia Half Year Report 2010)A PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. (Secunia Half Year Report 2010)Discover: Gain complete visibility of all IT assets, both managed and unmanaged.Assess: Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.Prioritize: Focus on your most critical security risks first.Remediate: Automatically deploy patches to an entire network per defined policy to support all OS’s and applications.Report: Provide operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
- Stuxnet changed the risk landscapeMulti vector attack routesPhysical entry via USB port4 zero day vulnerabilities exploitedFrom espionage to sabotage50% of IT professionals cite endpoint complexity as #1 risk factor3-5 Consoles used in the day to day management of IT Operations and Security workflows, and 3-6 agents per endpointMalware has increased by 500% and major AV firms are falling behind on documenting known signatures.11M malware signatures identified monthlyNearly 90% of vulnerabilities could be exploited remotely 2.19 new vulnerabilities are released per day. 3Average cost of a data breach $6.75M. 470% of all serious data incidents sparked by an insider. 5
- Core security defense is still blacklistingPatch is someone else’s issue (IT ops)
- 49% of endpoint TCO is associated with security and operational management** Complex system managementDecreased endpoint performance and lack of scalability-Agent BloatCostly integration, and maintenance Limited visibility and collaboration
- The First 6 months of 2010 was the most active malware creation in history: Over 10Million samplesMore than 1.5M malware samples are identified each month.57,000 new malware websites are created every weekObfuscationVirus Trojan-USB MediaDedicated WebsiteSemi Legitimate Web PagesTargeted-Intellectual PropertyOn average AV vendors detect less than 19% of malware attacks*
- Key strategies to improve endpoint security and reduce complexity in the new threat environment.1. Rethink Endpoint Security – to address from the outside in as opposed to inside out. What does this mean? Instead of focusing solely on the datacenter, endpoints, mobile devices, third party apps and users have become the vulnerability points to get at sensitive information.2. Shift from threat based approach to one based on trust. Balances the old axiom of more security equals less productivity to “who do I need to empower and at what level of trust?”3. Depth in defense – no holy grail. No single one technology can address risk.4. Reduce complexity through integration and standardization – that’s the value of the LEMSS platform.5. People, policy and technology all must play into your security strategy. Policy without technology is useless. People without process is chaos. Technology that doesn’t support people is not operational/functional.
- On top of defense-in-depth, time to shift from threat-centric approach to one based on trust….
- Defense in Depth StrategyAddress the core IT Risk with Patch & Configuration ManagementStop unwanted / untrusted change with Application ControlProtect against insider risk Device ControlDeploy a broad defensive perimeter with AntiVirusReduce endpoint complexity with an Endpoint Management and Security Suite
- I have given you sense of the shifts taking place in the endpoint environmenthow we need to change our approach to endpoint management and security what Lumension vision is and the steps we are already taking