Shift to Intelligent

Endpoint Security

Management

Riga, Latvia

24th of November, 2011

Andris Soroka

Data Security Solutions, andris@dss.lv

Lumension Security business card • Offices Worldwide + Strong Partner Base (500+)

• More than 6000 customers in 70 countries

• More than 5 million endpoints protected

• Award-Winning Innovator

Portfolio – ANNO 1991

Power Management

License Monitoring

Application Deployment

Asset Identification and

Inventory

Contract Management

Vulnerability Assessment

Patching and Remediation

Security Configuration

Management

X-Platform Content

Support

AntiVirus/Malware

Malware Remediation

Application Control-

Whitelsiting

Application Identity &

Assurance

Compliance-Control

Mapping

Continuous Monitoring

Control Harmonization

IT Risk Assessment

Deficiency Remediation

Compliance and

IT Risk Management

Endpoint

Operations

Vulnerability

Management

Endpoint

Protection

Data

Protection

Device Control

Data Encryption

Whole Disk Encryption

Content Filtering

Data Discovery

Agenda

Recent/Upcoming Product Releases Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker

»Traditional Endpoint Security – threats, drivers

»Evolutions and shifts in Endpoint Security

»Lumension LEMSS – the innovative platform

» Device Control

» Application Control

» Antivirus

» Whole Disk Encryption

» Patch & remediation and more

Business Drivers and Threats The Endpoint Security Landscape

Security Today

General Categories

• Financially Motivated

» Bank Accts, Passwords, etc.

» Identity Theft

» Insiders

• Intellectual Property Theft

• Hacktivists

» IP / Customer data

» Denial of Service

» Reputational Damage

Threats and solutions of Security Today

Endpoint Security Today – most important

Reality check

• Weakest link - endpoint

» 70% of incidents are caused on

the endpoint

» >2 million unique malware

samples every day

» On average lifetime of a malware

is less than 24 hours

» Traditional defense is not enough

Today’s business environment

» IT continues taking the lead in business (ERP,

CRM, document management, digital

prototyping etc.)

» Development of e-World continues (B2B,

B2C, e-Services, e-Government, e-Health,

social networking, Web 2.0, unified

communications etc.)

» Consumerization, mobility and borderless

enterprise is a reality

» Cyber culture grows faster than cyber security

(as well – not all countries have compliance,

regulas or penalties)

Every technology is vulnerable

Not a Microsoft world anymore..

Apple & Adobe two of the top three applications disclosing vulnerabilities

Apple and Linux two of the top three reporting vulnerabilities

Virtualization vulnerabilities have grown in total # in recent years

The cycle from vulnerability to worm is shortening dramatically – putting

increasing pressure on IT departments to remediate vulnerabilities faster than

ever.

Endpoints are at risk every day

The applications we use today for productivity

Collaborative / Browser-based / Open Source

Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.

Source: Verizon, 2010 Data Breach Investigations Report

Growing Application Centric Risk

» Social networking applications were

detected in 95% of organizations.

» 78% of Web 2.0 applications support file

transfer.

» 2/3 of applications have known

vulnerabilities.

» 28% of applications were known to

propagate malware.

» AV best rate of capture malware is 33%

per day. After 30days 93%...

» ~2M pieces of unique malware

signatures detected each day.. And

numbers are growing very fast

Growing Device Centric Risk

» Over 70% IT security incidents are

caused by insider’s device

» 60% of confidential data resides on

endpoints

» Devices are bi-directional threats

» USB devices are well known “weapons”

of social engineering

» 48% of users utilize company tools for

personal usage

Endpoint Security Today

Traditional Defenses …

• Antivirus

• Patching Microsoft OS and Apps

• Firewalls

• Strong Passwords

• End-User Education Programs

… Don’t Always Work:

If They Did, We Wouldn’t Have

IT Security Breaches!

Summary of Endpoint threats

Where Traditional Defenses Fall

Short

• Risk from Un-patched 3rd Party Apps

• Controlling Local Admins Gone Wild

• Preventing Zero-Day Attacks and

Targeted Malware

• End-User Education Isn’t Keeping Up

• Actionable Reporting and Security

Measurement

Results of threats

We end up with -

• There are Internet shops full of credit

card, bank account, privacy, business

and other confidential data

• Also there are available services to rent

a botnet, malicious code and attack

anyone

• Video trainings and eLearning available

in social media, such as YouTube

• «Black market community» (forums,

blogs, interest groups, conferences etc.)

