SlideShare a Scribd company logo

Secure Trustworthy Enterprise

D
DMIMarketing
1 of 8
Download to read offline
INNOVATIVE START ON THE PATH TO A MORE SECURE, TRUSTWORTHY ENTERPRISE Practical Trusted Computing Solutions You Can Deploy Today How can you defend against the onslaught of attacks on your computers and networks? How can you be sure your critical data is safe? Malware and software-based attacks are a grave threat that traditional defenses can no longer counter. But trusted computing technologies can change the game—offering enterprise IT managers the confidence that their computers and networks will behave properly and are free from malware. Trusted computing solutions ensure trust by building in security from the ground up. Trusted systems start with a hardware-based “root of trust”, such as the Trusted Platform Module (TPM), that is safe from malware infection, and then build on that trust to verify the security of software that is running on the machine. INNOVATIVE START TOWARD A SECURE, 1 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today While trusted computing is widely understood to theoretically provide new and powerful foundational security capabilities, the full promise of trusted computing has not yet been realized. Computers and networks remain vulnerable, and the vision of using the TPM to measure everything running on your systems and protect access to your critical data and resources is not yet a reality. So, should we wait for trusted computing to be able to do everything before beginning to use it? Of course not. Trusted computing can address several common cybersecurity challenges that your organization faces right now. As the grand vision is being worked on, many trusted computing technologies have sprung up to advance everyday security. The hardware foundations for trusted computing are already widely available. The TPM has shipped on about a half a billion systems and continues to ship in large quantities. Companies like Intel and AMD are building complementary technologies into their chipsets to improve the utilization of the TPM and improve virtualization security. Microsoft recently revealed some details about how the TPM and other trusted computing technologies will be better utilized in Windows 8 than in any previous Windows release. Self-encrypting hard drives (SEDs), particularly those based on the Trusted Computing Group (TCG)’s Opal standard, are now widely available. And many more solutions that combine biometrics, smart cards and TPMs are popping up all the time. INNOVATIVE START TOWARD A SECURE, 2 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today The Emergence of the Extended Enterprise Operations Center (EEOC) Before we examine specific solutions, let’s define the characteristics of a solution that would be worth deploying: First, the solution must provide a real security benefit today. If it doesn’t do that, what’s the point? Next, it has to fit into the enterprise infrastructure. A great technology is only useful if it can be used in a way that allows it to fit in with all the rest of the solutions we need and already use. Any solution also has to be economical. It’s difficult to measure the return on investment (ROI) on a security technology, because you are usually measuring by trying to quantify the value of ensuring some unknown future bad thing doesn’t happen. So, the price has to be right and the benefit has to be tangible. Lastly, of course, any solution we’re interested in has to be easy to use or it might not get used at all. There are, in fact, a number of practical trusted computing solutions available today that meet the above criteria. These include solutions that provide secure network access control, trusted configuration management, data-at-rest protection, machine identification, real-time health checks and more. Three key solution areas in particular are worth exploring in more depth: local protection of keys using the TPM, secure network management and health checking using Trusted Network Connect (TNC) and encryption of your data-at-rest using SEDs or hardened software solutions. INNOVATIVE START TOWARD A SECURE, 3 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today TPM Let’s start with the TPM. You’ve almost certainly got them on your enterprise machines, even if you don’t know it. While the infrastructure is not in place yet to use the TPM to enforce comprehensive security policies based on measurements of your software, the TPM does provide a convenient place to protect critical secrets on your platform. The most widely used solution that leverages the TPM is Microsoft’s BitLocker hard drive encryption. BitLocker comes standard on certain versions of Microsoft’s Vista and Windows 7 Operating Systems (OS) and will be available with the new Windows 8 OS. The TPM is used to protect the BitLocker encryption key when the machine is powered off and it will only release the key if the correct password is entered and the pre-boot software has not been modified. This ensures that no pre-OS root-kits are installed and if you’ve lost your machine, an attacker can’t just boot into their favorite OS and steal your data. It’s also easy to leverage the TPM to protect your VPN keys and secure other user authentication solutions. PC-based solutions from companies like Wave Systems and Infineon, many of which are part of the standard software packages that