PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension

and the change

in Endpoint

Protection

Matthew Walker – VP EMEA Channel Sales

IT Security Continues to be a Growing Problem

The New Computing Era

» Enterprise users experience 339 malware

encounters per month2

» 11 per day- 200% increase over same

period

» 1/3 was zero day

» By 2015, more than 60% of enterprises will

have suffered material loss of sensitive

corporate data via mobile devices3

» Less than 20% of CIO’s felt that their device

security and management polices would

satisfy an auditor3

» 60% percent of virtualized servers will be less

secure than the physical servers they replace3

Cyber Attacks #4 Top 50 Global Risks1

1) World Economic Forum 2011, 2) Cisco Threat Report 2012, 3) Gartner 2011

What Gartner Says

•Malware effectiveness continues to accelerate, while vendors are busy

polishing increasingly ineffective solutions and doing little to

fundamentally reduce the attack surface and protect users.

• ......Application Control holds significant promise but with a few

exceptions most vendors in this analysis do not provide flexible enough

solutions for large enterprises.

•Endpoint protection platforms continue to struggle to block typical

malware threats, and are even less effective with low-volume targeted

attacks. A few vendors have started to provide proactive tools, such as

vulnerability detection and application control, that reduce the attack

surface...(16 January 2012)

Lumension are in Visionary quadrant

3

Growing Application Centric Risk

» Social networking applications are detected

in 95% of organizations **

» 78% of web 2.0 applications support file

transfer**

» 2/3 of applications in use had known

vulnerabilities**

» 28% of applications were known to

propagate malware**

*Ponemon-Lumension State of the Endpoint 2010,2011

** Palo Alto Networks Application Survey 2010, 2011

What's In Your Network?

Gartner projects that 50% of companies

will be deploying “default deny “ polices to

restrict application usage, by 2015.

Trust Stack of the Future

5

Today’s Trust Stack

New application New application

Is this known bad?

Is this known good?

Is this known bad?

Is this unwanted?

Do I trust the Vendor?

What program introduced it?

Do I trust where it came from?

Do I trust the user installing it?

Am I licensed for this?

Allow / Block / Remove

Trust Stack of the Future

? ?

Allow / Block / Restrict / Remove

6

Lumension’s Application Control Approach

Whitelisting

Tru

st E

ngin

e

Blacklisting

Provides manageable

rules-based exceptions

in a dynamic enterprise

environment.

People Path Process Publisher

Lumension’s approach is to deliver a dynamic trust engine that can

simultaneously accommodate change and validate trust.

Challenges of Endpoint Management

7

IT Operations

Challenges

IT Security

» Lack of Common Management Console

» Increasing Agent Bloat

» Increasing and costly back-end Integration

» Lack of visibility and collaboration with IT

security

Challenges

» Need for better accuracy

» User access rights (Local Admin)

» Lack of Scalability

» Silos and insufficient collaboration

between IT and business operations*

Lack of integration

across technologies

is the #1 IT security

risk.*

*Worldwide State of The Endpoint Report 2009

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Liam Puleo

Pre Sales Engineer (EMEA)

Lumension EMSS

DSS ITSEC 2012

New End Point Strategy

9

Blacklisting

As The Core

Zero Day

3rd Party

Application Risk Malware

As a Service

Consumerization

of IT

Defense-N-

Depth

Traditional

Endpoint Security

Patch &

Configuration

Mgmt.

Emerging

Endpoint Security Stack

Device Control

• Device visibility

• File type filtering

• Device whitelisitng

• Read only access

• Effective protection

against physically

introduced malware

• Reduces insider and

data loss risk

Anti-Virus Patch Management Application Control

• Protection against all

known malware

(Blacklistng)

• Efficient Malware

removal

• Effective protection

against fast wide

spreading malware

• Automated patch

deployment and

remediation

• Configuration & Power

management

• Software deployment

• Heterogeneous and 3rd

party vulnerability

content coverage

• Prevents all unknown

executables from

running (whitelisitng)

• Effective zero day

malware protection

• Flexible Trust based

change management

policy control

• Application visibility

L.E.M.S.S. Core Product Offerings 2012

10

Lumension® Endpoint Management and Security Suite

Effective

Endpoint Security

Reduced Endpoint

Complexity Enhanced IT

Operations & Productivity

Add on modules:

Lumension Disk Encryption (Powered by Sophos) • Requires Patch management and Content Wizard

Power Management • Requires Patch management and Content Wizard

Content Wizard

Enterprise Reporting

NEXT – Demo of LEMSS

11 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Secure the endpoint by enforcing a known good baseline of secure

configurations and an operating system and applications that are

patched and up-to-date.

Lock down the configuration and installed applications using

application control.

Lock down the endpoint and eliminate data leakage via peripheral

devices using device control.

Use anti virus to validate what application control has blocked.

Think Different!

Current Approach to

Endpoint Management

New Approach to

Endpoint Management

Threat Centric Trust Centric

Point products and tools Integrated platform technology

Multiple consoles Single console

Multiple Agents Single agent

Ad-hoc workflows & processes Standardized workflow & processes

Reactive, signature-based Proactive, real time

Inconsistent interpretation of policy Shared understanding of policy

Ad hoc auditing Continuous monitoring

12

Intelligent Whitelisting

More Effective Reduced Endpoint Enhanced IT

Endpoint Security Complexity Operations &

Productivity

Intelligent Whitelisting from Lumension

13

• Protection against all

known malware

• Identification of

suspicious code

• Malware removal

• Automated patch

deployment

• Vulnerability

remediation

• Reduces malware risk

• Prevents all unknown

executables from

running

• Effective zero day

malware production

• Effective application

policy support

Anti-Virus Patch Management Application Control

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC

DISTRIBUTION

IWL is Secure

14

» Block known and unknown malware

without signatures

» Protect against targeted attacks and

Advanced Persistent Threats

» Ensure only trusted applications can run

» Provide enforcement and monitoring for

end-users with local-admin rights

» Reduced risk of data loss

» Eliminate application and configuration

vulnerabilities

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC

DISTRIBUTION

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension

and the change in

Endpoint Protection

Thank you

for

listening!