lumension endpoint management and security suite 2012
DESCRIPTION
Presentation of new endpoint security management platform from Lumension. Done by Andris Soroka in Warsaw, in headtechnology Poland event Headlight2012.TRANSCRIPT
Shift to Intelligent Endpoint Security Management
Warsaw, Poland17th of May, 2012
Andris Soroka
Lumension’s business card• Offices Worldwide + Strong Partner Base (500+) • More than 6000 customers in 70 countries• More than 14 million endpoints protected• Award-Winning Innovator
Lumension History
3
First cross-platform and application patch management solution
First credentialed based vulnerability scanner
First to introduce whitelisting / patented file “shadowing” technology
First Patent pending Risk Intelligence Engine
1991
Market Share Leader: Patch Management, Enterprise Risk Management, Device Control
2007 2009 2010
First Intelligent Whitelisting
Portfolio – ANNO 1991
Power Management
License Monitoring
Application Deployment
Asset Identification and Inventory
Contract Management
Vulnerability Assessment
Patching and Remediation
Security Configuration Management
X-Platform Content Support
AntiVirus/Malware
Malware Remediation
Application Control-Intelligent White-lisiting
Application Identity & Assurance
Mobile Devices Management
Compliance-Control Mapping
Continuous Monitoring
Control Harmonization
IT Risk Assessment
Deficiency Remediation
Compliance andIT Risk Management
EndpointOperations
VulnerabilityManagement
EndpointProtection
Data Protection
Device Control
Data Encryption
Whole Disk Encryption
Content Filtering
Data Discovery
Agenda
Recent/Upcoming Product Releases Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker
»Traditional Endpoint Security – threats, drivers
»Evolutions and shifts in Endpoint Security
»Lumension LEMSS – the innovative platform
» Device Control» Application Control» Antivirus» Whole Disk Encryption» Mobile Device Management» Risk & Compliance » Patch & Remediation and more
Business Drivers and Threats The Endpoint Security Landscape
Today’s business environment» IT continues taking the lead in business (ERP,
CRM, document management, digital prototyping etc.)
» Development of e-World continues (B2B, B2C, e-Services, e-Government, e-Health, social networking, Web 2.0, unified communications etc.)
» Consumerization, virtualization, clouds, mobility and borderless enterprise is a reality
» Cyber culture grows faster than cyber security (as well – not all countries have compliance, directives or penalties)
Every technology is vulnerable
Malware continues its perfect storm
New king of malware - Java
Mac OS X malware
Mobile malware
Source: Juniper Mobile Threat Report
2011 – year of targeted attacks
IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party SW
DDoS
Secure ID
Unknown
Mar April May June July AugFeb
Sony
Epsilon
L3 Communications Sony BMG
Greece
US Senate NATO
AZ Police
TurkishGovernment
SK Communications
Korea
Monsanto
RSAHB Gary
NintendoBrazilGov.
Lockheed Martin
Vanguard Defense
Booz Allen
Hamilton
PBS
PBS
SOCA
Malaysian Gov. Site Peru
Special Police
Gmail Accounts
Spanish Nat. Police
Citigroup
Sega
Fox News X-Factor
Italy PM Site
IMF
Northrop Grumman
Bethesda Software
Size of circle estimates relative impact of breach
Security Today
General Categories
• Financially Motivated
» Bank Accts, Passwords, etc.
» Identity Theft
» Insiders
• Intellectual Property Theft
• Hacktivists
» IP / Customer data
» Denial of Service
» Reputational Damage
Threats and solutions of Security Today
Results of threats
We end up with -
• There are Internet shops full of credit card, bank account, privacy, business and other confidential data
• Also there are available services to rent a botnet, malicious code and attack anyone
• Video trainings and eLearning available in social media, such as YouTube
• «Black market community» (forums, blogs, interest groups, conferences etc.)
• Lost business & reputation
Crybercrime works..