ship with commercial PCs, enable you to use the TPM to protect the keys for any number of commercially available security solutions without modification to those software packages. You just run the TPM software and you are protected from many software-based attacks on your keys. And while the commercial solutions for using the TPM for “machine identity” aren’t mainstream yet, you should be on the lookout for these solutions soon. Technically viable solutions are available now, but the concept of machine identity has not yet become common enterprise security parlance. When you authenticate to your network using a VPN, for instance, you prove that you know some user password and you might prove that you also have the right VPN key on your machine, but you don’t identify which machine you have. Because malware can be used to steal both your passwords and your software-based keys, an attacker can compromise a VPN using a different machine, without detection. However, if you add a network access policy that your machine has to be identified as well, you’ve created another barrier to entry, so the attacker can’t penetrate your network using a machine that isn’t already known to the network. INNOVATIVE START TOWARD A SECURE, 4 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today TNC Trusted Network Connect provides a great framework for enforcing your own preferred security policies for managing access to your networks. In earlier instantiations of network access control solutions, endpoint health was checked only when the endpoint asked to join the network. With TNC, health checks can be performed continuously to dynamically respond to changes in endpoint status or network requirements. The interesting thing about the name TNC is that there is nothing inherently trusted about the protocol—it just provides a common framework for security checks on client machines. The trusted part comes in if you use the TPM or some other check that gives you assurance about the machines that are connecting. But the fact that you don’t have to use TPM or any other specific technology is one of the big reasons why you should use TNC. TNC allows you to leverage the security benefits from any vendor that provides TNC compatible solutions and there are a lot of vendors that do it. With TNC- based products like Juniper’s Unified Access Control (UAC), you can gate network access based on the version and operational state of your software such as your Microsoft OS, or your Symantec or McAfee anti-virus solution. Access can also be blocked if certain banned software packages are running. By performing periodic health checks, you can catch changes to network-attached computers in real-time and proactively protect your network. One of the major benefits of TNC is that it enables you to gradually enhance trust over time. You can integrate TNC first and then add new capabilities. Verification of machine identity using the TPM could be required to gain access, or access could be based on any of a variety of other TNC- enabled security checks. A number of vendors have recently integrated TNC into their products and incorporated a variety of security capabilities into the shared TNC framework. One technology that helps with this integration is TNC’s Interface for Metadata Access Points (IF-MAP), which is implemented in products like Infoblox’s IF-MAP Orchestration Server. You could think of IF-MAP as Facebook for applications. People use Facebook to keep track of what is happening in the lives of their friends. IF-MAP makes it possible for interested applications to keep track of one another in the same way. When an event occurs to an application, it can post information about it to IF-MAP. Applications that subscribe to news from the poster are automatically informed of the update, and they may react to it as a result. This creates an unprecedented opportunity to connect third party software packages to automate network threat detection and response. Examples of security products that integrate with TNC and/or IF-MAP include Lumeta’s IPSonar product, which looks at network configuration and detects leaks, Hirsch Electronics’ Velocity Security Management System, which combines physical building access control and network access control, Great Bay’s Beacon Endpoint, which addresses problems like discovery—locating, identifying and inventorying all of the endpoints in the network and Triumfant’s Resolution Manager, which continuously monitors machine health and identifies and potentially repairs malware. Finally, integrating TPM certificates for device authentication with products from companies like Wave Systems enables a more trusted overall network security solution. INNOVATIVE START TOWARD A SECURE, 5 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today SEDs Perhaps the easiest trusted computing solution to deploy is self-encrypting drives—drives with built-in hardware-based encryption engines to encrypt data written to the drive. SEDs are transparent to the user under normal circumstances. If you buy an SED off-the-shelf, it will work seamlessly with whatever system you have. And there is an easy business justification for spending a little extra on an SED: it provides you an easy mechanism for meeting data protection compliance requirements. Ironically, SEDs also speed up your machine because the machine’s CPU is no longer responsible for encrypting