• Lost business & reputation

Some examples

FBI warns USA Congress that cybercriminals can hack any

internet-linked system

Gordon M. Snow, assistant director of the FBI’s Cyber Division

(13th of April, 2011)

Exclusive: Computer Virus Hits U.S. Drone Fleet

Noah Shachtman, Wired Magazine

(7th of October, 2011)

Betfair admits data hack... after 18 months - over two million

card details were stolen

Rory Cellan-Jones, BBC Technology

(30th of September, 2011)

Endpoint Security Today

“Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the

market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver

Endpoint Security Today

Organizations do not feel more secure

than they did last year.

This is mainly due to the use of ineffective

technology solutions when better, more effective

and efficient technologies exist but are not

heavily implemented.

Paul Henry

Security & Forensics Analyst MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-

ISSAP, CISM, CISA, CIFI, CCE

SANS Institute Instructor

Quotes from AV vendors

Basic security protection

is not good enough,”

Rowan Trollope Senior

Vice President, Symantec

“You can’t just rely on

antivirus software – and

we’re an antivirus

company” George Kurtz,

Worldwide CTO, McAfee

[Standard] antivirus is not

effective anymore... Raimund

Genes, CTO Trend Micro Inc

"[signatures are] completely

ineffective as the only layer [of

endpoint security]… Nikolay

Grebennikov, CTO, Kaspersky

Changes of the traditional Endpoint Security The Past, The Present and The Future

Endpoint Security – vendors and scope

Patching is the security priority

Source:

1 - SANS Institute

•The top security priority is

“patching client-side

software”1

» Streamline patch management and

reporting across OS’s AND

applications

•Patch and defend is not just a

Microsoft issue » More than 2/3 of today’s

vulnerabilities come from non-

Microsoft applications

Importance of Application Whitelisting

•Blacklist (AV)

» Detect, block and

remove known bad

» Scan everything

» Higher resource

utilization

» Risk of unknown

25

•Application Control

» Allow known good

» Remove known bad

» Allow trusted change

» Insert AV scan into

process strategically

» Optimize resource

utilization

» Optimize risk

•Whitelist

» Allow only known

good to execute

» Lower resource

utilization

» Low risk

Lockdown Policy

Open Lockdown

Endpoint Security requirements

» Antivirus / Anti-malware

» HIPS / File Integrity monitoring

» Firewall / VPN

» Encryption (whole disk, devices)

» Device Control

» Application Control / System Lockdown

» Vulnerability management, patch and

update management

» Configuration management

» NAC / Visibility

Endpoint Security Today

Vulnerability

Assessment

Systems

Management

Patch

Management

AntiVirus

Malware

Data

Protection

Compliance

Point products tax IT resources with additional administration burden, custom

integration & maintenance limited user productivity across multiple

management consoles

Colleen

IT Ops Manager

Pat

CIO

Rich

IT Security Manager

45% of IT operations

professionals work

across 3-5 different

software consoles

while managing

security & operational

functions.*

*Worldwide State of The Endpoint Report 2009

Lumension Endpoint Management Security

Suite 2011 Introducing: Application Intelligent Whitelisting

Agile n-tier pluggable

architecture

Single Promotable

Agent

Single

Console

LEMSS 2011 – one agent platform

L.E.M.S.S.: Patch and Remediation

L.E.M.S.S.: Wake on LAN & Power Mgmt.

L.E.M.S.S.: Whole Disk Encryption

L.E.M.S.S.: Security Configuration Management

L.E.M.S.S.: Device Control

L.E.M.S.S.: Risk & Compliance Management

L.E.M.S.S.: App Control & Antivirus

LEMSS – principle of work

Clean IT

L.E.M.S.S.: Antivirus

» Role of AntiVirus

» Remove malware prior to lockdown

» Scan for malware not identified at

time of lockdown

» Scan when making changes

• Defense in depth

» AntiVirus no longer the primary

defence mechanism

» Less of a reactionary role

» Features of AntiVirus

» Sandbox

» Antispyware / Antivirus

» DNA matching

» Exploit detection

Lock IT

L.E.M.S.S.: Application Control

» Role of Application Control

» Fast and easy policy definition

» Unique whitelist for every endpoint

» No disruption to productivity

» Stops any executable after locking it

» Granularity of control

» Integration with Patch & Remediation

module for automated and first in

market - “Intelligent Application

Whitelisting”

