Lumension, profile picture
Uploaded byLumension
PPT, PDF508 views

It's Your Move: The Changing Game of Endpoint Security

The document discusses challenges in modern endpoint security and strategies to address them. It outlines how attackers have changed their tactics to take advantage of outdated defenses. The key moves discussed to regain control include implementing defense-in-depth endpoint security, shifting to trust-based security focused on preventing execution rather than detection, focusing on operational basics like patching and asset management, and managing devices to limit local admin risks and unwanted applications. It also provides an example of how one company addressed their security issues by implementing the Lumension Endpoint Management and Security Suite.

Embed presentation

Downloaded 72 times
It’s Your Move: The Changing Game of Endpoint Security
Today’s Speakers Paul Henry Security & Forensics Analyst MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE Paul Zimski VP of Solution Strategy Lumension Doug Walls CIO EMSolutions Jason Brown Network Engineer EMSolutions
Today’s Agenda How the “Bad Guys” Changed the Rules Key Moves We Can Make to Regain Control Real World IT Security Experience Q&A
How the “Bad Guys” Have Changed the Rules
Current Day Recipe For Disaster Perform below steps 1 to 5. Bait an End User with Spear Phishing Exploit a Vulnerability Download a Back Door Establish a Back Channel Explore and Steal Select another victim. Repeat.
Advanced Persistent Threats Highly skilled Cyber Armies unleashing new Advanced Malware…. While many of these attacks are well organized, they have simply taken advantage of the same old mistakes we’ve been making for years.
Our Flaw Remediation Is Missing The Target Since 2009 the most hacked software was 3rd party apps and browser add-ons like Adobe and Quicktime. Yet we still today focus our attention on patching Microsoft OS/Applications. The bad guys know it… and are taking full advantage
Traditional AV Can No Longer Keep Up More than 73,000 new malware instances every day. Obfuscation has effectively rendered traditional signature based defenses useless. Polymorphic malware that alters its signature with each infection has become commonplace. Our defenses must evolve!
What Did We Expect Was Going To Happen? We are using the same defenses that failed us for the last decade… Focused on the gateway - and we have neglected our endpoints. Focused on blocking the delivery of malware - not preventing its execution. Unless we make a definitive change in our defenses, we can expect the same results…
Next Generation Malware Has Arrived Instead of the infected machine waiting for a connection to be made from outside, the infected machine makes the connection itself. Introduces a new technique of code injection – Flux writes code directly into a host process and executes it there. Circumvents several desktop firewalls and makes it nearly invisible to current anti-malware software. Flux is a new Trojan spreading covertly through the internet.
If a “bad guy” can… Persuade you to run his program on your computer... Alter the operating system on your computer… Gain unrestricted physical access to your computer… Upload programs to your website… Crack your passwords… … it’s not your computer, website or data anymore.
At the End of the Day… It doesn’t matter what attack vector is used… the “bad guys" are trying to install and run code on your machines to gain unauthorized control!
Key Moves We Can Make Against the “Bad Guys” to Regain Control
Implement Defense-in-Depth Endpoint Security Shift from Threat-Centric to Trust-Based Security Focus on the Operational Basics Manage Those Devices Key Moves You Can Make
Strategy 1: Implement Defense-in-Depth Traditional Endpoint Security Defense-N-Depth Blacklisting As The Core Zero Day 3 rd Party Application Risk Malware As a Service Volume of Malware Patch & Configuration Mgmt.
Antivirus will provide some protection against known payloads, and remains a good layer for known malware detection and removal However as attack sophistication and targeting increases, malware becomes less effective as a primary defense Application control is a much better defense to stop unknown payloads from installing Strategy 2: Stop Malware Payloads
What is Application Whitelisting? Malware Applications Authorized Operating Systems Business Software Known Viruses Worms Trojans Unauthorized Games iTunes Shareware Unlicensed S/W Unknown Viruses Worms Trojans Keyloggers Spyware Un-Trusted
Trust-Based Security
Flexible Trust Trusted Publisher Authorizes applications based on the vendor that “published” them through the digital signing certificate. Trusted Updater Authorizes select systems management solutions to “update” software, patches and custom remediations, while automatically updating them to the whitelist. Trusted Path Authorizes applications to run based on their location. Local Authorization Allows end-users to locally authorize applications which have not been otherwise trusted by the whitelist or any other trust rules.
Strategy 3: Focus on the Operational Basics Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010 Assess Prioritize Remediate Repeat Identify all IT assets (including platforms, operating systems, applications, network services) Monitor external sources for vulnerabilities, threats and intelligence regarding remediation Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations Maintain an inventory of IT assets Maintain a database of remediation intelligence Prioritize the order of remediation as a function of risk, compliance, audit and business value Model / stage / test remediation before deployment Deploy remediation (automated, or manually) Train administrators and end-users in vulnerability management best practices Scan to verify success of previous remediation Report for audit and compliance Continue to assess, prioritize and remediate
Rethink Your Patch Strategy Source: 1 - SANS Institute The top security priority is “patching client-side software” 1 Streamline patch management and reporting across OS’s AND applications Patch and defend is not just a Microsoft issue More than 2/3 of today’s vulnerabilities come from non-Microsoft applications
Stop Unwanted Applications Immediate and simple risk mitigation Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
Reduce Local Administrator Risk Limit Local Admin Usage Monitor and Control existing Local Admins
Strategy 4: Manage those Devices
Real World IT Security Experience
EMSolutions Headquartered in Arlington, VA Established in May 2000 Four Satellite Offices Systems Engineering, Information Technology and Information Assurance, Science and Advanced Technology Solutions, and Modeling and Simulation for Government Organizations
IT Security Challenges Control use of removable devices on customer network Monitor and control data entering and leaving network Audit any and all use of peripherals and media introduced to the network Protect dedicated infrastructure that supports unclassified and corporate work Ensure constant uptime of hot desks Limit risk from local admin users Prevent execution of unwanted and malicious apps Current AV solution was not effective in preventing the issues
Addressing the Challenge Implemented Lumension ® Endpoint Management and Security Suite (L.E.M.S.S.) Easy process to install, set up and maintain the application whitelist with all currently used corporate OSes and software Shifted from another antivirus provider to the AV module within L.E.M.S.S. Educated users about potential external threats and internal problems that could arise from lack of precaution
Results Improved Security Eliminated malware outbreaks More robust patch management Improved User Productivity Optimized performance of end user PCs Reduced IT help desk calls/complaints from users regarding malware-related PC issues Improved IT Productivity Visibility into endpoints, apps and configurations Minimized time required for endpoint maintenance and user education Reduced admin burden by managing one solution
Q&A
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 [email_address] http://blog.lumension.com

