endpoint security shifting paradigms 5
DESCRIPTION
TRANSCRIPT
![Page 1: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/1.jpg)
Endpoint SecurityShifting Paradigms
![Page 2: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/2.jpg)
![Page 3: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/3.jpg)
Malware Outbreaks Growing
• Constant morphing● Constant attacks● No target is too small● Damage to victims goes far beyond money● Government (and trial lawyers) growing interest● Everyone is at risk
![Page 4: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/4.jpg)
Today's Paradigm
● We know what malware looks like;● Our users won't accept changes that impact the way they work;● We can train our users so well they'll never make a mistake;● And, our techs and SysAdmins;● With just a little more effort we can deploy all patches to all devices on time every time, without fail;● We've always used blacklists; they work;● We're smarter than the bad guys; and,● We just got breached.
![Page 5: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/5.jpg)
A New Paradigm
● We can't recognize everything that's bad;● Users can accept reasonable changes because they all know an identity-theft victim;● We can know what is permitted on each computer;● Whitelisting works because
✔ We now do it at the executable level (executables and shared libraries);
✔ White lists can be updated each time a patch or update is deployed;
✔ White list maintenance is mostly automated;✔ Whitelisting is augmented with other endpoint controls.
● No matter what kind of malware gets in because of user errors, misconfigurations, or missing patches, it can't execute.
![Page 6: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/6.jpg)
![Page 7: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/7.jpg)
Security Assistant
● Stops everything not on white list● Deploys patches, automates whitelist maintenance● Audits endpoints by opening each file on all drives● Semi-NAC●Console window for every endpoint with schedule-capable
commands
![Page 8: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/8.jpg)
Full Stop
● Stops everything not on white list✔ Monitors hard drive writes (including browser cache)✔ Quarantines if executable/shared library & not on white list✔ Monitors process starts✔ Blocks if starting program not on white list✔ Monitors removable media✔ Blocks execution if not on white list
![Page 9: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/9.jpg)
Integrated Patch/Whitelist Maintenance
● Deploys patches, automates whitelist maintenance✔ Provisional whitelist includes pre- and post-patch file
information, as well as the patch itself;✔ Post-patch whitelist removes information for pre-patch
conditions and the patch;✔ ADDED VALUE – Endpoint restored to pre-patch restore
point is immediately obvious; no more unknown lost patches.
![Page 10: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/10.jpg)
Full System Audit
●Audits endpoints by opening each file on all drives✔ Maps results to FDCC patch requirements✔ Maps results to CVE-type patchable vulnerabilities✔ Can map to any similar standard or requirement✔ Shows authorized software✔ Shows unauthorized software✔ "Click-to-Remove" builds script to remove unwanted files/applications, runs
when initiated from GUI
Vulnerabilities Identified
Consensus Audit Guidelines Critical Control #2
![Page 11: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/11.jpg)
Network-Related
● Semi-NAC✔ Monitor network traffic✔ Each node "knows" other devices on same subnet✔ Reports and refuses to communicate with unknown devices on same subnet ✔ Early 2010, not limited to same subnet
![Page 12: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/12.jpg)
Command Window
● Window into every node✔ Do anything you could if you were at the node✔ Schedule console commands; no commands excepted✔ Highly secure and very mature interface ✔ Gives complete control of each node, realtime and/or scheduled
![Page 13: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/13.jpg)
Critical Infrastructure
FERC Critical Infrastructure Protection Requirements -- CIP-007-2
R3. Security Patch Management — establish, document and implement a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all CyberAssets within the Electronic Security Perimeter(s).R3.1. document the assessment of security patches and security upgradesR3.2. document the implementation of security patches.R4. Malicious Software Prevention — use anti-virus software and other malicious software (“malware”) prevention [and removal] toolsR4.1. implement anti-virus and malware prevention tools.R4.2. implement a process for the update of anti-virus and malware prevention “signatures.”
Similar requirements in other CIP documents.
![Page 14: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/14.jpg)
Consensus Audit Guidelines
● Critical Control 2: Know all authorized and unauthorized software; enforce whitelist – FULL
● Critical Control 10: Continuous Vulnerability Testing and Remediation – PARTIAL (no H/W configuration checking)
● Critical Control 12: Anti-Malware Defenses – FULL ● Critical Control 15: Data Leakage Protection – PARTIAL (log
each USB drive inserted; write-to-removable media can be prevented; block execution of malware which steals data/information)
![Page 15: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/15.jpg)
What Makes Us Different?
● Whitelisting with integrated Patch Management, making possible ● Automated whitelist maintenance● Patch Compliance reporting without false positives (FDCC, CVE,
others) ● Event scheduling● Command console on target node● Network Access Control
Each node has its own white list, updated as patches, updates, and applications are deployed. Command console gives you a console window on the target node, and event scheduling lets you schedule any input that the target node's console will accept, as if you were there.Network Access Control discriminates between new authorized and new unauthorized devices, although both are initially unknown.
Shut down apps, change user mode,schedule & execute any console command
Detect/report newcomers on network
![Page 16: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/16.jpg)
End-User Impacts
● Can't run "non-business" applications● Can't install off-whitelist software● Can't download software from the web● Can't run file-sharing and IM applications● Can't get infected by web browsing or opening
infected email or attachments
Once users understand the importance of culture changes, they go along
Approved "Add To Whitelist" policy and procedure must be published to all
![Page 17: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/17.jpg)
Organization Impacts
● No malware infections● No patchable vulnerabilities● No unauthorized software● "Proof of Compliance" endpoint audits● More orderly use of IT staff (fewer fire drills) Increased security at all endpoints makes your organization a less attractive target.
![Page 18: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/18.jpg)
Demo
● Insert removable media – detected, reported, logged● Execute file on removable media – blocked, reported,
logged● Copy executable from removable media to hard drive – quarantined, reported, logged● Browse infected web site (assist malware download as necessary) – download quarantined● Repeat at other infected web sites – quarantined
Shouldn't your organization be so well protected?
![Page 19: Endpoint Security Shifting Paradigms 5](https://reader034.vdocuments.us/reader034/viewer/2022052321/549e9445b37959664b8b4637/html5/thumbnails/19.jpg)
Naknan Corporate Contacts
• Noklek Finley, President & CEO - Doug Finley, Vice President 281-990-0030, Ext. 12
1300-A Bay Area Blvd., Suite 233Houston, TX 77058
281-990-0030www.naknan.com
Business Development Team:
Romani Perera, Business Development [email protected] Finley John, Director-Support Services [email protected]