The document discusses the need to rethink traditional endpoint security strategies. It notes that the threat landscape has evolved, with intellectual property and sophisticated attacks becoming bigger risks. Traditional antivirus and threat-centric approaches are no longer sufficient. The document recommends implementing a trust-centric, defense-in-depth strategy with integrated technologies to reduce complexity. It emphasizes taking a holistic people, policy and technology approach to endpoint security.
3. Shift in Information that is Targeted Market for stolen data is saturated Then - Stolen personally identifiable information sold on the black market for up to $15 per record Now - Credit card data has dropped to about 20 cents per record New, more valuable target is now intellectual property (IP) Revenue-generating information Much larger impact and value – organization versus individuals 3
25. 50% of IT professionals point to malware as the leading cause of rising endpoint TCO12
26. Traditional Endpoint Security Strategy Traditional “Threat Centric” Endpoint Security Is No Longer Relevant “Basic security protection is not good enough.” Rowan Trollope SVP BlacklistingAs The Core Endpoint Protection Volume of Malware “You can’t just rely on antivirus software – and we’re an antivirus company.” George Kurtz Worldwide CTO Zero Day MalwareAs a Service 3rd Party Application Risk 13
47. Key Strategies …to improve endpoint security and reduce complexity Rethink Endpoint Security from the Outside In Shift from “Threat-Centric” to “Trust-Centric” Approach Implement Defense-in-Depth Strategy Reduce Complexity through Integration and Standardization People, Policy and Technology Must All Play a Role in Your Strategy 21
48. Strategy 1: Rethink Endpoint Security Data has effectively moved away from the data- center to a borderless endpoint Cloud-based Computing Remote Offices & Subsidiaries Mobile Endpoints WAN Internet Start to view your IT security requirements from the outside-in and not the inside-out Corporate HQ Data Center 22
50. Strategy 3: Implement Defense-in-Depth 24 Traditional Endpoint Security Defense-in-Depth AntiVirus Device Control Device Control Application Control Application Control BlacklistingAs The Core Patch & Configuration Mgmt. Volume of Malware Zero Day 3rd Party Application Risk MalwareAs a Service
55. All three are dependent on each other for effective and operational endpoint security. Strategy 5: People, Policy and Technology 26 policy technology people
65. Q&AFor more information come visit us at Booth #19 during these show hours:Tuesday, June 2111:45 a.m. – 1:45 p.m.Wednesday, June 22 12:00 p.m. – 1:30 p.m.
66. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com
Editor's Notes
$7.2 million per breach$214 per record
Vulnerabilities affecting a typical end-user PC from 2007-2009 almost doubled from 220 to 420 and its expected to double again in 2010 (Secunia Half Year Report 2010)A PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. (Secunia Half Year Report 2010)Discover: Gain complete visibility of all IT assets, both managed and unmanaged.Assess: Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.Prioritize: Focus on your most critical security risks first.Remediate: Automatically deploy patches to an entire network per defined policy to support all OS’s and applications.Report: Provide operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
Stuxnet changed the risk landscapeMulti vector attack routesPhysical entry via USB port4 zero day vulnerabilities exploitedFrom espionage to sabotage50% of IT professionals cite endpoint complexity as #1 risk factor3-5 Consoles used in the day to day management of IT Operations and Security workflows, and 3-6 agents per endpointMalware has increased by 500% and major AV firms are falling behind on documenting known signatures.11M malware signatures identified monthlyNearly 90% of vulnerabilities could be exploited remotely 2.19 new vulnerabilities are released per day. 3Average cost of a data breach $6.75M. 470% of all serious data incidents sparked by an insider. 5
Core security defense is still blacklistingPatch is someone else’s issue (IT ops)
49% of endpoint TCO is associated with security and operational management** Complex system managementDecreased endpoint performance and lack of scalability-Agent BloatCostly integration, and maintenance Limited visibility and collaboration
The First 6 months of 2010 was the most active malware creation in history: Over 10Million samplesMore than 1.5M malware samples are identified each month.57,000 new malware websites are created every weekObfuscationVirus Trojan-USB MediaDedicated WebsiteSemi Legitimate Web PagesTargeted-Intellectual PropertyOn average AV vendors detect less than 19% of malware attacks*
Key strategies to improve endpoint security and reduce complexity in the new threat environment.1. Rethink Endpoint Security – to address from the outside in as opposed to inside out. What does this mean? Instead of focusing solely on the datacenter, endpoints, mobile devices, third party apps and users have become the vulnerability points to get at sensitive information.2. Shift from threat based approach to one based on trust. Balances the old axiom of more security equals less productivity to “who do I need to empower and at what level of trust?”3. Depth in defense – no holy grail. No single one technology can address risk.4. Reduce complexity through integration and standardization – that’s the value of the LEMSS platform.5. People, policy and technology all must play into your security strategy. Policy without technology is useless. People without process is chaos. Technology that doesn’t support people is not operational/functional.
On top of defense-in-depth, time to shift from threat-centric approach to one based on trust….
Defense in Depth StrategyAddress the core IT Risk with Patch & Configuration ManagementStop unwanted / untrusted change with Application ControlProtect against insider risk Device ControlDeploy a broad defensive perimeter with AntiVirusReduce endpoint complexity with an Endpoint Management and Security Suite
I have given you sense of the shifts taking place in the endpoint environmenthow we need to change our approach to endpoint management and security what Lumension vision is and the steps we are already taking