More Related Content

PPTX
Vulnerability Assessment
byprimeteacher32
 
PPTX
Why Patch Management is Still the Best First Line of Defense
byLumension
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
PPTX
Vulnerability Assessment Presentation
byLionel Medina
 
PPT
Key Strategies to Address Rising Application Risk in Your Enterprise
byLumension
 
PDF
Vulnerability Malware And Risk
byChandrashekhar B
 
PDF
Vulnerability , Malware and Risk
bySecPod Technologies
 
PPTX
Enterprise Class Vulnerability Management Like A Boss
byrbrockway
 
Vulnerability Assessment
byprimeteacher32
 
Why Patch Management is Still the Best First Line of Defense
byLumension
 
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
Vulnerability Assessment Presentation
byLionel Medina
 
Key Strategies to Address Rising Application Risk in Your Enterprise
byLumension
 
Vulnerability Malware And Risk
byChandrashekhar B
 
Vulnerability , Malware and Risk
bySecPod Technologies
 
Enterprise Class Vulnerability Management Like A Boss
byrbrockway
 

What's hot

PPTX
Application Whitelisting - Complementing Threat centric with Trust centric se...
byOsama Salah
 
PDF
OSB130 Patch Management Best Practices
byIvanti
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPTX
Web Application Vulnerability Management
byjpubal
 
PDF
Vulnerability Management
byasherad
 
PDF
Vulnerability Management Program
byDennis Chaupis
 
PPTX
Vulnerability Assessment & Analysis (VAA) Overview
bySusan Rantall
 
PPT
The Role of Application Control in a Zero-Day Reality
byLumension
 
PPTX
Software Vulnerability management
byKishor Datta Gupta
 
PPT
Redefining Endpoint Security
byBurak DAYIOGLU
 
PPTX
Six Steps to SIEM Success
byAlienVault
 
PPTX
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
PPT
Planning and Deploying an Effective Vulnerability Management Program
bySasha Nunke
 
PDF
Is Your Vulnerability Management Program Keeping Pace With Risks?
bySkybox Security
 
