Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

•Download as PPTX, PDF•

1 like•386 views

Download this presentation to learn how your organization must implement a defense-in-depth approach that goes beyond standalone anti-virus to effectively prevent malware. In this presentation, you will: *Learn what intelligent whitelisting is and how it addresses the challenges associated with traditional whitelisting technologies in dynamic environments *Explore how intelligent whitelisting delivers a proactive defense that fills gaps left open by reactive solutions such as anti-virus *See a live demonstration of Lumension Intelligent Whitelisting and how it integrates three levels of endpoint malware defense – patch management, antivirus and application whitelisting – into a single solution and workflow with one agent and one console

Technology Business

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware ,[object Object],© 2011 Monterey Technology Group Inc.

Brought to you by Speakers Chris Chevalier, Senior Product Manager Chris Merritt, Director of Solution Marketing http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

Preview of Key Points Whitelisting is critical for defense-in-depth against endpoint malware Challenges with traditional whitelisting Making whitelisting intelligent Treat each PC as unique Trusted agents of change Intelligent trust decisions © 2011 Monterey Technology Group Inc.

Whitelisting is critical for defense-in-depth against endpoint malware No substitute for patch and AV but both are: Reactive Negative security model Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers

Whitelisting is critical for defense- in-depth against endpoint malware For real defense-in-depth Additional layer needed Fundamentally different approach Application whitelisting Proactive Positive security model

Whitelisting also helps addressrisks inherent with local admins Neither patch or AV protect against end-users with admin authority Adding unwanted software Accessing/modifying restricted system settings Regedit, ftp, telnet, security settings Whitelisting prevents local admins From installing new, unauthorized software Or accessing restricted system components

Challenges with traditional whitelisting Each PC is unique PCs are not static Starting from a pristine environment unrealistic Identifying trusted applications Endpoint uniqueness and Constant Change Existing PCs Needing Immediate Protection Identifying ALL trusted applications Challenges to Application Whitelisting

Making whitelisting intelligent Acknowledge the uniqueness of each PC Ensure user productivity by making more intelligent trust decisions Recognize trusted agents of change Progressive implementation

Treat each PC as unique Implement local whitelist for each PC Based on software already present New malicious or unwanted software instantly stopped Existing unwanted software addressed Blacklist Later policy development Centrally build list of all software present throughout all endpoints To be leveraged as prevalence knowledge

Trusted agents of change Whitelists require continual maintenance since PC software is constantly updated Specify trusted agents of change e.g. patch agents, system management processes and other software deployment agents No coordination or maintenance required by IT staff when software updated

More intelligent trust decisions Trusted updaters Trusted publishers Trusted paths Denied applications Trusted authorizers Leverage Prevalence information collected by agents

Bottom Line © 2011 Monterey Technology Group Inc. Patch management and AV aren’t enough Don’t provide defense-in-depth Application Whitelisting provides a 3rd and fundamentally different approach All 3 together provide synergistic, true defense-in-depth Intelligent whitelisting addresses the traditional problems of application whitelisting by Acknowledging uniqueness of each PC Making more intelligent trust decisions Automatically updating whitelist with changes made by trusted agents Allowing progressive implementation with existing fleet of PCs

More from Lumension

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack. During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems. •3 Critical Entry Points to POS System Attacks •Impacts to an Organization •Top 3 Security Measures to Minimize Risk

Securing Your Point of Sale Systems: Stopping Malware and Data Theft

Lumension

Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts. You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us. In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data. Find out about the top trends, such as: SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics? Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype? Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance? The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud? Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches? This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

Lumension

2014 Data Protection Maturity Survey: Results and Analysis

Lumension

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening? For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage. Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn: •IT perspective on the changing threat landscape and today’s Top 5 risks; •Disconnect between perceived risk and corresponding strategies to combat those threats; •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Lumension

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Lumension

Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach. But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers. I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss: *Alternatives to Adobe and Java *Different ways to containing vulnerable apps in a sandbox * Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning. That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day. This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.

Adobe Hacked Again: What Does It Mean for You?

Lumension

Real World Defense Strategies for Targeted Endpoint Threats

Lumension

APTs: The State of Server Side Risk and Steps to Minimize Risk

Lumension

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Lumension

The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent. But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies. This presentation will: - Review the current EU laws, and contrast them with laws in other parts of the world; - Examine the arguments for strengthening data protection in Europe, and the likely outcomes; - Look at what security teams should already be doing to put themselves ahead of legislative changes; - Outline strategies and technologies organisations need to meet current and future data protection requirements - Help infosecurity teams to explain the changes – and their consequences – to their boards

Data Protection Rules are Changing: What Can You Do to Prepare?