Final Facts
• General loss of year 2011» 2011 – 431 billion people affected, with more
than 114 billion USD directly and another 274 billion USD related to direct loss
» (Source: Symantec, Dec 2011)
Cybercrime costs the world significantly more than the global black market of marijuana, cocaine and heroin combined (~$228 billion world wide)
What about technologies for protection?
Ponemon Institute Survey 2011 (December)
Endpoint Security Today – most important
Reality check
• Weakest link - endpoint
» 70% of incidents are caused on the endpoint
» >2 million unique malware samples every day
» On average lifetime of a malware is less than 24 hours
» Traditional defense is not enough
» At least 50 new vulnerabilities found and reported daily
Endpoint Security Today
Traditional Defenses …
• Antivirus
• Patching Microsoft OS and Apps
• Firewalls
• Strong Passwords
• End-User Education Programs
… Don’t Always Work:If They Did, We Wouldn’t HaveIT Security Breaches!
22
Most Common Threats - N1• Hard to dispute the fact that patching
an underlying software flaw in most cases is the best defense
• In the current environment 72% of vulnerabilities have a patch available within 24 hours of disclosure
• In the current environment 77% of vulnerabilities have a patch available within 30 days of disclosure
• Microsoft data indicates that in the first half of 2011 Zero Day attacks amounted to less the 1% of the attack surface
Patch or get hacked the choice is yours…
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
23
Most Common Threats – N2• Vulnerable software is not just a
Microsoft problem…• Third party software historically has
had more unpatched vulnerabilities then Microsoft
• Java is your number one issue today followed by Adobe – the leader for the past couple of years
Bottom line is WSUS is not going to save you !
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-insecure-java-versions/9541?tag=content;siu-container
24
Most Common Threats – N3• Hackers are always going to take
advantage of areas that simply are not properly handled by defenders
• Looking at the chart on the right is there any question why Java, Adobe and QuickTime are favored by the Bad Guys
• In case you missed it the chart is showing the “Most Outdated Web Browser Plugins”
What did you really think was going to happen?
Source: http://www.zscaler.com/state-of-web-q3-2011.html
25
Most Common Threats – N4• It is important to remember that
taking advantage of a vulnerability is not really the “End Game” for a bad guy
• The Vulnerability only represents a “Delivery Mechanism”
• The “End Game” is actually to allow them to Execute Malicious Code in your environment
• Why are we focusing on the delivery method not the end game
• Duh - because everyone else is• Hackers will always beat us in the
delivery mechanism “Arms Race”• Get ahead of the problem by
focusing on the End Game
Summary of Endpoint threats
Where Traditional Defenses Fall Short
• Risk from Un-patched 3rd Party Apps
• Controlling Local Admins Gone Wild
• Preventing Zero-Day Attacks and Targeted Malware
• End-User Education Isn’t Keeping Up
• Actionable Reporting and Security Measurement
Changes of the traditional Endpoint Security The Past, The Present and The Future
Quotes from AV vendors
Basic security protection is not good enough,”
Rowan Trollope Senior Vice President, Symantec
“You can’t just rely on antivirus software – and
we’re an antivirus company” George Kurtz, Worldwide CTO, McAfee
[Standard] antivirus is not effective anymore... Raimund Genes, CTO Trend Micro Inc
"[signatures are] completely ineffective as the only layer [of endpoint security]… Nikolay
Grebennikov, CTO, Kaspersky
Endpoint Security – vendors and scope
Endpoint Security Today
Vulnerability Assessment
Systems Management
PatchManagement
AntiVirusMalware
DataProtection
Compliance
Point products tax IT resources with additional administration burden, custom integration & maintenance limited user productivity across multiple
management consoles
ColleenIT Ops Manager
PatCIO
RichIT Security Manager
45% of IT operations professionals work across 3-5 different software consoles while managing security & operational functions.*
*Worldwide State of The Endpoint Report 2009
Endpoint Security requirements
» Antivirus / Anti-malware
» HIPS / File Integrity monitoring
» Firewall / VPN
» Encryption (whole disk, devices)
» Device Control
» Application Control / System Lockdown
» Vulnerability management, patch and update management
» Configuration management
» NAC / Visibility
» Mobile Device Management
Lumension Endpoint Management Security Suite 2012
Introducing: Application Intelligent Whitelisting
Agile n-tier pluggable architecture
Single Promotable Agent
SingleConsole
LEMSS 2012 – one agent platform
L.E.M.S.S.: Patch and Remediation & Config
L.E.M.S.S.: Wake on LAN & Power Mgmt.