PPTX
Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava
byPeter Gubarevich
 
PDF
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
byBeyondTrust
 
PPTX
Vulnerability management today and tomorrow
byJonathan Sinclair
 
PDF
Enterprise Vulnerability Management: Back to Basics
byDamon Small
 
PPT
Info Security - Vulnerability Assessment
byMarcelo Silva
 
PDF
Is Your Vulnerability Management Program Irrelevant?
bySkybox Security
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
byOsama Salah
 
OSB130 Patch Management Best Practices
byIvanti
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Web Application Vulnerability Management
byjpubal
 
Vulnerability Management
byasherad
 
Vulnerability Management Program
byDennis Chaupis
 
Vulnerability Assessment & Analysis (VAA) Overview
bySusan Rantall
 
The Role of Application Control in a Zero-Day Reality
byLumension
 
Software Vulnerability management
byKishor Datta Gupta
 
Redefining Endpoint Security
byBurak DAYIOGLU
 
Six Steps to SIEM Success
byAlienVault
 
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
Planning and Deploying an Effective Vulnerability Management Program
bySasha Nunke
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
bySkybox Security
 
Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava
byPeter Gubarevich
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
byBeyondTrust
 
Vulnerability management today and tomorrow
byJonathan Sinclair
 
Enterprise Vulnerability Management: Back to Basics
byDamon Small
 
Info Security - Vulnerability Assessment
byMarcelo Silva
 
Is Your Vulnerability Management Program Irrelevant?
bySkybox Security
 

Similar to It's Your Move: The Changing Game of Endpoint Security

PPTX
Microsoft Defender para ponto de extremidade
byleotcerveira
 
PDF
SentinelOne Buyers Guide
byExclusive Networks ME
 
PPT
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
byLumension
 
PPTX
Endpoint Protection
bySophos
 
PPT
Paul Henry’s 2011 Malware Trends
byLumension
 
PPT
How to improve endpoint security on a SMB budget
byLumension
 
PPTX
Prevent Getting Hacked by Using a Network Vulnerability Scanner
byGFI Software
 
PPTX
Protecting Windows Networks From Malware
byRishu Mehra
 
PPTX
Protecting Windows Networks From Malware 31 Jan09
bytechnext1
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PDF
Session 1: Windows 8 with Gerry Tessier
byCTE Solutions Inc.
 
PPT
Volume And Vectors 090416
byAnthony Arrott
 
PDF
Declaration of malWARe
byScott Sutherland
 
PPTX
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
byLumension
 
PPTX
Practical Defense
bySean Whalen
 
PDF
20090106c Presentation Custom
bygkelley
 
PPTX
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
byAdrian Sanabria
 
PDF
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
byAndris Soroka
 
PPTX
8 Threats Your Anti-Virus Won't Stop
bySophos
 
PPTX
Effectively Utilizing LEMSS: Top 11 Security Capabilities You Can Implement T...
byLumension
 
Microsoft Defender para ponto de extremidade
byleotcerveira
 
SentinelOne Buyers Guide
byExclusive Networks ME
 
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
byLumension
 
Endpoint Protection
bySophos
 
Paul Henry’s 2011 Malware Trends
byLumension
 
How to improve endpoint security on a SMB budget
byLumension
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
byGFI Software
 
Protecting Windows Networks From Malware
byRishu Mehra
 
Protecting Windows Networks From Malware 31 Jan09
bytechnext1
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Session 1: Windows 8 with Gerry Tessier
byCTE Solutions Inc.
 
Volume And Vectors 090416
byAnthony Arrott
 
Declaration of malWARe
byScott Sutherland
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
byLumension
 
Practical Defense
bySean Whalen
 
20090106c Presentation Custom
bygkelley
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
byAdrian Sanabria
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
byAndris Soroka
 
8 Threats Your Anti-Virus Won't Stop
bySophos
 
Effectively Utilizing LEMSS: Top 11 Security Capabilities You Can Implement T...
byLumension
 

