E is for Endpoint: 6 Security Strategies

for Highly Effective IT

Professionals

Today’s Agenda

Most Common Threats in Today’s Environment

6 Steps to Improve Endpoint Security

Secrets to Effective Defense-in-Depth Approach

Q&A

Today’s Panelists

3

Richard StiennonChief Research Analyst

IT-Harvest

Paul HenrySecurity & Forensics Analyst

Jim CzyzewskiSupervisor – Clinical Desktop

Support

MidMichigan Medical Center

4

Most Common Threats

• Hard to dispute the fact that patching

an underlying software flaw in most

cases is the best defense

• In the current environment 72% of

vulnerabilities have a patch

available within 24 hours of

disclosure

• In the current environment 77% of

vulnerabilities have a patch

available within 30 days of

disclosure

• Microsoft data indicates that in the first

half of 2011 Zero Day attacks

amounted to less the 1% of the attack

surface

Patch or get hacked the

choice is yours…Source http://www.zdnet.com/blog/security/report-third-

party-programs-rather-than-microsoft-programs-

responsible-for-most-vulnerabilities/10383?tag=nl.e539

5

Most Common Threats

• Vulnerable software is not just a

Microsoft problem…

• Third party software historically has

had more unpatched vulnerabilities

then Microsoft

• Java is your number one issue today

followed by Adobe – the leader for the

past couple of years

Bottom line is WSUS is

not going to save you !

Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-

programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539

Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-

insecure-java-versions/9541?tag=content;siu-container

6

Most Common Threats

• Hackers are always going to take

advantage of areas that simply are not

properly handled by defenders

• Looking at the chart on the right is

there any question why Java, Adobe

and QuickTime are favored by the Bad

Guys

• In case you missed it the chart is

showing the “Most Outdated Web

Browser Plugins”

What did you really

think was going to

happen?

Source: http://www.zscaler.com/state-of-web-q3-2011.html

7

Most Common Threats

• It is important to remember that

taking advantage of a vulnerability is

not really the “End Game” for a bad

guy

• The Vulnerability only

represents a “Delivery

Mechanism”

• The “End Game” is actually to

allow them to Execute Malicious

Code in your environment

• Why are we focusing on the delivery

method not the end game

• Duh - because everyone else is

• Hackers will always beat us in the

delivery mechanism “Arms Race”

• Get ahead of the problem by

focusing on the End Game

6 Steps to Improve Endpoint Security

1 - Think Different

Blacklisting

As The Core

Zero

Day

3rd Party

Application

Risk

Malware

As a

Service

Consumerization

of IT

Traditional

Endpoint

Security

Patch &

Configuration

Mgmt.

Emerging Defense

in Depth Endpoint

Security Stack

9

2 – Eliminate Exploitable Surface Area

•Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.

•Unmanaged endpoints on the network are unknown and unprotected.

•Application and operating system patching is not benchmarked or continuously enforced.

•Standard configurations are not assessed or enforced.

•Un-patched browsers represent the highest risk for web-borne malware.

Source: John Pescatore Vice

President, Gartner Fellow

30%

Missing Patches

Areas of Risk

at the Endpoint

65%

Misconfigurations

5%

Zero-Day

10

3: Defining a Trusted Environment

11

4 - Protect Your Data

12PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Attacks Malicious Insider Negligent Insider

5 - Reduce Complexity and Cost

13PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Single

Console

Agile architecture

Single Promotable

Agent

Many Consoles

Disparate

Architecture

Many

Agents

IT Control Made Simple

• Agile platform architecture

• Leverage existing endpoint

technology

• Reduced integration and

maintenance costs

• Improved endpoint performance

• More effective endpoint security

Effective

but not Efficient

Effective

And Efficient

1414

Compliance & IT Risk

Management Console

14PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

6 – Relating Risk to the Business

Business Impact Compliance Audit

& Reporting

Compliance & IT Risk

Exposure

Operational Assessment

Strategic Tactical

Integrated strategic compliance and IT risk visibility with tactical assessment

information to maintain continuous monitoring of organizational compliance & policy

6 – Relating Risk to the Business

•Virtualize the Endpoint

» Security Management becomes easier since you are now only securing the

virtual desktop pool instead of hundreds of endpoints

» You remove the chance of any data residing on the endpoint

•Scan Unmanaged Clients

» Clients without security management software need to be identified,

monitored and remediated (if possible)

•Test, Test, Test

» We have over 600 applications running

» Patch, Remediation, and Configuration changes can have different effects

» Utilize Production Testing

•End User Education

» Keep them aware of the threats

» Inform them what it is you‟re are doing and why you‟re doing it

15PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Best Practices: Lessons Learned From the Field

Tips for Securing Endpoints•Think „least privilege‟ when choosing platforms

» While Microsoft‟s strategy of the same code everywhere serves their purpose, it is not

the most secure strategy for an enterprise.

» Kiosks, single purpose machines (medical equipment), mobile devices, and embedded

systems should run on specialized Oos with reduced functionality to reduce exposed

attack surface.

•NSA Approved Whitelisting for Most Critical Systems

» Start the transition to whitelisting as the primary defense, and AV as the back-up.

•What Endpoint Security Strategy is Best for New Data Centers & Cloud

Environments?

» Virtualization makes cleanup (post infection) easier but exposes critical systems to wide

spread attacks.

•Consider Virtual Desktops (VDI)

» For tasks like call centers, data entry and accounting

•Server Lockdown: Neglected in Many Environments

» Systems that do not change, often should have rigid controls.

A Secure endpoint should consider the network hostile, just as a secure

network should consider the endpoints as hostile. (And secure apps

should treat the user as hostile.)

More Information

• Quantify Your IT Risk with Free

Scanners» http://www.lumension.com/special-offer/

premium-security-tools.aspx

• Lumension® Endpoint Management

and Security Suite» Demo:

http://www.lumension.com/endpoint-

management-security-suite/demo.aspx

» Evaluation:

http://www.lumension.com/endpoint-

management-security-suite/free-trial.aspx

E is for Endpoint: 6 Strategies for

Highly Effective IT Pros

http://www.lumension.com/E-is-for-Endpoint.aspx

17

Q&A

Global Headquarters

8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com

http://blog.lumension.com