or decrypting data with every read and write action. If you get an SED that is compatible with the TCG’s Opal standard, you also get standardized, flexible, easy-to-use management capabilities. You can use products from vendors like WinMagic and Wave Systems to set up access control policies for your SED. Then it is straightforward to manage the lifecycle of the data on your hard drive. With a few quick instructions, you can turn on encryption such that only someone with access to the correct authentication credentials can decrypt the data. Furthermore, if you want to securely erase the data on your SED, it’s amazingly easy. With the appropriate password, you can throw away the encryption key for the data (which is always encrypted) and the data on the drive becomes completely useless. It has the effect of simply starting you over with a brand-new hard drive. As with TNC, the TPM can be added to provide additional security for SEDs. If authentication to the drive requires the use of the TPM, you can ensure that if someone pulls the hard drive out of your machine, they won’t be able to get access to the data. The TPM also makes local authentication more secure. INNOVATIVE START TOWARD A SECURE, 6 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today How DMI Can Help DMI has years of experience in applied research and implementation of trusted computing in the enterprise, working in particular with agencies in the Department of Defense to advance the state of the art. DMI is a full-service cybersecurity solutions systems integrator and a contributing member of the Trusted Computing Group (TCG). We bring to bear seasoned veterans who know the cyber threat environment, advanced cybersecurity technologies and tools like those we’ve highlighted in this paper, and who understand enterprise needs. We encourage our clients to leverage DMI’s cybersecurity skills and trusted computing expertise to assist them in assessing their security posture and to design, implement and deploy solutions that integrate with their existing infrastructure. We also provide clear business rationale for trusted computing solutions, and develop plans for how trusted computing can be used to improve security, reduce cost, and increase compliance. DMI also manages our clients’ day-to-day IT security. DMI’s Trusted Security Operations Center (SOC) solutions include 24x7 operational support and our more advanced offerings leverage all of the trusted computing technologies discussed above. Conclusion The technologies described here are some of the byproducts of the pursuit of a vastly more secure future. The promise of trusted computing is grand, far-reaching and will take a long time to be fully realized, but the interim steps along the way that will lead to that future are ready to be leveraged. The TPM provides hardware-based security on standard enterprise machines. TNC provides health checks and flexible policies for network access control. SEDs provide strong access control and simplified management of your data-at-rest. And other solutions are ready now or just around the corner. Go take a look at what’s out there. You’ll be surprised at how many practical trusted computing solutions there are for your enterprise today and coming soon for use tomorrow. INNOVATIVE START TOWARD A SECURE, 7 TRUSTWORTHY ENTERPRISE WHITE PAPER
Practical Trusted Computing Solutions You Can Deploy Today About DMI DMI is a leading IT solutions and business strategy consulting firm. DMI provides services and solutions in Strategic Consulting, Desktop Management, Network Management, Enterprise Applications, and Cybersecurity. We are one of the fastest growing companies in the industry, with over 500 employees and 50 civilian, defense, and intelligence agency clients. The hallmark of our business is dedication to exceptional customer service and we’re proud of our Dunn and Bradstreet Open Ratings quality and satisfaction rating of 94/100. Our record of repeat business is enviable by any standard. DMI is headquartered in Bethesda MD, with satellite and project offices throughout the world. At DMI, we focus on “enterprise transformation”—the strategic application of innovation to create newfound economies, efficiencies, savings, and value for our government and commercial clients and their customers. We offer market-making thought leadership and the proven ability to deliver solutions to the most vexing problems facing enterprises today. We have a dedicated Innovation Office designed to seek and bring new concepts and technologies to our clients. In the summer of 2011, we opened a state-of-the-art DMI Innovation Center in the heart of Washington, D.C. At the DMI Innovation Center you can learn, experience, and get your hands dirty with an increasing array of new technologies and solutions like many of those described above. See secure mobility in action. Learn what’s possible with Trusted Computing. And soon, experience the future of integrated, automated cybersecurity monitoring operations. You are cordially invited. For more information on practical trusted computing solutions, contact DMI: Ari Singer, Director, Trusted Computing Solutions, asinger@DMInc.com, 240.744.3041. DMI One Rock Spring Plaza 6550 Rock Spring Dr Bethesda, MD 20817 DMInc.com info@DMInc.com ©2012 Digital Management, Inc. All right reserved. INNOVATIVE START TOWARD A SECURE, 8 TRUSTWORTHY ENTERPRISE WHITE PAPER