» Features of Application Control

» Kernel level solution

» ~ 10 years in development

» Exploit detection

Trust IT

L.E.M.S.S.: Patch And Remediation

» Role of Patch & Remediation

» Software and Patch

deployment systems

» Automated discovery and

assessment of assets

» Trusted change manager

» Automatically update of local

whitelist

» No disruption to productivity

» Single solution for

heterogeneous environment

» Features of Patch & Remediation

» 20 years market leadership

» Patented patch fingerprint

technology

» Largest coverage of OS’s and Apps

Lumension Intelligent Application Whitelisting

Unifies workflows and technologies to deliver enhanced capabilities in the

management of endpoint operations, security and compliance

» Remove whitelisting market

adoption barriers

Device Control Asset

Management

Software

Management

Power

Management

Configuration

Management

Endpoint Operations Endpoint Security

Content Wizard

Reporting

DLP

Compliance/

Risk Mgt.

Trusted

Change AntiVirus/Spyware

Patch

Management Application Control

Firewall

Management

Intelligent

Whitelisting

Whole Disk

Encryption

Lumension Intelligent Endpoint Integrity Service

• Cloud repository that correlates files, hashes and

attributes with applications

» “Speaking applications, not hashes”

• Positioned to provide HIGH INTEGRITY BY

VALIDATING source of HASH DATA

» Not community based, not designed to be “the biggest” at

the sacrifice of integrity

» Will be the most trusted and provide risk management

information

» Partnership with Microsoft and additional vendors

• Multiple hash types (SHA-1 SHA-256) will provide

flexibility and stronger security

Additional

Partners

EIS Software Integrity

Metadata Repository

EIS Services

Lumension

Application Control

Lumension Device Control

• Central Control of ALL desktop I/O Devices

» USB Removable Media, PDA’s, Cameras, CD/DVD R/W, modems etc.

Future Proof

•Device Usage Policy

» Integrates with Active Directory

» Policy per user, group or computer

» Read, Read/Write or No Access

» Temporary & Scheduled access – time of day/day of week

» On-line/Offline Device Permissions (e.g. - No modems/3G Data Cards when connected)

• Granularity of Control

» White list of Make/Models allowed (e.g. only Lexar 256MB or Fuji camera)

» Unique Identification of Device by serial number

» Authorisation of specific CD media

» USB Key-logger detection

• Control What Data Is Copied

» Limit how much data written out (e.g. Louis can copy 20MB per day max)

» File-Type Filtering - control which File Types copied IN/OUT

• Used for exception, e.g. cameras can be used for image file only and more…

L.E.M.S.S.: Device Control

Lumension Device Control

L.E.M.S.S.: Device Control

Supported Device Types:

• Biometric devices

• COM / Serial Ports

• DVD/CD drives

• Floppy disk drives

• Imaging Devices / Scanners

• LPT / Parallel Ports

• Modems / Secondary Network Access

Devices

• Palm Handheld Devices

• Portable (Plug and Play) Devices

• Printers (USB/Bluetooth)

• PS/2 Ports

• Removable Storage Devices

• RIM BlackBerry Handhelds

• Smart Card Readers

• Tape Drives

• User Defined Devices

• Windows CE Handheld Devices

• Wireless Network Interface Cards (NICs)

Improving Endpoint Security with LEMSS (Lumension Endpoint Management Security Suite)

Minimize Your True Endpoint Risk Augment existing defense-in-depth tools

» Comprehensive Patch and

Configuration Management

» Application Control / Whitelisting

»Device Control

»Encryption

Blacklisting

As The Core

Zero Day

3rd Party

Application

Risk

Malware

As a

Service

Volume of

Malware

Traditional

Endpoint Security

Minimize Your True Endpoint Risk

Source: John Pescatore Vice

President, Gartner Fellow

30%

Missing Patches

Areas of Risk

at the Endpoint

65%

Misconfigurations

5%

Zero-Day

Rapid Patch and Configuration

Management

• Analyze and deploy patches across all OS’s

and apps (incl. 3rd party)

• Ensure all endpoints on the network are

managed

• Benchmark and continuously enforce patch and

configuration management processes

• Don’t forget about the browser!

