2015 Endpoint and Mobile Security Buyers Guide
-
Upload
lumension -
Category
Technology
-
view
263 -
download
4
description
Transcript of 2015 Endpoint and Mobile Security Buyers Guide
![Page 1: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/1.jpg)
Presents
2015 Endpoint and Mobile Security Buyer’s Guide
Mike Rothman, President
Twitter: @securityincite
![Page 2: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/2.jpg)
About Securosis
• Independent analysts with backgrounds on both
the user and vendor side.
• Focused on deep technical and industry
expertise.
• We like pragmatic.
• We are security guys - that’s all we do.
![Page 3: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/3.jpg)
![Page 4: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/4.jpg)
Advanced Malware is Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow their trail.
• But first you need to
understand the kill chain.
http://flic.kr/p/4UPRJ7
![Page 5: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/5.jpg)
The Kill Chain
http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
![Page 6: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/6.jpg)
Defining Endpoint Security
![Page 7: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/7.jpg)
Anti-Malware: Protecting Endpoints from Attack
![Page 8: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/8.jpg)
The Negative Security Modelhttp://www.despair.com/tradition.html
![Page 9: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/9.jpg)
How customers view Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not is not
the issue.
• And to be clear, traditional
anti-malware technology
doesn’t work anymore.
http://flic.kr/p/9kC2Q1
![Page 10: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/10.jpg)
Adversaries: Better and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.flickr.com/photos/dzingeek/4587871752/
![Page 11: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/11.jpg)
You don’t know what malware is going to look like...
But you DO know what software should and should not do.
![Page 12: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/12.jpg)
Advanced Protection Techniques• Better Heuristics
• Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook)
• “Application HIPS”
• Better Isolation (Sandboxes)• Browser Isolation• O/S Isolation (virtualization)
• White Listing (endpoints user experience impact, good for servers)
• Endpoint Activity Monitoring• Device Forensics• Retrospective Alerting
![Page 13: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/13.jpg)
Endpoint Hygiene: Reducing Attack Surface
![Page 14: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/14.jpg)
Endpoint Hygiene
![Page 15: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/15.jpg)
Patch Management Process
http://www.flickr.com/photos/smallritual/6964911694/
![Page 16: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/16.jpg)
Patch Management Technology Considerations
• Coverage (OS and
apps)
• Library of patches
• Intelligence/Research
• Discovery
• Patch deployment and
software removal
• Agent vs. agentless
• Handling remote
devices
• Deployment/scalability
architecture
• Scheduling flexibility
![Page 17: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/17.jpg)
Configuration Management Process
http://www.flickr.com/photos/smallritual/6964911694/
![Page 18: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/18.jpg)
Configuration Management Technology Considerations
• Coverage (OS and
apps)
• Discovery
• Supported standards
and benchmarks
• Agent vs. agentless
• Handling remote
devices
• Integration with
operational processes
• Policy exceptions
• Who has the “special
machines?”
![Page 19: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/19.jpg)
Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr.com/photos/rave2npg/2667464740/
![Page 20: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/20.jpg)
Device Control Process
![Page 21: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/21.jpg)
Device Control Technology Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (small
footprint)
• Hardware keylogger
protection
• Offline support
• Forensics
• Grace periods/User
override
![Page 22: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/22.jpg)
Blurring lines between technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management & IT
Ops
• Device Control with Endpoint
DLP
• Who wants the hot potato?
• Accountability and
organizational complexities
http://www.flickr.com/photos/zen/253267347/
![Page 23: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/23.jpg)
Managing Mobile Endpoint Security
![Page 24: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/24.jpg)
Mobile Device Security
• Enrollment
• Asset Management
• OS Configuration
• Patching
• Connectivity
• Identity
• Group roles and policies
http://www.flickr.com/photos/becw/2404120929/
![Page 25: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/25.jpg)
Managing Applications
• Authorized applications
• Application controls
• Built-in apps & 3rd party
• Privacy
• Regional variations
• Balance individual needs
with corporate
requirements
https://flic.kr/p/eEcxny
![Page 26: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/26.jpg)
Mobile Data Protection
• Remote Wipe
• Data Protection
• Encryption at rest
• Containers
https://flic.kr/p/cJUp9j
![Page 27: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/27.jpg)
Employee-owned devices
• Not just mobile devices
• Selective enforcement/granularity of
policies
• Require Anti-malware?
• Manage Hygiene?
http://www.flickr.com/photos/jennip/8465930151/
http
://www.fl
ickr.c
om/p
hoto
s/je
nnip
/846
5930
151/
![Page 28: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/28.jpg)
Management Leverage
• Starts as stand-alone,
eventually bundled in• Single user experience to
manage hygiene• Single point to aggregate
endpoint logs• Cloud or on-prem
management?
https://flic.kr/p/5LVn8X
![Page 29: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/29.jpg)
Endpoint Security Platform
Brings it all together
into a well oiled
machine...
http://www.flickr.com/photos/andrewl04/3163980834/
![Page 30: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/30.jpg)
Buying Considerations
![Page 31: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/31.jpg)
Endpoint Security Platform Buying Considerations• Dashboard
• Discovery
• Asset Repository
Integration
• Alert Management
• Alert queue
• Navigation/workflow
• Agent Management
• Policy Creation and
Management
• Baselines/Templates
for customization
• Alert only policies
• System Administration
• Reporting
![Page 32: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/32.jpg)
To Cloud or Not to Cloud
• No server management• Uptime• Multi-tenancy: Data
segregation and protection• User experience
http://www.flickr.com/photos/52859023@N00/644335254
![Page 33: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/33.jpg)
Buying Process/Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Confirm with peer group
• Big vs. small vendor
• Platform vs. pricing leverage
• Research & Intelligence
http://www.flickr.com/photos/jeffanddayna/4081090389/
![Page 34: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/34.jpg)
Summary
• Don’t forget about the security
of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app vulnerabilities
• Malware protection remains a
cat/mouse game
• BYOD/Mobility adds another set
of issues to protecting endpointshttp://www.flickr.com/photos/74571262@N08/6710953053/
![Page 35: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/35.jpg)
Read our stuff• Blog
• http://securosis.com/blog
• Research
• http://securosis.com/research
• We publish (almost) everything for free
• Contribute. Make it better.
![Page 36: 2015 Endpoint and Mobile Security Buyers Guide](https://reader037.fdocuments.us/reader037/viewer/2022110308/5575c49ed8b42a312a8b4c76/html5/thumbnails/36.jpg)
Mike RothmanSecurosis LLC
http://securosis.com/blog
Twitter: @securityincite