More from Lumension

PPTX
Adobe Hacked Again: What Does It Mean for You?
byLumension
 
PPTX
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
byLumension
 
PPTX
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
byLumension
 
PPTX
Careto: Unmasking a New Level in APT-ware
byLumension
 
PPTX
APTs: The State of Server Side Risk and Steps to Minimize Risk
byLumension
 
PPTX
2014 Ultimate Buyers Guide to Endpoint Security Solutions
byLumension
 
PPTX
Real World Defense Strategies for Targeted Endpoint Threats
byLumension
 
PPTX
2015 Endpoint and Mobile Security Buyers Guide
byLumension
 
PPTX
Java Insecurity: How to Deal with the Constant Vulnerabilities
byLumension
 
PPTX
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
byLumension
 
PDF
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
byLumension
 
PPTX
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
byLumension
 
PPTX
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
byLumension
 
PPTX
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
byLumension
 
PPTX
2014 Data Protection Maturity Survey: Results and Analysis
byLumension
 
PDF
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
byLumension
 
PPTX
3 Executive Strategies to Reduce Your IT Risk
byLumension
 
PPTX
2014 BYOD and Mobile Security Survey Preliminary Results
byLumension
 
PPTX
Data Protection Rules are Changing: What Can You Do to Prepare?
byLumension
 
PPTX
BYOD & Mobile Security: How to Respond to the Security Risks
byLumension
 
Adobe Hacked Again: What Does It Mean for You?
byLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
byLumension
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
byLumension
 
Careto: Unmasking a New Level in APT-ware
byLumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
byLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
byLumension
 
Real World Defense Strategies for Targeted Endpoint Threats
byLumension
 
2015 Endpoint and Mobile Security Buyers Guide
byLumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
byLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
byLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
byLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
byLumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
byLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
byLumension
 
2014 Data Protection Maturity Survey: Results and Analysis
byLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
byLumension
 
3 Executive Strategies to Reduce Your IT Risk
byLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
byLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
byLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
byLumension
 

Recently uploaded

PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
December Patch Tuesday
byIvanti
 
DOCX
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
December Patch Tuesday
byIvanti
 
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
The year in review - MarvelClient in 2025
bypanagenda
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 