L.E.M.S.S.: Whole Disk Encryption
L.E.M.S.S.: Mobile Device Management
L.E.M.S.S.: Device Control
L.E.M.S.S.: Risk & Compliance Management
L.E.M.S.S.: App Control & Antivirus
Lumension Intelligent Application Whitelisting
Unifies workflows and technologies to deliver enhanced capabilities in the management of endpoint operations, security and compliance
» Remove whitelisting market adoption barriers
Device ControlDevice ControlAsset Management
Asset Management
Software Management
Software Management
Power Management
Power Management
Configuration ManagementConfiguration Management
Endpoint Operations Endpoint Security
Content WizardContent Wizard
Reporting / Alerting / LoggingReporting / Alerting / Logging
DLPDLP
Compliance/Risk Mgt.
Compliance/Risk Mgt.
Trusted Change
AntiVirus/SpywareAntiVirus/Spyware
Patch Management
Patch Management
Application ControlApplication Control
FirewallManagement
FirewallManagement
Intelligent Whitelisting
Whole Disk EncryptionWhole Disk EncryptionMobile Device
ManagementMobile Device Management
LEMSS – principle of work
Clean IT
L.E.M.S.S.: Antivirus
»Role of AntiVirus
» Remove malware prior to lockdown
» Scan for malware not identified at time of lockdown
» Scan when making changes
•Defense in depth
» AntiVirus no longer the primary defence mechanism
» Less of a reactionary role
»Features of AntiVirus
» Sandbox
» Antispyware / Antivirus
» DNA matching
» Exploit detection
LEMSS: AV Key Features
Highlights
» AV Signatures and Scan Engine Updates
» Policy Scans• Recurring Scan Policy• Real Time Monitoring• Scan Now
» Alerts & Notifications• Centralized Alerts Page• Dashboard Widgets• Email Notifications• Reports
» Agent Control Panel
Complete Listing
• Antivirus• Antispyware• DNA Matching (partial signature matching)• SandBox (behavorial analysis)• Exploit Detection (hidden malware)• AV Signature and Scan Engine Downloads
(LAN and Internet)• Recurring Scan Policy• Real-time Monitoring Policy• Scan Now• Alerts (Status)• Email Notification• Dashboard Widets• Reports• LEMSS Integration (single agent)• Agent Control Panel
37PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lock IT
L.E.M.S.S.: Application Control
»Role of Application Control
» Fast and easy policy definition
» Unique whitelist for every endpoint
» No disruption to productivity
» Stops any executable after locking it
» Granularity of control
» Integration with Patch & Remediation module for automated and first in market - “Intelligent Application Whitelisting”
»Features of Application Control
» Kernel level solution
» ~ 10 years in development
» Exploit detection
AntiVirus Application Control
Malware Signatures30 Million and growing @ 2 Million / Month
DLoader.AMHZW \ Exploit_Gen.HOW \ Hacktool.KDY \ INF/AutoRun.HK \ JS/BomOrkut.A \ JS/Exploit.GX \ JS/FakeCodec.B \ JS/Iframe.BZ \ JS/Redirector.AH \ KillAV.MPK \ LNK/CplLnk.K
Hash of Approved Application As defined by IT Security
Word.exe \ Excel.exe \ Winnet.dll \ Mozilla.exe
Run as a Service
CPU Usage: Intensive
Reactive
Ineffective on:Zero Day, Polymorphic
Run in the Kernel
CPU Usage: Low
Proactive
Effective for:Zero day, Polymorphic
How Application Control Security Works
95% 13%
Trust IT
L.E.M.S.S.: Patch And Remediation
»Role of Patch & Remediation
» Software and Patch deployment systems
» Automated discovery and assessment of assets
» Trusted change manager
» Automatically update of local whitelist
» No disruption to productivity
» Single solution for heterogeneous environment
»Features of Patch & Remediation
» 20 years market leadership
» Patented patch fingerprint technology
» Largest coverage of OS’s and Apps
Lumension Application Support Updates
41
•Apple (128)» QuickTime» iTunes» Safari » iLife Suite
•Mozilla Firefox Content (818)» Firefox
•RealNetworks (10)» RealPlayer
•Sun Microsystems (486)» Java JRE
•WinZip (2)» WinZip
Adobe Reader
Adobe Flash Player
Adobe Shockwave Player
Adobe Acrobat Pro
Adobe Photoshop
Adobe Air
Adobe InDesign
More than anyother patch vendor!