Recommended

Why uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityWhy uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityCincoC
 
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTijesajournal
 
Aensis Advanced Cybersecurity Solutions
Aensis Advanced Cybersecurity SolutionsAensis Advanced Cybersecurity Solutions
Aensis Advanced Cybersecurity SolutionsJose Luis Garcia Rodriguez
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Juniper competitive cheatsheet
Juniper competitive cheatsheetJuniper competitive cheatsheet
Juniper competitive cheatsheetUsman Arif
 

Recommended

Why uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityWhy uem-is-the-key-to-enterprise-it-security
Why uem-is-the-key-to-enterprise-it-securityCincoC
 
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTijesajournal
 
Aensis Advanced Cybersecurity Solutions
Aensis Advanced Cybersecurity SolutionsAensis Advanced Cybersecurity Solutions
Aensis Advanced Cybersecurity SolutionsJose Luis Garcia Rodriguez
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Juniper competitive cheatsheet
Juniper competitive cheatsheetJuniper competitive cheatsheet
Juniper competitive cheatsheetUsman Arif
 
IT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesIT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesRichard Cole
 
Final2[1]
Final2[1]Final2[1]
Final2[1]MohammedHazzaa1
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Security plan
Security planSecurity plan
Security planOriginalGSM
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Yokogawa
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Trusted computing: an overview
Trusted computing: an overviewTrusted computing: an overview
Trusted computing: an overviewTJR Global
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?Frances Coronel
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMInternational Journal of Technical Research & Application
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
CNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityCNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityAdlan Hussain
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 

More Related Content

What's hot

IT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesIT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesRichard Cole
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Yokogawa
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Trusted computing: an overview
Trusted computing: an overviewTrusted computing: an overview
Trusted computing: an overviewTJR Global
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?Frances Coronel
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
CNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityCNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityAdlan Hussain
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 

What's hot (20)

IT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesIT Security for Oil and Gas Companies
IT Security for Oil and Gas Companies
 
Final2[1]
Final2[1]Final2[1]
Final2[1]
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
Security plan
Security planSecurity plan
Security plan
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?
 
Trusted computing: an overview
Trusted computing: an overviewTrusted computing: an overview
Trusted computing: an overview
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEM
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps World
 
CNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityCNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical Security
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 

Viewers also liked

BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Data Driven Mobile Strategy
Data Driven Mobile StrategyData Driven Mobile Strategy
Data Driven Mobile StrategyDMIMarketing
 
Mobile World Congress - Report
Mobile World Congress - ReportMobile World Congress - Report
Mobile World Congress - ReportDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsDMIMarketing
 
Driving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDriving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDMIMarketing
 
Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)DMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsDMIMarketing
 
Enterprise Mobile Strategy
Enterprise Mobile StrategyEnterprise Mobile Strategy
Enterprise Mobile StrategyDMIMarketing
 
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xSAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xDMIMarketing
 

Viewers also liked (11)

BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Data Driven Mobile Strategy
Data Driven Mobile StrategyData Driven Mobile Strategy
Data Driven Mobile Strategy
 
Mobile World Congress - Report
Mobile World Congress - ReportMobile World Congress - Report
Mobile World Congress - Report
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
 
Driving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDriving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & Sites
 
Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
 
Enterprise Mobile Strategy
Enterprise Mobile StrategyEnterprise Mobile Strategy
Enterprise Mobile Strategy
 
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xSAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
 

Similar to Secure Trustworthy Enterprise

Trusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptTrusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptnaghamallella
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Houcheng Lee
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wpJessica Hirst
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxrtodd599
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxjeffsrosalyn
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - mediumusmsystem
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Corporation
 
emea-unification-e-book.pdf
emea-unification-e-book.pdfemea-unification-e-book.pdf
emea-unification-e-book.pdfkhaledhassan
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxbartholomeocoombs
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxannette228280
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 

Similar to Secure Trustworthy Enterprise (20)

Trusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .pptTrusted _Computing _security mobile .ppt
Trusted _Computing _security mobile .ppt
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
 
Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)
 
Microsoft Palladium
Microsoft PalladiumMicrosoft Palladium
Microsoft Palladium
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docx
 
Sample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docxSample Discussion 1Security is one of the most important fun.docx
Sample Discussion 1Security is one of the most important fun.docx
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Tesseract Service Portfolio
Tesseract Service PortfolioTesseract Service Portfolio
Tesseract Service Portfolio
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey Results
 
emea-unification-e-book.pdf
emea-unification-e-book.pdfemea-unification-e-book.pdf
emea-unification-e-book.pdf
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 

More from DMIMarketing

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...DMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...DMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...DMIMarketing
 
6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your AppDMIMarketing
 
Game Changing IT Solutions
Game Changing IT SolutionsGame Changing IT Solutions
Game Changing IT SolutionsDMIMarketing
 