It's Your Move: The Changing Game of Endpoint Security

  • 1.
    It’s Your Move:The Changing Game of Endpoint Security
  • 2.
    Today’s Speakers PaulHenry Security & Forensics Analyst MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE Paul Zimski VP of Solution Strategy Lumension Doug Walls CIO EMSolutions Jason Brown Network Engineer EMSolutions
  • 3.
    Today’s Agenda Howthe “Bad Guys” Changed the Rules Key Moves We Can Make to Regain Control Real World IT Security Experience Q&A
  • 4.
    How the “BadGuys” Have Changed the Rules
  • 5.
    Current Day RecipeFor Disaster Perform below steps 1 to 5. Bait an End User with Spear Phishing Exploit a Vulnerability Download a Back Door Establish a Back Channel Explore and Steal Select another victim. Repeat.
  • 6.
    Advanced Persistent ThreatsHighly skilled Cyber Armies unleashing new Advanced Malware…. While many of these attacks are well organized, they have simply taken advantage of the same old mistakes we’ve been making for years.
  • 7.
    Our Flaw RemediationIs Missing The Target Since 2009 the most hacked software was 3rd party apps and browser add-ons like Adobe and Quicktime. Yet we still today focus our attention on patching Microsoft OS/Applications. The bad guys know it… and are taking full advantage
  • 8.
    Traditional AV CanNo Longer Keep Up More than 73,000 new malware instances every day. Obfuscation has effectively rendered traditional signature based defenses useless. Polymorphic malware that alters its signature with each infection has become commonplace. Our defenses must evolve!
  • 9.
    What Did WeExpect Was Going To Happen? We are using the same defenses that failed us for the last decade… Focused on the gateway - and we have neglected our endpoints. Focused on blocking the delivery of malware - not preventing its execution. Unless we make a definitive change in our defenses, we can expect the same results…
  • 10.
    Next Generation MalwareHas Arrived Instead of the infected machine waiting for a connection to be made from outside, the infected machine makes the connection itself. Introduces a new technique of code injection – Flux writes code directly into a host process and executes it there. Circumvents several desktop firewalls and makes it nearly invisible to current anti-malware software. Flux is a new Trojan spreading covertly through the internet.
  • 11.
    If a “badguy” can… Persuade you to run his program on your computer... Alter the operating system on your computer… Gain unrestricted physical access to your computer… Upload programs to your website… Crack your passwords… … it’s not your computer, website or data anymore.
  • 12.
    At the Endof the Day… It doesn’t matter what attack vector is used… the “bad guys" are trying to install and run code on your machines to gain unauthorized control!
  • 13.
    Key Moves WeCan Make Against the “Bad Guys” to Regain Control
  • 14.
    Implement Defense-in-Depth EndpointSecurity Shift from Threat-Centric to Trust-Based Security Focus on the Operational Basics Manage Those Devices Key Moves You Can Make
  • 15.
    Strategy 1: ImplementDefense-in-Depth Traditional Endpoint Security Defense-N-Depth Blacklisting As The Core Zero Day 3 rd Party Application Risk Malware As a Service Volume of Malware Patch & Configuration Mgmt.
  • 16.
    Antivirus will providesome protection against known payloads, and remains a good layer for known malware detection and removal However as attack sophistication and targeting increases, malware becomes less effective as a primary defense Application control is a much better defense to stop unknown payloads from installing Strategy 2: Stop Malware Payloads
  • 17.
    What is ApplicationWhitelisting? Malware Applications Authorized Operating Systems Business Software Known Viruses Worms Trojans Unauthorized Games iTunes Shareware Unlicensed S/W Unknown Viruses Worms Trojans Keyloggers Spyware Un-Trusted
  • 18.
  • 19.
    Flexible Trust Trusted Publisher Authorizes applications based on the vendor that “published” them through the digital signing certificate. Trusted Updater Authorizes select systems management solutions to “update” software, patches and custom remediations, while automatically updating them to the whitelist. Trusted Path Authorizes applications to run based on their location. Local Authorization Allows end-users to locally authorize applications which have not been otherwise trusted by the whitelist or any other trust rules.
  • 20.
    Strategy 3: Focuson the Operational Basics Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010 Assess Prioritize Remediate Repeat Identify all IT assets (including platforms, operating systems, applications, network services) Monitor external sources for vulnerabilities, threats and intelligence regarding remediation Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations Maintain an inventory of IT assets Maintain a database of remediation intelligence Prioritize the order of remediation as a function of risk, compliance, audit and business value Model / stage / test remediation before deployment Deploy remediation (automated, or manually) Train administrators and end-users in vulnerability management best practices Scan to verify success of previous remediation Report for audit and compliance Continue to assess, prioritize and remediate
  • 21.
    Rethink Your PatchStrategy Source: 1 - SANS Institute The top security priority is “patching client-side software” 1 Streamline patch management and reporting across OS’s AND applications Patch and defend is not just a Microsoft issue More than 2/3 of today’s vulnerabilities come from non-Microsoft applications
  • 22.
    Stop Unwanted ApplicationsImmediate and simple risk mitigation Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
  • 23.
    Reduce Local AdministratorRisk Limit Local Admin Usage Monitor and Control existing Local Admins
  • 24.
    Strategy 4: Managethose Devices
  • 25.
    Real World ITSecurity Experience
  • 26.
    EMSolutions Headquartered inArlington, VA Established in May 2000 Four Satellite Offices Systems Engineering, Information Technology and Information Assurance, Science and Advanced Technology Solutions, and Modeling and Simulation for Government Organizations
  • 27.
    IT Security ChallengesControl use of removable devices on customer network Monitor and control data entering and leaving network Audit any and all use of peripherals and media introduced to the network Protect dedicated infrastructure that supports unclassified and corporate work Ensure constant uptime of hot desks Limit risk from local admin users Prevent execution of unwanted and malicious apps Current AV solution was not effective in preventing the issues
  • 28.
    Addressing the ChallengeImplemented Lumension ® Endpoint Management and Security Suite (L.E.M.S.S.) Easy process to install, set up and maintain the application whitelist with all currently used corporate OSes and software Shifted from another antivirus provider to the AV module within L.E.M.S.S. Educated users about potential external threats and internal problems that could arise from lack of precaution
  • 29.
    Results Improved SecurityEliminated malware outbreaks More robust patch management Improved User Productivity Optimized performance of end user PCs Reduced IT help desk calls/complaints from users regarding malware-related PC issues Improved IT Productivity Visibility into endpoints, apps and configurations Minimized time required for endpoint maintenance and user education Reduced admin burden by managing one solution
  • 30.
  • 31.
    Global Headquarters 8660East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 [email_address] http://blog.lumension.com

