dss itsec conference 2012 - lumension intelligent application whitelisting & lemss
DESCRIPTION
Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.TRANSCRIPT
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension
and the change
in Endpoint
Protection
Matthew Walker – VP EMEA Channel Sales
IT Security Continues to be a Growing Problem
The New Computing Era
» Enterprise users experience 339 malware
encounters per month2
» 11 per day- 200% increase over same
period
» 1/3 was zero day
» By 2015, more than 60% of enterprises will
have suffered material loss of sensitive
corporate data via mobile devices3
» Less than 20% of CIO’s felt that their device
security and management polices would
satisfy an auditor3
» 60% percent of virtualized servers will be less
secure than the physical servers they replace3
Cyber Attacks #4 Top 50 Global Risks1
1) World Economic Forum 2011, 2) Cisco Threat Report 2012, 3) Gartner 2011
What Gartner Says
•Malware effectiveness continues to accelerate, while vendors are busy
polishing increasingly ineffective solutions and doing little to
fundamentally reduce the attack surface and protect users.
• ......Application Control holds significant promise but with a few
exceptions most vendors in this analysis do not provide flexible enough
solutions for large enterprises.
•Endpoint protection platforms continue to struggle to block typical
malware threats, and are even less effective with low-volume targeted
attacks. A few vendors have started to provide proactive tools, such as
vulnerability detection and application control, that reduce the attack
surface...(16 January 2012)
Lumension are in Visionary quadrant
3
Growing Application Centric Risk
» Social networking applications are detected
in 95% of organizations **
» 78% of web 2.0 applications support file
transfer**
» 2/3 of applications in use had known
vulnerabilities**
» 28% of applications were known to
propagate malware**
*Ponemon-Lumension State of the Endpoint 2010,2011
** Palo Alto Networks Application Survey 2010, 2011
What's In Your Network?
Gartner projects that 50% of companies
will be deploying “default deny “ polices to
restrict application usage, by 2015.
Trust Stack of the Future
5
Today’s Trust Stack
New application New application
Is this known bad?
Is this known good?
Is this known bad?
Is this unwanted?
Do I trust the Vendor?
What program introduced it?
Do I trust where it came from?
Do I trust the user installing it?
Am I licensed for this?
Allow / Block / Remove
Trust Stack of the Future
? ?
Allow / Block / Restrict / Remove
6
Lumension’s Application Control Approach
Whitelisting
Tru
st E
ngin
e
Blacklisting
Provides manageable
rules-based exceptions
in a dynamic enterprise
environment.
People Path Process Publisher
Lumension’s approach is to deliver a dynamic trust engine that can
simultaneously accommodate change and validate trust.
Challenges of Endpoint Management
7
IT Operations
Challenges
IT Security
» Lack of Common Management Console
» Increasing Agent Bloat
» Increasing and costly back-end Integration
» Lack of visibility and collaboration with IT
security
Challenges
» Need for better accuracy
» User access rights (Local Admin)
» Lack of Scalability
» Silos and insufficient collaboration
between IT and business operations*
Lack of integration
across technologies
is the #1 IT security
risk.*
*Worldwide State of The Endpoint Report 2009
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Liam Puleo
Pre Sales Engineer (EMEA)
Lumension EMSS
DSS ITSEC 2012
New End Point Strategy
9
Blacklisting
As The Core
Zero Day
3rd Party
Application Risk Malware
As a Service
Consumerization
of IT
Defense-N-
Depth
Traditional
Endpoint Security
Patch &
Configuration
Mgmt.
Emerging
Endpoint Security Stack
Device Control
• Device visibility
• File type filtering
• Device whitelisitng
• Read only access
• Effective protection
against physically
introduced malware
• Reduces insider and
data loss risk
Anti-Virus Patch Management Application Control
• Protection against all
known malware
(Blacklistng)
• Efficient Malware
removal
• Effective protection
against fast wide
spreading malware
• Automated patch
deployment and
remediation
• Configuration & Power
management
• Software deployment
• Heterogeneous and 3rd
party vulnerability
content coverage
• Prevents all unknown
executables from
running (whitelisitng)
• Effective zero day
malware protection
• Flexible Trust based
change management
policy control
• Application visibility
L.E.M.S.S. Core Product Offerings 2012
10
Lumension® Endpoint Management and Security Suite
Effective
Endpoint Security
Reduced Endpoint
Complexity Enhanced IT
Operations & Productivity
Add on modules:
Lumension Disk Encryption (Powered by Sophos) • Requires Patch management and Content Wizard
Power Management • Requires Patch management and Content Wizard
Content Wizard
Enterprise Reporting
NEXT – Demo of LEMSS
11 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Secure the endpoint by enforcing a known good baseline of secure
configurations and an operating system and applications that are
patched and up-to-date.
Lock down the configuration and installed applications using
application control.
Lock down the endpoint and eliminate data leakage via peripheral
devices using device control.
Use anti virus to validate what application control has blocked.
Think Different!
Current Approach to
Endpoint Management
New Approach to
Endpoint Management
Threat Centric Trust Centric
Point products and tools Integrated platform technology
Multiple consoles Single console
Multiple Agents Single agent
Ad-hoc workflows & processes Standardized workflow & processes
Reactive, signature-based Proactive, real time
Inconsistent interpretation of policy Shared understanding of policy
Ad hoc auditing Continuous monitoring
12
Intelligent Whitelisting
More Effective Reduced Endpoint Enhanced IT
Endpoint Security Complexity Operations &
Productivity
Intelligent Whitelisting from Lumension
13
• Protection against all
known malware
• Identification of
suspicious code
• Malware removal
• Automated patch
deployment
• Vulnerability
remediation
• Reduces malware risk
• Prevents all unknown
executables from
running
• Effective zero day
malware production
• Effective application
policy support
Anti-Virus Patch Management Application Control
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
DISTRIBUTION
IWL is Secure
14
» Block known and unknown malware
without signatures
» Protect against targeted attacks and
Advanced Persistent Threats
» Ensure only trusted applications can run
» Provide enforcement and monitoring for
end-users with local-admin rights
» Reduced risk of data loss
» Eliminate application and configuration
vulnerabilities
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
DISTRIBUTION
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension
and the change in
Endpoint Protection
Thank you
for
listening!