» Un-patched browsers represent the highest risk for

web-borne malware.

Known

• Viruses • Worms • Trojans

Unknown

• Viruses • Worms • Trojans • Keyloggers • Spyware

Antivirus

• Use for malware clean-up

and removal

Application control

• Much better defense to

prevent unknown or

unwanted apps from

running

Stop Malware Payloads with App Whitelisting

Malware

Authorized

• Operating Systems

• Business Software

Unauthorized

• Games

• iTunes

• Shareware

• Unlicensed S/W

Apps

Un

-Tru

ste

d

Stop Unwanted Applications

Immediate and simple risk mitigation

Denied Application Policy

prevents unwanted applications

even if they are already installed

Easily remove unwanted

applications

Reduce Local Administrator Risk

Monitor / Control Local Admin Usage

• Local Admins can do ANYTHING on their systems

» Install unwanted and unauthorized software

» Install malware

» Remove patches

» Bypass security measures

» Change configurations

Manage those Devices

Enforce Access Policy

Enforce Encryption Policy

Monitor, Manage, Report

Encryption

Endpoints (Whole Disk)

• Secure all data on endpoint

• Enforce secure pre-boot

authentication w/ single sign-on

• Recover forgotten passwords and

data quickly

• Automated deployment

Removable Devices

• Secure all data on removable

devices (e.g., USB flash drives)

and/or media (e.g. CDs / DVDs)

• Centralized limits, enforcement,

and visibility

Laptop Thefts (IDC 2010)

Lost UFDs (Ponemon 2011)

Defense-in-Depth with Intelligent Whitelisting

Known

Malware

Unknown

Malware

Unwanted,

Unlicensed,

Unsupported

applications

Application

Vulnerabilities

Configuration

Vulnerabilities

AntiVirus X X

Application

Control X X

Patch &

Remediation X X

Security

Configuration

Management

X

A Complete Defense With Lumension

Intelligent

Whitelisting

Fir

ew

all / IP

S

An

ti-M

alw

are

Patc

h M

an

ag

em

en

t

Physical

Access

Improving Endpoint Security

First in market solution

» Single Server / Management Console

» Single Agent

» Modular, Extensible Design

» Organization-wide Reporting

» Lower Total Cost of Ownership (TCO)

» Power of granularity

Single Console

Agile architecture

Single Promotable Agent

Real time risk & compliance manager

Regulation Authority Documents

Business Interests Corporate Policies

Profile Risk Attributes

Open to the Internet

Contains Credit Card

Information

Contains Customer Data

Pass/Fail Regulation Assessment

HIPAA

100%

SOX

65%

PCI

65%

NERC

30%

Applicable Controls

Password Length

Data Encryption

Power Save

IT Assets

Business Processes

Revenue Streams

Trade Secrets

GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…

More Information

SMB Security Series » Resource Center:

http://www.lumension.com/smb-budget

» Webcast Part 2:

http://www.lumension.com/Resources/Webinars

/How-to-Reduce-Endpoint-Complexity-and-

Costs.aspx

Quantify Your IT Risk with Free

Scanners » http://www.lumension.com/special-

offer/PREMIUM-SECURITY-TOOLS.ASPX

Lumension® Endpoint Management

and Security Suite » Demo:

http://www.lumension.com/endpoint-

management-security-suite/demo.aspx

» Evaluation:

http://www.lumension.com/endpoint-

management-security-suite/free-trial.aspx

SMB Market Survey

www.lumension.com/smb-survey

Please consider next steps

• Lumension® Intelligent Whitelisting™ » Overview

• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

» Free Demo

• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx

» Free Application Scanner

• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx

• Whitepaper and Videos » Think Your Anti-Virus is Working? Think Again.

• www.lumension.com/special-offer/App-Whitelisting-V2.aspx

» Using Defense-in-Depth to Combat Endpoint Malware

• l.lumension.com/puavad

» Reducing Local Admin Access

• www.lumension.com/special-offer/us-local-admin.aspx

Global Headquarters

15880 N. Greenway-Hayden Loop

Suite 100

Scottsdale, AZ 85260

andris.soroka@dss.lv

GSM: +371 29162784