govind rammurthy - securing the endpoints in networks - interop mumbai 2009
TRANSCRIPT
Securing the Endpoints in Networks
By Govind RammurthyCEO & Managing Director
Agenda
• Business Continuity Demands• Threat Scenario – Past & Present• Endpoints & Endpoint Security• Layers of Endpoint Security• Endpoint Security Best Practices
Business Continuity Demands• Unified Networks for
– Email, Text Chat, Web Browsing, File Sharing, Games– Voice, Audio, Video, Tele-presence, Telemedicine– Web Services, EDI, SCADA, Emergency Services
• Users To Enjoy Mobility– Any service from any device on any network– Seamless mobility across devices and networks– Strong but easy user authentication
• Reliability and Security of Networks.
Business Continuity Demands• Increased Access to Sensitive Information• Mission-critical network• Mobile and remote devices and users• Wide variety of endpoints• Wide variety of users: employees, customers, contractors,
guests• Interoperability
Vendors
Mobile PDA
Mobile Laptops
Home Computer
Local Users
File Servers
Web or App Servers
Email Servers
Desktops
Typical Network Security Scenario
Very High
High
Medium
Risks
Very Low
Low
Typical Network Security Scenario
Very High
High
Medium
Risks
Very Low
Low
Business Continuity Vs Security
Statistics on Attack Trends that could lead to Data/Identity Theft.
Theft / Loss
Insecure Policies
Hacking
Insider Threats
Unknown
54%
28%
13%
4%
1%
Threats were indiscriminate, hit everyone
Threats are highly targeted, regionalized
Threats were disruptive impact visible
Threats steal data & damage brands impact unclear
Remediation action was technical (“remove”)
Remediation more complex, may need to investigate data leak
Entry through perimeter and gateway
Entry through uneducated network clients and endpoints
Threats were noisy & visible to everyone
Threats are silent & unnoticed with variants
Threat Scenario – Past & Present
Endpoints & Endpoint SecurityKey Influencers:
A. Devices and Storage Mediums
B. Portability of Data
C. Accessibility
D. Compliance Laws & Regulations (HIPAA, SOX, etc.)
E. Extranet/Intranet Access provided to employees & partners.
F. Network Downtime due to infections
Endpoints & Endpoint SecurityA. Loss/leak of confidential information
B. Losing valuable employees
C. Unknown/invisible threats and loss of productivity due to using non-complaint storage mediums
D. Unauthorized intrusions – via Web Servers, email Servers, etc.
E. Access to internal networks via individual end points
F. Loss of Productivity due to Infections
A. IPODs / Portable Entertainment devices
B. Bluetooth Cell Phones
C. Wireless LAN
D. USB Devices
E. Open Non-authenticated Mail/Proxy Servers
F. Lack of defined employee security policies
G. Authorized Applications
Endpoints & Endpoint Security
• Data in Motion• Emails• Instant Messaging• P2P• File Transfers• Web Posts• Blogs
• Data at Rest• Laptops/Desktops/File Servers• USB
Key Data to be Protected
Endpoint Security Is Mission Critical
Endpoints & Endpoint Security
Reducing Threat Exposure
Information Protection & Control• Data in Motion• Data in RestAsset Protection & Control• Asset management• Desktop computing support• Application Control• Security Incident Alerts/logs• Policy Implementation & Oversight• NAC/NAP
Endpoints & Endpoint Security
• Endpoint management costs are increasing– Cost of downtime impacts both productivity and revenue– Costs to acquire, manage and administer point products are increasing, as well as the demand
on system resources• Complexity is increasing as well
– Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming
• Growing number of new known and unknown threats– Stealth-based and silent attacks are increasing, so there is a need for anti-virus to do much more
• The Perfect Endpoint Security system is with a Centrally Managed Client Security Solution. Some of the Major Technology based threats
– Bluesnarfing - Using Bluetooth– Podslurping – Using iPods– Thumbsucking – Using Thumb Drives– Zero-day threats – New and evolving threats
Endpoints & Endpoint Security
Layers of Endpoint Security
AntiVirus / Antispyware
Web Protection
Firewall
IntrusionPrevention
Device Control
Network AccessControl / Network Access
Protection
Antispam / Antiphising
Layers of Endpoint Security
AntiVirus / Antispyware
• Real-Time AV Scanning
• Spyware, Adware, Keylogger, & Rootkit Blocker
• Suspicious Application Detection
• Registry Monitoring
• Protection against web based threats
• Protection against email based threats
• Spyware and rootkit detection and removal
• Ability to safely remove infections & restore system files effectively
Detect, prevent and remove malicious code & Vulnerability-based protection
Layers of Endpoint Security
• Web/FTP/CHAT Scanning
• Domain and IP reputation based checker
• Block websites with restricted words
• Block web content (Multi-Media & Applications)
• Block web applets, Cookies, Scripts
• Block Pop-Ups
• Browser Cleanup
Web Protection
Layers of Endpoint Security
• Real-Time Antispam filter
• Sender reputation checker
• Antiphising filter
• Attachment Control
Antispam / Antiphising
Layers of Endpoint Security
Firewall
• Managed desktop firewall• Adaptive policies allowing for location awareness• Network, port, protocol, and application control
Layers of Endpoint Security
Intrusion Prevention
• Behavior-based prevention• Network traffic inspection• Application inspection
Layers of Endpoint Security
Device Control
• Device control to prevent data leakage at the endpoint • Protection against mp3 players, USB drives, etc.
Layers of Endpoint Security
Network Access Control / Network Access ProtectionControl Access
– to critical resources– to entire network
Based on– User identity and role– Endpoint identity and health– Other factors
With– Remediation– Management
Endpoint Security Best Practices1. Inventory all IT resources2. Group resources into levels of sensitivity3. Define end user access scenarios4. Associate end user access scenarios with levels of sensitivity5. Validate the policies with a select group using event logging6. Roll policies into full production7. User must Be authenticated
1. With Identity Management System8. Endpoint Must Be Healthy
• Anti-Virus software running and properly configured• Recent scan shows no malware• Personal Firewall running and properly configured• Patches up-to-date
9. Behavior Must Be Acceptable• No port scanning, sending spam
Any Questions and Queries?
THANK YOU!!!THANK YOU!!!