Lumension

Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling. Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment. One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including: Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints. Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs. Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure. Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible. Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is? Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.

Java Insecurity: How to Deal with the Constant Vulnerabilities

Lumension

Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge. The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.

BYOD & Mobile Security: How to Respond to the Security Risks

Lumension

Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization. Join this expert panel webcast to learn how to: 1)Understand your business audiences and evaluate their risk tolerance 2)Leverage reputation management services that are appropriate for your organization 3)Utilize realistic change management to secure prioritized data depositories

3 Executive Strategies to Reduce Your IT Risk

Lumension

APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection. In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...

Lumension

Businesses large and small continue to struggle with malware. Traditional approaches to malware protection, like standalone anti-virus, are proving themselves unfit for the task. Kevin Beaver, Independent Information Security Expert dives into: • How to get a better grasp of the weaknesses in endpoint security • Examining whether or not anti-virus is effective • A comparison between a proactive versus reactive approach to fighting the malware fight.

Defending Your Corporate Endpoints How to Go Beyond Anti-Virus

Lumension

In 2012 we found out that the BYOD environment and consumerization of the workplace had turned traditional notions of corporate IT upside down. The 2013 Data Protection Maturity Report will highlight how organizations have managed this trend over the last year and what steps are being taken in 2013 to further enhance data security. Find out how IT teams are developing a holistic model that encompasses policy, education, technology and enforcement. Within this slide deck, we look at each of data protection trends, helping you define your organization’s best practice guide to address the top concerns. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.

2013 Data Protection Maturity Trends: How Do You Compare?

Lumension

What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration. This presentation by Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn: •IT perspective on today’s Top 3 risks; •Disconnect between perceived risk and corresponding strategies to combat those threats; •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Greatest IT Security Risks of 2013: Annual State of the Endpoint Report

Lumension

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business? • Gain a detailed overview of the next generation of threats out there • Understand how to detect key threats and attacks before they develop a stranglehold on your business • Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Lumension

Well-organized, highly sophisticated cyber attacks continue to make headlines, hitting major U.S. banks and global companies like Adobe to name a few. In support of October as National Cyber Security Awareness Month, Lumension CEO Pat Clawson, Prolexic CEO Scott Hammack, security industry expert and author, Richard Stiennon and industry analyst and webcast moderator Eric Ogren will share their unique insight into these recent news-making attacks and what they mean for enterprises everywhere. Learn: •The latest, seemingly extraordinary attacks; •How these attacks could escalate to the point where they matter to you and; •What you should be doing to secure against them.

Sensational Headlines or Real Threats? What New Attacks Mean For You.

Lumension

This presentation by Randy Franklin Smith from Ultimate Windows Security reviews, “Stopping the Adobe, Apple and Java Software Updater Insanity”. He shares tips and caveats for dealing with the most common software updaters from Adobe, Apple and Oracle. But the bottom line is that we all need centralized patch management and he’ll explore the important requirements and architectural issues you should be aware of in this space.

Stopping the Adobe, Apple and Java Software Updater Insanity

Lumension

More from Lumension (20)

Securing Your Point of Sale Systems: Stopping Malware and Data Theft

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

2014 Data Protection Maturity Survey: Results and Analysis

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Adobe Hacked Again: What Does It Mean for You?

Real World Defense Strategies for Targeted Endpoint Threats

APTs: The State of Server Side Risk and Steps to Minimize Risk

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Data Protection Rules are Changing: What Can You Do to Prepare?

Java Insecurity: How to Deal with the Constant Vulnerabilities

BYOD & Mobile Security: How to Respond to the Security Risks

3 Executive Strategies to Reduce Your IT Risk

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...

Defending Your Corporate Endpoints How to Go Beyond Anti-Virus

2013 Data Protection Maturity Trends: How Do You Compare?

Greatest IT Security Risks of 2013: Annual State of the Endpoint Report

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Sensational Headlines or Real Threats? What New Attacks Mean For You.

Stopping the Adobe, Apple and Java Software Updater Insanity

Recently uploaded

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

FIDO Alliance

Ruby has a lot of standard libraries from Ruby 1.8. I promote them democratically with GitHub today via default and bundled gems. So, I'm working to extract them for Ruby 3.4 continuously and future versions. It's long journey for me. After that, some versions may suddenly happen LoadError at require when running bundle exec or bin/rails, for example matrix or net-smtp. We need to learn what's difference default/bundled gems with standard libraries. In this presentation, I will introduce what's the difficult to extract bundled gems from default gems and the details of the functionality that Ruby's require and bundle exec with default/bundled gems. You can learn how handle your issue about standard libraries.