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
•Microsoft Windows •Apple Mac OS X, v.10.3–10.6, x86 (Intel)/PowerPC
•HP-UX, v. 11.11–11.31, 64 bit PA-RISC• IBM AIX, v. 5.1–5.3, PowerPC•Sun Solaris, v. 9–10, SPARC, x86/x86_64•Linux Platforms:
» Red Hat Enterprise Linux• RHEL 3, 4, and 5, x86 and x86_64
» CentOS • CentOS 4 and 5, x86 and x86_64
» Oracle Enterprise Linux• Oracle Enterprise Linux 4 and 5, x86 and x86_64
» SUSE Linux Enterprise• SLES/SLED 9, 10, and 11, x86 and x86_64
More than just Windows patching….
42PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
And more than just patching…
Systems Management:» Inventory:
» Software» Hardware» Services
» Software Distribution» Remote Desktop» Power Management
» Policy Setting / Enforcement» Wake on LAN» Report on Savings ($$)
» Configuration setting / enforcement
» Disable 3rd party vendor auto update, Adobe, Java
» Compliance Controls
43PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension Endpoint Integrity Service
44
Lumension Endpoint Integrity Service
Customized Whitelist Customer downloads Lumension certified application data to build unique whitelist.
Whitelist UpdatedLumension dynamically updates customer whitelist with latest vulnerability information.
SoftwareVendors
Customer
Lumension Certified Application(Sha-256 Hash Application Identification)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension Device Control
L.E.M.S.S.: Device Control
Supported Device Types: • Biometric devices • COM / Serial Ports • DVD/CD drives • Floppy disk drives • Imaging Devices / Scanners • LPT / Parallel Ports • Modems / Secondary Network Access
Devices • Palm Handheld Devices • Portable (Plug and Play) Devices • Printers (USB/Bluetooth) • PS/2 Ports • Removable Storage Devices • RIM BlackBerry Handhelds • Smart Card Readers • Tape Drives • User Defined Devices • Windows CE Handheld Devices • Wireless Network Interface Cards (NICs)
Lumension Mobile Device Management
Improving Endpoint Security with LEMSS (Lumension Endpoint Management Security Suite)
Minimize Your True Endpoint RiskAugment existing defense-in-depth tools
» Comprehensive Patch andConfiguration Management
» Application Control / Whitelisting
» Device Control
» Encryption
BlacklistingAs The Core
Zero Day
3rd Party Application
Risk
MalwareAs a
Service
Volume of Malware
Traditional Endpoint Security
Minimize Your True Endpoint Risk
Source: John Pescatore Vice President, Gartner Fellow
30% Missing Patches
Areas of Risk at the Endpoint
65% Misconfigurations
5% Zero-Day
Rapid Patch and Configuration Management
• Analyze and deploy patches across all OS’s and apps (incl. 3rd party)
• Ensure all endpoints on the network are managed
• Benchmark and continuously enforce patch and configuration management processes
• Don’t forget about the browser!