More from DMIMarketing (7)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
 
6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App
 
Game Changing IT Solutions
Game Changing IT SolutionsGame Changing IT Solutions
Game Changing IT Solutions
 
Buckle Up
Buckle UpBuckle Up
Buckle Up
 

Secure Trustworthy Enterprise

  • 1. INNOVATIVE START ON THE PATH TO A MORE SECURE, TRUSTWORTHY ENTERPRISE Practical Trusted Computing Solutions You Can Deploy Today How can you defend against the onslaught of attacks on your computers and networks? How can you be sure your critical data is safe? Malware and software-based attacks are a grave threat that traditional defenses can no longer counter. But trusted computing technologies can change the game—offering enterprise IT managers the confidence that their computers and networks will behave properly and are free from malware. Trusted computing solutions ensure trust by building in security from the ground up. Trusted systems start with a hardware-based “root of trust”, such as the Trusted Platform Module (TPM), that is safe from malware infection, and then build on that trust to verify the security of software that is running on the machine. INNOVATIVE START TOWARD A SECURE, 1 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 2. Practical Trusted Computing Solutions You Can Deploy Today While trusted computing is widely understood to theoretically provide new and powerful foundational security capabilities, the full promise of trusted computing has not yet been realized. Computers and networks remain vulnerable, and the vision of using the TPM to measure everything running on your systems and protect access to your critical data and resources is not yet a reality. So, should we wait for trusted computing to be able to do everything before beginning to use it? Of course not. Trusted computing can address several common cybersecurity challenges that your organization faces right now. As the grand vision is being worked on, many trusted computing technologies have sprung up to advance everyday security. The hardware foundations for trusted computing are already widely available. The TPM has shipped on about a half a billion systems and continues to ship in large quantities. Companies like Intel and AMD are building complementary technologies into their chipsets to improve the utilization of the TPM and improve virtualization security. Microsoft recently revealed some details about how the TPM and other trusted computing technologies will be better utilized in Windows 8 than in any previous Windows release. Self-encrypting hard drives (SEDs), particularly those based on the Trusted Computing Group (TCG)’s Opal standard, are now widely available. And many more solutions that combine biometrics, smart cards and TPMs are popping up all the time. INNOVATIVE START TOWARD A SECURE, 2 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 3. Practical Trusted Computing Solutions You Can Deploy Today The Emergence of the Extended Enterprise Operations Center (EEOC) Before we examine specific solutions, let’s define the characteristics of a solution that would be worth deploying: First, the solution must provide a real security benefit today. If it doesn’t do that, what’s the point? Next, it has to fit into the enterprise infrastructure. A great technology is only useful if it can be used in a way that allows it to fit in with all the rest of the solutions we need and already use. Any solution also has to be economical. It’s difficult to measure the return on investment (ROI) on a security technology, because you are usually measuring by trying to quantify the value of ensuring some unknown future bad thing doesn’t happen. So, the price has to be right and the benefit has to be tangible. Lastly, of course, any solution we’re interested in has to be easy to use or it might not get used at all. There are, in fact, a number of practical trusted computing solutions available today that meet the above criteria. These include solutions that provide secure network access control, trusted configuration management, data-at-rest protection, machine identification, real-time health checks and more. Three key solution areas in particular are worth exploring in more depth: local protection of keys using the TPM, secure network management and health checking using Trusted Network Connect (TNC) and encryption of your data-at-rest using SEDs or hardened software solutions. INNOVATIVE START TOWARD A SECURE, 3 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 4. Practical Trusted Computing Solutions You Can Deploy Today TPM Let’s start with the TPM. You’ve almost certainly got them on your enterprise machines, even if you don’t know it. While the infrastructure is not in place yet to use the TPM to enforce comprehensive security policies based on measurements of your software, the TPM does provide a convenient place to protect critical secrets on your platform. The most widely used solution that leverages the TPM is Microsoft’s BitLocker hard drive encryption. BitLocker comes standard on certain versions of Microsoft’s Vista and Windows 7 Operating Systems (OS) and will be available with the new Windows 8 OS. The TPM is used to protect the BitLocker encryption key when the machine is powered off and it will only release the key if the correct password is entered and the pre-boot software has not been modified. This ensures that no pre-OS root-kits are installed and if you’ve lost your machine, an attacker can’t just boot into their favorite OS and steal your data. It’s also easy to leverage the TPM to protect your VPN keys and secure other user authentication solutions. PC-based solutions from companies like Wave Systems and Infineon, many of which are part of the standard software packages that ship with commercial PCs, enable you to use the TPM to protect the keys for any number of commercially available security solutions without modification to those software packages. You just run the TPM software and you are protected from many software-based attacks on your keys. And while the commercial solutions for using the TPM for “machine identity” aren’t mainstream yet, you should be on the lookout for these solutions soon. Technically viable solutions are available now, but the concept of machine identity has not yet become common enterprise security parlance. When you authenticate to your network using a VPN, for instance, you prove that you know some user password and you might prove that you also have the right VPN key on your machine, but you don’t identify which machine you have. Because malware can be used to steal both your passwords and your software-based keys, an attacker can compromise a VPN using a different machine, without detection. However, if you add a network access policy that your machine has to be identified as well, you’ve created another barrier to entry, so the attacker can’t penetrate your network using a machine that isn’t already known to the network. INNOVATIVE START TOWARD A SECURE, 4 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 5. Practical Trusted Computing Solutions You Can Deploy Today TNC Trusted Network Connect provides a great framework for enforcing your own preferred security policies for managing access to your networks. In earlier instantiations of network access control solutions, endpoint health was checked only when the endpoint asked to join the network. With TNC, health checks can be performed continuously to dynamically respond to changes in endpoint status or network requirements. The interesting thing about the name TNC is that there is nothing inherently trusted about the protocol—it just provides a common framework for security checks on client machines. The trusted part comes in if you use the TPM or some other check that gives you assurance about the machines that are connecting. But the fact that you don’t have to use TPM or any other specific technology is one of the big reasons why you should use TNC. TNC allows you to leverage the security benefits from any vendor that provides TNC compatible solutions and there are a lot of vendors that do it. With TNC- based products like Juniper’s Unified Access Control (UAC), you can gate network access based on the version and operational state of your software such as your Microsoft OS, or your Symantec or McAfee anti-virus solution. Access can also be blocked if certain banned software packages are running. By performing periodic health checks, you can catch changes to network-attached computers in real-time and proactively protect your network. One of the major benefits of TNC is that it enables you to gradually enhance trust over time. You can integrate TNC first and then add new capabilities. Verification of machine identity using the TPM could be required to gain access, or access could be based on any of a variety of other TNC- enabled security checks. A number of vendors have recently integrated TNC into their products and incorporated a variety of security capabilities into the shared TNC framework. One technology that helps with this integration is TNC’s Interface for Metadata Access Points (IF-MAP), which is implemented in products like Infoblox’s IF-MAP Orchestration Server. You could think of IF-MAP as Facebook for applications. People use Facebook to keep track of what is happening in the lives of their friends. IF-MAP makes it possible for interested applications to keep track of one another in the same way. When an event occurs to an application, it can post information about it to IF-MAP. Applications that subscribe to news from the poster are automatically informed of the update, and they may react to it as a result. This creates an unprecedented opportunity to connect third party software packages to automate network threat detection and response. Examples of security products that integrate with TNC and/or IF-MAP include Lumeta’s IPSonar product, which looks at network configuration and detects leaks, Hirsch Electronics’ Velocity Security Management System, which combines physical building access control and network access control, Great Bay’s Beacon Endpoint, which addresses problems like discovery—locating, identifying and inventorying all of the endpoints in the network and Triumfant’s Resolution Manager, which continuously monitors machine health and identifies and potentially repairs malware. Finally, integrating TPM certificates for device authentication with products from companies like Wave Systems enables a more trusted overall network security solution. INNOVATIVE START TOWARD A SECURE, 5 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 6. Practical Trusted Computing Solutions You Can Deploy Today SEDs Perhaps the easiest trusted computing solution to deploy is self-encrypting drives—drives with built-in hardware-based encryption engines to encrypt data written to the drive. SEDs are transparent to the user under normal circumstances. If you buy an SED off-the-shelf, it will work seamlessly with whatever system you have. And there is an easy business justification for spending a little extra on an SED: it provides you an easy mechanism for meeting data protection compliance