Long journey of Ruby Standard library at RubyKaigi 2024

Hiroshi SHIBATA

ADP Passwordless Journey Case Study.pptx

FIDO Alliance

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

FIDO Alliance

At Skynet Technologies, our team of accessibility experts performs automated, semi-automated, and manual audits of websites and web applications as per WCAG 2.2 level AA, ADA, and section 508. Based on evaluations of the accessibility compliance level of the website’s UI, design, source code, navigation, interactive elements, and overall usability, we will provide a digital accessibility evaluation report with in-depth details of potential accessibility barriers and remediation recommendations. Get a manual website WCAG audit (2.0, 2.1, 2.2 level AA) for a small website: 10 pages: $2,500 within 7 business days 30 pages: $7,500 within 14 business days 50 pages: $12,500 within 28 business days For medium websites: 100 pages: $25,000 within 6 weeks For larger websites or audits of all pages, please reach out hello@skynettechnologies.com.

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Skynet Technologies

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

Delivered by Michael Down at Gartner Data & Analytics Summit London 2024 - Your enemies use GenAI too: Staying ahead of fraud with Neo4j. Fraudsters exploit the latest technologies like generative AI to stay undetected. Static applications can’t adapt quickly enough. Learn why you should build flexible fraud detection apps on Neo4j’s native graph database combined with advanced data science algorithms. Uncover complex fraud patterns in real-time and shut down schemes before they cause damage.

Your enemies use GenAI too - staying ahead of fraud with Neo4j

Neo4j

ERP Contender Series: Acumatica vs. Sage Intacct

BrainSell Technologies

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Stefan Dietze

Are you wondering why everyone is talking about the Flutterwave scandal? You’re not alone! It’s been in the news a lot. We’re going to tell you all about the Flutterwave Scandal in a way that’s easy to get. Keep reading, because we’re going to share the whole story with you. The company Flutterwave is headquartered in San Francisco, California, United States. In 2016, Iyinoluwa Aboyeji, Olugbenga Agboola, and Adeleke Adekoya established Flutterwave. It offers a payment infrastructure to international merchants and payment service providers throughout Africa. The company operates in various African countries including Nigeria, Kenya, Uganda, Ghana, South Africa, and others. They focus on digital payments, helping businesses accept and process payments on various channels like the web, mobile, ATM, and POS. Recently, they’ve been in the news due to allegations of misconduct within the company, which has affected their reputation and value. Flutterwave is an essential player in the African fintech landscape, aiming to drive growth for banks and businesses through digital payment solutions. The Flutterwave scandal involves allegations of misconduct and inappropriate behaviour towards female employees by the company’s co-founder and CEO, Olugbenga Agboola. Reports have surfaced from both current and former employees about bullying, intimidation, and sexual harassment at work. The allegations of inappropriate behaviour towards female employees at Flutterwave, specifically involving the CEO Olugbenga Agboola, were brought to public attention in April 2022.This was when Clara Wanjiku Odero, an ex-employee and current CEO of Credrails, published a Medium post and a series of tweets on April 4, 2022, accusing Flutterwave and Agboola of bullying. These allegations were part of a broader range of misconduct claims that surfaced around the same time The reasons behind the scandal are rooted in accusations of unethical behavior within the company. The allegations suggest a workplace culture that allowed for misconduct and failed to protect employees from harassment and intimidation. Specifically, the Flutterwave scandal refers to the series of events where the CEO was accused of engaging in improper conduct with female colleagues. This led to a broader investigation into the company’s practices and raised serious concerns about the fintech’s corporate governance. The scandal had significant repercussions, including a drop in the company’s stock price and a loss of trust among customers and partners. The trust that customers and investors had in Flutterwave was greatly damaged. People started to doubt the company’s integrity and whether their money and personal information were safe. Market Impact The scandal shook the entire fintech market. Flutterwave’s competitors saw this as an opportunity and started to attract customers who were leaving Flutterwave.

