With thanks to Cherwell Software. Please visit http://bit.ly/tftCherwell for a short 2 minute video.
You probably use remote support on your service desk. In fact, you probably use more than one remote support tool . . . and they're probably not secure. For years now, remote support has been found to be the leading data breach attack pathway. Attackers use simple methods made possible by legacy remote support technologies accessible to the internet. McNeill will discuss how your service desk may be putting your company's data at risk and what you can do to secure remote support.
To find out more about TFT, the only 24 hour global virtual ITSM conference, visit www.tomorrowsfuturetoday.com
4. Bomgar Product Strategy
Remote Support (Access)
Service Desk (Process)
Systems Management (Infrastructure)
Support
Incident
Incident
Resolved
Infrastructure Process Access
15. Bomgar Product Strategy
In approximately four of 10 hacking-
related breaches, an attacker gained
unauthorized access to the victim via
one of the many types of remote
access and management software.
Rather than for internal usage, most of
these connections were provisioned to
third parties in order to remotely
administer systems.
2009 Data Breach Investigations Report
– Verizon Business Risk Team
17. Bomgar Product Strategy
“Legacy remote control tools are incapable
of supporting increasingly complex
environments, and companies must find
new ways to provide support services to users.”
P2
─ PC Remote Control Security: Risks & Recommendations Gartner, Apr 2009
23. Bomgar Product Strategy
Mobile Device
Remote
From
Remote To Functionalities
Screen
Sharing
System
Info
Chat
File
Transfer
Screen
Capture
Remote
Config
BlackBerry®
Windows
Mobile(1)
Android™
iPad®
iPhone®
(1) Windows Mobile 6.5 and Below
(2) For carriers and device manufacturers. Not available for all businesses
(2) (2)
27. Bomgar Product Strategy
“There are three basic forms of PC
remote control: client/server (agent-
based), Web-based (agentless) and
appliance-based (agent not
required).” P4
─ PC Remote Control Security: Risks & Recommendations Gartner, Apr 2009
36. Bomgar Product Strategy
• Customer-initiated
• Remote Control or View Only
• Restrict Access by Application
• Over-Riding Mouse Control
• Prominent "Stop Session" Button
• Notifications/Permissions for All Rep
Actions
37. Bomgar Product StrategyVendor Controls
•Dedicated Silo for Each Partner
•Per-Partner Access & Security Policy
•Integration with Access Directories
•Policy-Based Collaboration with
Internal Teams
•Direct or Accompanied Access to
Systems
•Ad-Hoc, or Ongoing Access
•Complete Audit Trail of Partner Access
38. Bomgar Product Strategy
• Detailed Session Logs
− Session Membership
− Activity Transcripts
− File Transfers
− Survey Responses
• Video Session Recording
− Screen Sharing
− Command Line Sessions
• Track Admin Changes Via Syslog
• Integrated with Service Desk / CRM
40. Bomgar Product Strategy
• Remote Support Is a Current Security Risk
• Remote Support Is Extending to Mobile
• Four ‘A’s Needed for Remote Support Security
Editor's Notes
You Need Remote Access, but There are Problems With Most Tools
You Need Remote Access, but There are Problems With Most Tools
Talking PointsMost remote control tools have been added over a long period of time as part of one PC deployment or another
Talking PointsMost remote control tools have been added over a long period of time as part of one PC deployment or another
Talking PointsMost remote control tools have been added over a long period of time as part of one PC deployment or another
Talking PointsThe difference between patching together multiple solutions and really addressing the problem in total is whether or not you address remote support as a strategic need.QuestionsHow has remote support been addressed in the past? Tactically? Strategically?
Talking PointsThe difference between patching together multiple solutions and really addressing the problem in total is whether or not you address remote support as a strategic need.QuestionsHow has remote support been addressed in the past? Tactically? Strategically?