Editor's Notes

  • #4 © Copyright 2008 - Lumension Security
  • #16 Defense in Depth Strategy Address the core IT Risk with Patch & Configuration Management Stop unwanted / untrusted change with Application Control Protect against insider risk Device Control Deploy a broad defensive perimeter with AntiVirus Reduce endpoint complexity with an Endpoint Management and Security Suite
  • #17 Most overflows result in a system crash Occasionally, a vulnerability is discovered that allows the “overflowed” code to be executed That execution typically escapes any established security controls Because buffers are small and these attacks are difficult, many overflows attacks will try to download a more substantial payload
  • #18 Application control or whitelisting provides a new layer in the foundation for endpoint protection. Whitelisting is about identifying the known good and by default not letting anything other than what’s on the whitelist from executing. Simply put, any executable – whether a business application, a video driver, or a web browser plug-in – not specified on the whitelist cannot load and run. It’s the most effective security layer as its prevents execution in the kernel.
  • #19 On top of defense-in-depth, time to shift from threat-centric approach to one based on trust….
  • #20 Trust Engine Challenge . Organizations need an automated method by which to determine whether or not to allow changes to the code running on their network assets, particularly the endpoints, in order to make the promise of application whitelisting operationally feasible. Without this, changes to the whitelist had to be made manually and oftentimes without any basis. The challenge is to implement a process by which changes can be automatically vetted and installed on network assets. Feature . LEMSS:AC allows any number of trust policies to be created and implemented which will automate the process of assessing the security and desirability of changes to programs running on network assets; these trust mechanisms allow for the automated or user-driven changes to the “known good” whitelist required in dynamic environments such as desktops and laptops without completely surrendering control over these changes. These trust mechanisms include: Trusted Publisher , Trusted Updater , Trusted Path , and Local Authorization . Benefit . This permits the organization to provide the higher level of security against malware and other undesirable programs available from a whitelisting / “default deny” approach without the additional administrative burden sometimes associated with it. Some specific examples of how the Trust Engine might help operationalize whitelisting in a real IT network with dynamic environments such as desktops or laptops include: Trusted Publisher (i.e., from a known good vendor with a signed certificate) – the organization may have whitelisted a specific Microsoft Operating System (OS) and applications (e.g., Word, Excel and Powerpoint) but finds that some users may want to add certain OS capabilities (such as additional drivers) or applications (such as Visio) from Microsoft; by implementing a policy which permits changes to the whitelist when those changes are accompanied by a valid, signed certificate from Microsoft, these changes could be made “on the fly” by the end user without additional work for the system administrators. Trusted Updater (i.e., from a known good process which updates existing software) – the organization may be using an automated patching solution (such as Lumension Patch and Remediation) or have certain continuously updated programs (such as WebEx) on their whitelist. Here again, by implementing a policy which permits changes to the whitelist when those changes are made by these specific programs, these changes could be made automatically without adding to the administrative burden. Trusted Path (i.e., from a known good location, generally inside the network) – it is not uncommon for IT administrators to create a library of known good applications, which is used when installing or updating an endpoint; organizations might want to restrict all endpoint changes to only those which come from this “source repository.” By creating / using a trusted path policy (and carefully controlling access to this “source repository”), the whitelist can be updated as changes are made in the library of known good applications. Local Authorization (i.e., allow specific users to self-authorize applications) – in some cases, an organization might allow specific users to augment the whitelist of known good applications under their own say-so, be they administrators or even end users; for instance, perhaps a “well known” salesman is on a customer call and needs to update her machine to allow her presentation to work on the customer’s equipment. This trust mechanism provides a way to permit these ad hoc changes while providing the traceability and control needed to ensure that, should they prove unwise, they can be reversed.
  • #22 Vulnerabilities affecting a typical end-user PC from 2007-2009 almost doubled from 220 to 420 and its expected to double again in 2010 (Secunia Half Year Report 2010) A PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. ( Secunia Half Year Report 2010) Discover: Gain complete visibility of all IT assets, both managed and unmanaged. Assess: Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments. Prioritize: Focus on your most critical security risks first. Remediate: Automatically deploy patches to an entire network per defined policy to support all OS’s and applications. Report: Provide operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
  • #25 Using Lumension Device Control, you can mitigate these insider risks by: Enforcing a device and media access policy on your endpoints which won’t impede the productivity of the business Enforcing a data encryption policy for removable storage devices and media to protect that valuable data when is copied off of your endpoints, and by -Monitoring what’s happening in your environment; You can manage and report on all endpoint activity in your organization