requirements. Ironically, SEDs also speed up your machine because the machine’s CPU is no longer responsible for encrypting or decrypting data with every read and write action. If you get an SED that is compatible with the TCG’s Opal standard, you also get standardized, flexible, easy-to-use management capabilities. You can use products from vendors like WinMagic and Wave Systems to set up access control policies for your SED. Then it is straightforward to manage the lifecycle of the data on your hard drive. With a few quick instructions, you can turn on encryption such that only someone with access to the correct authentication credentials can decrypt the data. Furthermore, if you want to securely erase the data on your SED, it’s amazingly easy. With the appropriate password, you can throw away the encryption key for the data (which is always encrypted) and the data on the drive becomes completely useless. It has the effect of simply starting you over with a brand-new hard drive. As with TNC, the TPM can be added to provide additional security for SEDs. If authentication to the drive requires the use of the TPM, you can ensure that if someone pulls the hard drive out of your machine, they won’t be able to get access to the data. The TPM also makes local authentication more secure. INNOVATIVE START TOWARD A SECURE, 6 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 7. Practical Trusted Computing Solutions You Can Deploy Today How DMI Can Help DMI has years of experience in applied research and implementation of trusted computing in the enterprise, working in particular with agencies in the Department of Defense to advance the state of the art. DMI is a full-service cybersecurity solutions systems integrator and a contributing member of the Trusted Computing Group (TCG). We bring to bear seasoned veterans who know the cyber threat environment, advanced cybersecurity technologies and tools like those we’ve highlighted in this paper, and who understand enterprise needs. We encourage our clients to leverage DMI’s cybersecurity skills and trusted computing expertise to assist them in assessing their security posture and to design, implement and deploy solutions that integrate with their existing infrastructure. We also provide clear business rationale for trusted computing solutions, and develop plans for how trusted computing can be used to improve security, reduce cost, and increase compliance. DMI also manages our clients’ day-to-day IT security. DMI’s Trusted Security Operations Center (SOC) solutions include 24x7 operational support and our more advanced offerings leverage all of the trusted computing technologies discussed above. Conclusion The technologies described here are some of the byproducts of the pursuit of a vastly more secure future. The promise of trusted computing is grand, far-reaching and will take a long time to be fully realized, but the interim steps along the way that will lead to that future are ready to be leveraged. The TPM provides hardware-based security on standard enterprise machines. TNC provides health checks and flexible policies for network access control. SEDs provide strong access control and simplified management of your data-at-rest. And other solutions are ready now or just around the corner. Go take a look at what’s out there. You’ll be surprised at how many practical trusted computing solutions there are for your enterprise today and coming soon for use tomorrow. INNOVATIVE START TOWARD A SECURE, 7 TRUSTWORTHY ENTERPRISE WHITE PAPER
  • 8. Practical Trusted Computing Solutions You Can Deploy Today About DMI DMI is a leading IT solutions and business strategy consulting firm. DMI provides services and solutions in Strategic Consulting, Desktop Management, Network Management, Enterprise Applications, and Cybersecurity. We are one of the fastest growing companies in the industry, with over 500 employees and 50 civilian, defense, and intelligence agency clients. The hallmark of our business is dedication to exceptional customer service and we’re proud of our Dunn and Bradstreet Open Ratings quality and satisfaction rating of 94/100. Our record of repeat business is enviable by any standard. DMI is headquartered in Bethesda MD, with satellite and project offices throughout the world. At DMI, we focus on “enterprise transformation”—the strategic application of innovation to create newfound economies, efficiencies, savings, and value for our government and commercial clients and their customers. We offer market-making thought leadership and the proven ability to deliver solutions to the most vexing problems facing enterprises today. We have a dedicated Innovation Office designed to seek and bring new concepts and technologies to our clients. In the summer of 2011, we opened a state-of-the-art DMI Innovation Center in the heart of Washington, D.C. At the DMI Innovation Center you can learn, experience, and get your hands dirty with an increasing array of new technologies and solutions like many of those described above. See secure mobility in action. Learn what’s possible with Trusted Computing. And soon, experience the future of integrated, automated cybersecurity monitoring operations. You are cordially invited. For more information on practical trusted computing solutions, contact DMI: Ari Singer, Director, Trusted Computing Solutions, asinger@DMInc.com, 240.744.3041. DMI One Rock Spring Plaza 6550 Rock Spring Dr Bethesda, MD 20817 DMInc.com info@DMInc.com ©2012 Digital Management, Inc. All right reserved. INNOVATIVE START TOWARD A SECURE, 8 TRUSTWORTHY ENTERPRISE WHITE PAPER