Breaking Down the Flutterwave Scandal What You Need to Know.pdf

UK Journal

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

FIDO Alliance

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

2024 May Patch Tuesday

Ivanti

WebAssembly is Key to Better LLM Performance

Samy Fodil

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

FIDO Alliance

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

FIDO Alliance

Webinar Recording: https://www.panagenda.com/webinars/easier-faster-and-more-powerful-notes-document-properties-reimagined/ Have you ever felt frustrated by the small properties dialog in Notes? Had to create an agent or button to quickly change a field? Searched endlessly for the field you wanted to compare each time you selected a new document? Wished you could just make the damned thing bigger? Luckily, there is a solution – and you probably already have it installed! With the free panagenda Document Properties (Pro) you get the properties dialog you always needed. Big, resizable, full-text searchable. View multiple documents at once or compare them with a diff viewer. Modify any field, and finally have an easy way to handle profile documents for all users. Join HCL Lifetime Ambassador Julian Robichaux to discover how Document Properties can simplify your work and assist you daily when using Domino applications – in the client or the designer. You will never look back! Key takeaways from this session - What Document Properties is, which editions there are, and how you can find it in Notes and Domino Designer - How you can search for and edit any field, compare documents, or CSV export all data - How to find, edit, and even delete profile documents - Which configuration settings are available to customize feature

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

panagenda

Recently uploaded (20)

Introduction to FIDO Authentication and Passkeys.pptx

Intro in Product Management - Коротко про професію продакт менеджера

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Long journey of Ruby Standard library at RubyKaigi 2024

ADP Passwordless Journey Case Study.pptx

Design Guidelines for Passkeys 2024.pptx

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Your enemies use GenAI too - staying ahead of fraud with Neo4j

ERP Contender Series: Acumatica vs. Sage Intacct

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Breaking Down the Flutterwave Scandal What You Need to Know.pdf

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

2024 May Patch Tuesday

WebAssembly is Key to Better LLM Performance

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

2. Brought to you by Speakers Chris Chevalier, Senior Product Manager Chris Merritt, Director of Solution Marketing http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

3. Preview of Key Points Whitelisting is critical for defense-in-depth against endpoint malware Challenges with traditional whitelisting Making whitelisting intelligent Treat each PC as unique Trusted agents of change Intelligent trust decisions © 2011 Monterey Technology Group Inc.

4. Whitelisting is critical for defense-in-depth against endpoint malware No substitute for patch and AV but both are: Reactive Negative security model Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers

5. Whitelisting is critical for defense- in-depth against endpoint malware For real defense-in-depth Additional layer needed Fundamentally different approach Application whitelisting Proactive Positive security model

6. Whitelisting also helps addressrisks inherent with local admins Neither patch or AV protect against end-users with admin authority Adding unwanted software Accessing/modifying restricted system settings Regedit, ftp, telnet, security settings Whitelisting prevents local admins From installing new, unauthorized software Or accessing restricted system components

7. Challenges with traditional whitelisting Each PC is unique PCs are not static Starting from a pristine environment unrealistic Identifying trusted applications Endpoint uniqueness and Constant Change Existing PCs Needing Immediate Protection Identifying ALL trusted applications Challenges to Application Whitelisting

8. Making whitelisting intelligent Acknowledge the uniqueness of each PC Ensure user productivity by making more intelligent trust decisions Recognize trusted agents of change Progressive implementation

9. Treat each PC as unique Implement local whitelist for each PC Based on software already present New malicious or unwanted software instantly stopped Existing unwanted software addressed Blacklist Later policy development Centrally build list of all software present throughout all endpoints To be leveraged as prevalence knowledge

10. Trusted agents of change Whitelists require continual maintenance since PC software is constantly updated Specify trusted agents of change e.g. patch agents, system management processes and other software deployment agents No coordination or maintenance required by IT staff when software updated

11. More intelligent trust decisions Trusted updaters Trusted publishers Trusted paths Denied applications Trusted authorizers Leverage Prevalence information collected by agents

12. Progressive Implementation

13. Bottom Line © 2011 Monterey Technology Group Inc. Patch management and AV aren’t enough Don’t provide defense-in-depth Application Whitelisting provides a 3rd and fundamentally different approach All 3 together provide synergistic, true defense-in-depth Intelligent whitelisting addresses the traditional problems of application whitelisting by Acknowledging uniqueness of each PC Making more intelligent trust decisions Automatically updating whitelist with changes made by trusted agents Allowing progressive implementation with existing fleet of PCs

14. Brought to you by Speakers Chris Chevalier, Senior Product Manager Chris Merritt, Director of Solution Marketing http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

Recommended

Recommended

More Related Content

More from Lumension

More from Lumension (20)

Recently uploaded

Recently uploaded (20)

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware