Shift to Intelligent Endpoint Security Management

Warsaw, Poland17th of May, 2012

Andris Soroka

Lumension’s business card• Offices Worldwide + Strong Partner Base (500+) • More than 6000 customers in 70 countries• More than 14 million endpoints protected• Award-Winning Innovator

Lumension History

3

First cross-platform and application patch management solution

First credentialed based vulnerability scanner

First to introduce whitelisting / patented file “shadowing” technology

First Patent pending Risk Intelligence Engine

1991

Market Share Leader: Patch Management, Enterprise Risk Management, Device Control

2007 2009 2010

First Intelligent Whitelisting

Portfolio – ANNO 1991

Power Management

License Monitoring

Application Deployment

Asset Identification and Inventory

Contract Management

Vulnerability Assessment

Patching and Remediation

Security Configuration Management

X-Platform Content Support

AntiVirus/Malware

Malware Remediation

Application Control-Intelligent White-lisiting

Application Identity & Assurance

Mobile Devices Management

Compliance-Control Mapping

Continuous Monitoring

Control Harmonization

IT Risk Assessment

Deficiency Remediation

Compliance andIT Risk Management

EndpointOperations

VulnerabilityManagement

EndpointProtection

Data Protection

Device Control

Data Encryption

Whole Disk Encryption

Content Filtering

Data Discovery

Agenda

Recent/Upcoming Product Releases Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker

»Traditional Endpoint Security – threats, drivers

»Evolutions and shifts in Endpoint Security

»Lumension LEMSS – the innovative platform

» Device Control» Application Control» Antivirus» Whole Disk Encryption» Mobile Device Management» Risk & Compliance » Patch & Remediation and more

Business Drivers and Threats The Endpoint Security Landscape

Today’s business environment» IT continues taking the lead in business (ERP,

CRM, document management, digital prototyping etc.)

» Development of e-World continues (B2B, B2C, e-Services, e-Government, e-Health, social networking, Web 2.0, unified communications etc.)

» Consumerization, virtualization, clouds, mobility and borderless enterprise is a reality

» Cyber culture grows faster than cyber security (as well – not all countries have compliance, directives or penalties)

Every technology is vulnerable

Malware continues its perfect storm

New king of malware - Java

Mac OS X malware

Mobile malware

Source: Juniper Mobile Threat Report

2011 – year of targeted attacks

IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011

Attack Type

SQL Injection

URL Tampering

Spear Phishing

3rd Party SW

DDoS

Secure ID

Unknown

Mar April May June July AugFeb

Sony

Epsilon

L3 Communications Sony BMG

Greece

US Senate NATO

AZ Police

TurkishGovernment

SK Communications

Korea

Monsanto

RSAHB Gary

NintendoBrazilGov.

Lockheed Martin

Vanguard Defense

Booz Allen

Hamilton

PBS

PBS

SOCA

Malaysian Gov. Site Peru

Special Police

Gmail Accounts

Spanish Nat. Police

Citigroup

Sega

Fox News X-Factor

Italy PM Site

IMF

Northrop Grumman

Bethesda Software

Size of circle estimates relative impact of breach

Security Today

General Categories

• Financially Motivated

» Bank Accts, Passwords, etc.

» Identity Theft

» Insiders

• Intellectual Property Theft

• Hacktivists

» IP / Customer data

» Denial of Service

» Reputational Damage

Threats and solutions of Security Today

Results of threats

We end up with -

• There are Internet shops full of credit card, bank account, privacy, business and other confidential data

• Also there are available services to rent a botnet, malicious code and attack anyone

• Video trainings and eLearning available in social media, such as YouTube

• «Black market community» (forums, blogs, interest groups, conferences etc.)

• Lost business & reputation

Crybercrime works..

Final Facts

• General loss of year 2011» 2011 – 431 billion people affected, with more

than 114 billion USD directly and another 274 billion USD related to direct loss

» (Source: Symantec, Dec 2011)

Cybercrime costs the world significantly more than the global black market of marijuana, cocaine and heroin combined (~$228 billion world wide)

What about technologies for protection?

Ponemon Institute Survey 2011 (December)

Endpoint Security Today – most important

Reality check

• Weakest link - endpoint

» 70% of incidents are caused on the endpoint

» >2 million unique malware samples every day

» On average lifetime of a malware is less than 24 hours

» Traditional defense is not enough

» At least 50 new vulnerabilities found and reported daily

Endpoint Security Today

Traditional Defenses …

• Antivirus

• Patching Microsoft OS and Apps

• Firewalls

• Strong Passwords

• End-User Education Programs

… Don’t Always Work:If They Did, We Wouldn’t HaveIT Security Breaches!

22

Most Common Threats - N1• Hard to dispute the fact that patching

an underlying software flaw in most cases is the best defense

• In the current environment 72% of vulnerabilities have a patch available within 24 hours of disclosure

• In the current environment 77% of vulnerabilities have a patch available within 30 days of disclosure

• Microsoft data indicates that in the first half of 2011 Zero Day attacks amounted to less the 1% of the attack surface

Patch or get hacked the choice is yours…

Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539

23

Most Common Threats – N2• Vulnerable software is not just a

Microsoft problem…• Third party software historically has

had more unpatched vulnerabilities then Microsoft

• Java is your number one issue today followed by Adobe – the leader for the past couple of years

Bottom line is WSUS is not going to save you !

Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539

Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-insecure-java-versions/9541?tag=content;siu-container

24

Most Common Threats – N3• Hackers are always going to take

advantage of areas that simply are not properly handled by defenders

• Looking at the chart on the right is there any question why Java, Adobe and QuickTime are favored by the Bad Guys

• In case you missed it the chart is showing the “Most Outdated Web Browser Plugins”

What did you really think was going to happen?

Source: http://www.zscaler.com/state-of-web-q3-2011.html

25

Most Common Threats – N4• It is important to remember that

taking advantage of a vulnerability is not really the “End Game” for a bad guy

• The Vulnerability only represents a “Delivery Mechanism”

• The “End Game” is actually to allow them to Execute Malicious Code in your environment

• Why are we focusing on the delivery method not the end game

• Duh - because everyone else is• Hackers will always beat us in the

delivery mechanism “Arms Race”• Get ahead of the problem by

focusing on the End Game

Summary of Endpoint threats

Where Traditional Defenses Fall Short

• Risk from Un-patched 3rd Party Apps

• Controlling Local Admins Gone Wild

• Preventing Zero-Day Attacks and Targeted Malware

• End-User Education Isn’t Keeping Up

• Actionable Reporting and Security Measurement

Changes of the traditional Endpoint Security The Past, The Present and The Future

Quotes from AV vendors

Basic security protection is not good enough,”

Rowan Trollope Senior Vice President, Symantec

“You can’t just rely on antivirus software – and

we’re an antivirus company” George Kurtz, Worldwide CTO, McAfee

[Standard] antivirus is not effective anymore... Raimund Genes, CTO Trend Micro Inc

"[signatures are] completely ineffective as the only layer [of endpoint security]… Nikolay

Grebennikov, CTO, Kaspersky

Endpoint Security – vendors and scope

Endpoint Security Today

Vulnerability Assessment

Systems Management

PatchManagement

AntiVirusMalware

DataProtection

Compliance

Point products tax IT resources with additional administration burden, custom integration & maintenance limited user productivity across multiple

management consoles

ColleenIT Ops Manager

PatCIO

RichIT Security Manager

45% of IT operations professionals work across 3-5 different software consoles while managing security & operational functions.*

*Worldwide State of The Endpoint Report 2009

Endpoint Security requirements

» Antivirus / Anti-malware

» HIPS / File Integrity monitoring

» Firewall / VPN

» Encryption (whole disk, devices)

» Device Control

» Application Control / System Lockdown

» Vulnerability management, patch and update management

» Configuration management

» NAC / Visibility

» Mobile Device Management

Lumension Endpoint Management Security Suite 2012

Introducing: Application Intelligent Whitelisting

Agile n-tier pluggable architecture

Single Promotable Agent

SingleConsole

LEMSS 2012 – one agent platform

L.E.M.S.S.: Patch and Remediation & Config

L.E.M.S.S.: Wake on LAN & Power Mgmt.

L.E.M.S.S.: Whole Disk Encryption

L.E.M.S.S.: Mobile Device Management

L.E.M.S.S.: Device Control

L.E.M.S.S.: Risk & Compliance Management

L.E.M.S.S.: App Control & Antivirus

Lumension Intelligent Application Whitelisting

Unifies workflows and technologies to deliver enhanced capabilities in the management of endpoint operations, security and compliance

» Remove whitelisting market adoption barriers

Device ControlDevice ControlAsset Management

Asset Management

Software Management

Software Management

Power Management

Power Management

Configuration ManagementConfiguration Management

Endpoint Operations Endpoint Security

Content WizardContent Wizard

Reporting / Alerting / LoggingReporting / Alerting / Logging

DLPDLP

Compliance/Risk Mgt.

Compliance/Risk Mgt.

Trusted Change

AntiVirus/SpywareAntiVirus/Spyware

Patch Management

Patch Management

Application ControlApplication Control

FirewallManagement

FirewallManagement

Intelligent Whitelisting

Whole Disk EncryptionWhole Disk EncryptionMobile Device

ManagementMobile Device Management

LEMSS – principle of work

Clean IT

L.E.M.S.S.: Antivirus

»Role of AntiVirus

» Remove malware prior to lockdown

» Scan for malware not identified at time of lockdown

» Scan when making changes

•Defense in depth

» AntiVirus no longer the primary defence mechanism

» Less of a reactionary role

»Features of AntiVirus

» Sandbox

» Antispyware / Antivirus

» DNA matching

» Exploit detection

LEMSS: AV Key Features

Highlights

» AV Signatures and Scan Engine Updates

» Policy Scans• Recurring Scan Policy• Real Time Monitoring• Scan Now

» Alerts & Notifications• Centralized Alerts Page• Dashboard Widgets• Email Notifications• Reports

» Agent Control Panel

Complete Listing

• Antivirus• Antispyware• DNA Matching (partial signature matching)• SandBox (behavorial analysis)• Exploit Detection (hidden malware)• AV Signature and Scan Engine Downloads

(LAN and Internet)• Recurring Scan Policy• Real-time Monitoring Policy• Scan Now• Alerts (Status)• Email Notification• Dashboard Widets• Reports• LEMSS Integration (single agent)• Agent Control Panel

37PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lock IT

L.E.M.S.S.: Application Control

»Role of Application Control

» Fast and easy policy definition

» Unique whitelist for every endpoint

» No disruption to productivity

» Stops any executable after locking it

» Granularity of control

» Integration with Patch & Remediation module for automated and first in market - “Intelligent Application Whitelisting”

»Features of Application Control

» Kernel level solution

» ~ 10 years in development

» Exploit detection

AntiVirus Application Control

Malware Signatures30 Million and growing @ 2 Million / Month

DLoader.AMHZW \ Exploit_Gen.HOW \ Hacktool.KDY \ INF/AutoRun.HK \ JS/BomOrkut.A \ JS/Exploit.GX \ JS/FakeCodec.B \ JS/Iframe.BZ \ JS/Redirector.AH \ KillAV.MPK \ LNK/CplLnk.K

Hash of Approved Application As defined by IT Security

Word.exe \ Excel.exe \ Winnet.dll \ Mozilla.exe

Run as a Service

CPU Usage: Intensive

Reactive

Ineffective on:Zero Day, Polymorphic

Run in the Kernel

CPU Usage: Low

Proactive

Effective for:Zero day, Polymorphic

How Application Control Security Works

95% 13%

Trust IT

L.E.M.S.S.: Patch And Remediation

»Role of Patch & Remediation

» Software and Patch deployment systems

» Automated discovery and assessment of assets

» Trusted change manager

» Automatically update of local whitelist

» No disruption to productivity

» Single solution for heterogeneous environment

»Features of Patch & Remediation

» 20 years market leadership

» Patented patch fingerprint technology

» Largest coverage of OS’s and Apps

Lumension Application Support Updates

41

•Apple (128)» QuickTime» iTunes» Safari » iLife Suite

•Mozilla Firefox Content (818)» Firefox

•RealNetworks (10)» RealPlayer

•Sun Microsystems (486)» Java JRE

•WinZip (2)» WinZip

Adobe Reader

Adobe Flash Player

Adobe Shockwave Player

Adobe Acrobat Pro

Adobe Photoshop

Adobe Air

Adobe InDesign

More than anyother patch vendor!

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

•Microsoft Windows •Apple Mac OS X, v.10.3–10.6, x86 (Intel)/PowerPC

•HP-UX, v. 11.11–11.31, 64 bit PA-RISC• IBM AIX, v. 5.1–5.3, PowerPC•Sun Solaris, v. 9–10, SPARC, x86/x86_64•Linux Platforms:

» Red Hat Enterprise Linux• RHEL 3, 4, and 5, x86 and x86_64

» CentOS • CentOS 4 and 5, x86 and x86_64

» Oracle Enterprise Linux• Oracle Enterprise Linux 4 and 5, x86 and x86_64

» SUSE Linux Enterprise• SLES/SLED 9, 10, and 11, x86 and x86_64

More than just Windows patching….

42PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

And more than just patching…

Systems Management:» Inventory:

» Software» Hardware» Services

» Software Distribution» Remote Desktop» Power Management

» Policy Setting / Enforcement» Wake on LAN» Report on Savings ($$)

» Configuration setting / enforcement

» Disable 3rd party vendor auto update, Adobe, Java

» Compliance Controls

43PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension Endpoint Integrity Service

44

Lumension Endpoint Integrity Service

Customized Whitelist Customer downloads Lumension certified application data to build unique whitelist.

Whitelist UpdatedLumension dynamically updates customer whitelist with latest vulnerability information.

SoftwareVendors

Customer

Lumension Certified Application(Sha-256 Hash Application Identification)

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension Device Control

L.E.M.S.S.: Device Control

Supported Device Types: • Biometric devices • COM / Serial Ports • DVD/CD drives • Floppy disk drives • Imaging Devices / Scanners • LPT / Parallel Ports • Modems / Secondary Network Access

Devices • Palm Handheld Devices • Portable (Plug and Play) Devices • Printers (USB/Bluetooth) • PS/2 Ports • Removable Storage Devices • RIM BlackBerry Handhelds • Smart Card Readers • Tape Drives • User Defined Devices • Windows CE Handheld Devices • Wireless Network Interface Cards (NICs)

Lumension Mobile Device Management

Improving Endpoint Security with LEMSS (Lumension Endpoint Management Security Suite)

Minimize Your True Endpoint RiskAugment existing defense-in-depth tools

» Comprehensive Patch andConfiguration Management

» Application Control / Whitelisting

» Device Control

» Encryption

BlacklistingAs The Core

Zero Day

3rd Party Application

Risk

MalwareAs a

Service

Volume of Malware

Traditional Endpoint Security

Minimize Your True Endpoint Risk

Source: John Pescatore Vice President, Gartner Fellow

30% Missing Patches

Areas of Risk at the Endpoint

65% Misconfigurations

5% Zero-Day

Rapid Patch and Configuration Management

• Analyze and deploy patches across all OS’s and apps (incl. 3rd party)

• Ensure all endpoints on the network are managed

• Benchmark and continuously enforce patch and configuration management processes

• Don’t forget about the browser!

» Un-patched browsers represent the highest risk for web-borne malware.

Known• Viruses• Worms• Trojans

Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware

Antivirus

• Use for malware clean-up and removal

Application control

• Much better defense to prevent unknown or unwanted apps from running

Stop Malware Payloads with App Whitelisting

Malware

Authorized• Operating Systems• Business Software

Unauthorized• Games• iTunes• Shareware• Unlicensed S/W

Apps

Un

-Tr

ust

ed

Encryption

Endpoints (Whole Disk)• Secure all data on endpoint• Enforce secure pre-boot

authentication w/ single sign-on• Recover forgotten passwords and

data quickly• Automated deployment

Removable Devices• Secure all data on removable

devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs)

• Centralized limits, enforcement, and visibility

Laptop Thefts (IDC 2010)Lost UFDs (Ponemon 2011)

Back in 2009 / 2010

52

Patch & Remediation

Application Control SCM

Device Control AV Content

Wizard

Scan Risk Manager PM

Lumension Endpoint Management Platform

53

2009 Integration

Endpoint Operations

Endpoint Security

Compliance

» Unified workflow

» Consolidated data

» Increased visibility

» Operational & Strategic

Reporting

» Modular, extensible design

» Power of granularity

» Improved productivity and

lower TCO

Single Integrated Console / Single Agent

Massive ongoing U.I. Integration

54

2010

LPR AC DC SCM AV Scan2011

LPR AC AV SCM DC Scan

*2010 – each color represents a different product with a different user interface

*2011 – Migration to a consolidated user interface. SCAN and LRM are also sold as separate stand alone products

2012

LPR LRS LCW AC DC AV PM SCM

Lumension Platform Advantage

55PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

SingleConsole

Agile n-tier pluggable architecture

Single Promotable Agent

ManyProducts

ManyConsoles

Disparate Architecture

ManyAgents

One Partner One Platform Many Solutions

•Fully integrated UI across ALL technologies

•Unified Policy Framework to automatically enforce and eliminate configuration drift

Single UI

•N-Tier Design•Full Integration for all technologies

N Tier

•Cross Platform •Single Communication Vector

•One agent-all technologies

Single Agent

Lumension Endpoint Management and Security Suite: Dashboard

56PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension® Risk Manager

Real time risk & compliance manager

Harm

onize

d

Contro

ls

Regulation Authority Documents

Subjec

ts

Business Interests Corporate Policies

Profile Risk Attributes

Open to the Internet

Contains Credit Card Information

Contains Customer Data

Pass/Fail Regulation Assessment

HIPAA 100%

SOX 65%

PCI 65%

NERC 30%

Applicable Controls

Password Length

Data Encryption

Power Save

IT Assets

Business ProcessesRevenue StreamsTrade Secrets

GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…

Security Posture Index

Contextual» High-level security

posture objectives are captured in LRM

» Combined KPI’s form a security posture report

» Drill down on different sections of the SPI report for detailed assessment scores

5959PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

More Information

SMB Security Series» Resource Center:

http://www.lumension.com/smb-budget» Webcast Part 2:

http://www.lumension.com/Resources/Webinars/How-to-Reduce-Endpoint-Complexity-and-Costs.aspx

Quantify Your IT Risk with Free Scanners» http://www.lumension.com/special-offer/PREMI

UM-SECURITY-TOOLS.ASPX

Lumension® Endpoint Management and Security Suite

» Demo: http://www.lumension.com/endpoint-management-security-suite/demo.aspx

» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx

SMB Market Survey

www.lumension.com/smb-survey

E is for Endpoint Webcast and Whitepaper Series

http://www.lumension.com/E-is-for-Endpoint.aspx

Please consider next steps

• Lumension® Intelligent Whitelisting™ » Overview

• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx

» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx

• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.

• www.lumension.com/special-offer/App-Whitelisting-V2.aspx

» Using Defense-in-Depth to Combat Endpoint Malware• l.lumension.com/puavad

» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx

Global Headquarters15880 N. Greenway-Hayden Loop

Suite 100

Scottsdale, AZ 85260