» Un-patched browsers represent the highest risk for web-borne malware.
Known• Viruses• Worms• Trojans
Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware
Antivirus
• Use for malware clean-up and removal
Application control
• Much better defense to prevent unknown or unwanted apps from running
Stop Malware Payloads with App Whitelisting
Malware
Authorized• Operating Systems• Business Software
Unauthorized• Games• iTunes• Shareware• Unlicensed S/W
Apps
Un
-Tr
ust
ed
Encryption
Endpoints (Whole Disk)• Secure all data on endpoint• Enforce secure pre-boot
authentication w/ single sign-on• Recover forgotten passwords and
data quickly• Automated deployment
Removable Devices• Secure all data on removable
devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs)
• Centralized limits, enforcement, and visibility
Laptop Thefts (IDC 2010)Lost UFDs (Ponemon 2011)
Back in 2009 / 2010
52
Patch & Remediation
Application Control SCM
Device Control AV Content
Wizard
Scan Risk Manager PM
Lumension Endpoint Management Platform
53
2009 Integration
Endpoint Operations
Endpoint Security
Compliance
» Unified workflow
» Consolidated data
» Increased visibility
» Operational & Strategic
Reporting
» Modular, extensible design
» Power of granularity
» Improved productivity and
lower TCO
Single Integrated Console / Single Agent
Massive ongoing U.I. Integration
54
2010
LPR AC DC SCM AV Scan2011
LPR AC AV SCM DC Scan
*2010 – each color represents a different product with a different user interface
*2011 – Migration to a consolidated user interface. SCAN and LRM are also sold as separate stand alone products
2012
LPR LRS LCW AC DC AV PM SCM
Lumension Platform Advantage
55PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
SingleConsole
Agile n-tier pluggable architecture
Single Promotable Agent
ManyProducts
ManyConsoles
Disparate Architecture
ManyAgents
One Partner One Platform Many Solutions
•Fully integrated UI across ALL technologies
•Unified Policy Framework to automatically enforce and eliminate configuration drift
Single UI
•N-Tier Design•Full Integration for all technologies
N Tier
•Cross Platform •Single Communication Vector
•One agent-all technologies
Single Agent
Lumension Endpoint Management and Security Suite: Dashboard
56PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension® Risk Manager
Real time risk & compliance manager
Harm
onize
d
Contro
ls
Regulation Authority Documents
Subjec
ts
Business Interests Corporate Policies
Profile Risk Attributes
Open to the Internet
Contains Credit Card Information
Contains Customer Data
Pass/Fail Regulation Assessment
HIPAA 100%
SOX 65%
PCI 65%
NERC 30%
Applicable Controls
Password Length
Data Encryption
Power Save
IT Assets
Business ProcessesRevenue StreamsTrade Secrets
GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…
Security Posture Index
Contextual» High-level security
posture objectives are captured in LRM
» Combined KPI’s form a security posture report
» Drill down on different sections of the SPI report for detailed assessment scores
5959PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
More Information
SMB Security Series» Resource Center:
http://www.lumension.com/smb-budget» Webcast Part 2:
http://www.lumension.com/Resources/Webinars/How-to-Reduce-Endpoint-Complexity-and-Costs.aspx
Quantify Your IT Risk with Free Scanners» http://www.lumension.com/special-offer/PREMI
UM-SECURITY-TOOLS.ASPX
Lumension® Endpoint Management and Security Suite
» Demo: http://www.lumension.com/endpoint-management-security-suite/demo.aspx
» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
SMB Market Survey
www.lumension.com/smb-survey
E is for Endpoint Webcast and Whitepaper Series
http://www.lumension.com/E-is-for-Endpoint.aspx
Please consider next steps
• Lumension® Intelligent Whitelisting™ » Overview
• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx
» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx
• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.
• www.lumension.com/special-offer/App-Whitelisting-V2.aspx
» Using Defense-in-Depth to Combat Endpoint Malware• l.lumension.com/puavad
» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx
Global Headquarters15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260