The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?

The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?

Dana Tamir

IBM Security Trusteer,

Director of Enterprise Security Product Marketing

© 2014 IBM Corporation

IBM Security

2

Introduction

Despite existing security controls, enterprises are breached on a daily basis

Yesterday’s security controls are no longer affective

What is your next step?

4 reasons to consider next-generation protection for enterprise endpoints

© 2014 IBM Corporation3

Business Case #1:Endpoint protections and breach prevention


IBM Security

4

Business Case #1: Endpoint protection and breach prevention


IBM Security

5

The Business Impact of a Data Breach

Lost productivity

Lost revenue

Incident response and breach mitigation

Following implementation of technical controls

Legal Costs, Potential litigation

Potential fines due to compliance requirements

Notification costs

Customer loss

Decline in share value


IBM Security

6


IBM Security

7

Data

Exfiltration

Threats to Employee Endpoints

Credentials Theft

****

Phishing Site

WWW

Spear Phishing WWW

Exploit Site

Malware Infection

Weaponized Attachment

MaliciousLink

Exploit

3rd Party Breach

Direct User Download

6

1

3

2

4

5

7


IBM Security

8

Enterprise Endpoint Security Challenges

Evasive malware

• Anti-viruses (blacklisting)

cannot keep up with the high

volumes of new malware

• Whitelisting processes are

unmanageable

• Polymorphic engines and

other techniques used for

circumventing security controls

• New sophisticated evasion

constantly developed

Major security control

gaps

• Existing products offer no controls for major attack vectors

- Zero-day exploits

- Java-based attacks

- Credentials reuse and exposure

Challenging manageability

and operations

• Unpatched endpoints left due to incomplete patching processes leave the organization exposed

• Need to manage and maintain complex security controls already in place

• IT staff overloaded by number of alerts and notifications generated

• Lack of skilled professionals in the market


IBM Security

9

Solution requirements

1. Ability to protect corporate credentials against theft and exposure

2. Ability to disrupt the exploit chain and prevent drive-by downloads

3. Ability to prevent malware communications and data exfiltration

4. Ability to address endpoint security gaps

5. Ability to protect enterprise endpoints without

increasing IT overhead


Business Case #2:Significantly reducing IT spend on endpoint

protection and mitigation


IBM Security

11

The cost of implementing endpoint security solutions

Risk

Cost

Implementation Costs:

Security Controls

Cost of breach


IBM Security

12

Shortage of Security Professionals


IBM Security

13

Threats

Inability to implement needed

protectionsIT overhead

• Running over the IT budget

• Lack of funds and resources

• Leaving security gaps

• Exposing the organization to

breach attempts

• On-going maintenance tasks

• Dealing with false positives

• High burnout rate of security

professionals

• Professionals not available

for other tasks


IBM Security

14

Implementation Challenges

Large distributed environments:

– Endpoints can be distributed across various locations

– May travel in and out of the network

Implementation on various endpoint configurations:

– Different user endpoints require different configurations

– Different applications require different patches

– BYOC initiatives


IBM Security

15


1. Ability to address multiple threat vectors with a single solution

2. Reduce time and IT resource investment needed for mitigating infected endpoints

3. Easy to deploy and manage in large, distributed environments

4. Simple to deploy on various endpoint configurations

5. Limited impact, transparent to the user


Business Case #3: Eliminating costs associated with “patch panic”


IBM Security

17

New vulnerabilities are discovered at alarming rates!

• Numbers taken from the National Vulnerability Database (NVD)


IBM Security

18

Cybercriminals exploit vulnerabilities to download malware on PCs

Exploit

Deliveryof weaponized

content

Exploitationof app vulnerability

Malwaredelivery

Malware persistency

(…)


IBM Security

19

Threats

Increased risk during

vulnerability window

Rushed patches may

create new problems


IBM Security

20

Patching challenges

Zero-day vulnerabilities:

– Unknown or recently discovered vulnerabilities

for which a patch does not exist

Deploying patches in a timely manner to all user PCs

– Managed, semi-managed, BYOD

Deploying all patches need to protect vulnerable applications

– All applications, all versions

– Java (!)


IBM Security

21


Virtual patching: prevent exploitation of unpatched vulnerabilities

1. Disrupt the exploit chain and prevent endpoint compromise

2. Not dependent on patch availability

3. Not dependent on prior information about the threat


Business Case #4:Extending platform life: Windows XP end-of-life


IBM Security

23

Windows XP end-of-life

Windows XP reached its end-of-life in 2014

Many organizations are still in the process of migrating off these systems

– Many systems still active!

New OS and application vulnerabilities are no longer supported

– Potential for perpetual zero-days


IBM Security

24

Solution Requirement

Prevent exploitation of zero-day vulnerabilities on Windows XP

systems even if a patch never becomes available


IBM Trusteer Apex Advanced

Malware Protection


IBM Security

26

IBM Security Trusteer Apex Advanced Malware Protection Preemptive, multi-layered protection against advanced malware and credentials theft

Effective Real-Time ProtectionUsing multiple layers of defense to

break the threat lifecycle

Security Analysis and

Management Services

provided by IBM Trusteer security

experts

Zero-day Threat ProtectionLeveraging a positive behavior-

based model of trusted application

execution

Trusteer

Apex


IBM Security

27

Apex multi-layered defense architecture

KB to create icon

Threat and Risk ReportingVulnerability Mapping and Critical Event Reporting

Advanced Threat Analysis and Turnkey Service

CredentialProtection

Exploit Chain Disruption

Advanced Malware

Detection and Mitigation

Malicious Communication

Prevention

Lockdownfor Java

Global Threat Research and IntelligenceGlobal threat intelligence delivered in near-real time from the cloud

• Alert and prevent

phishing and

reuse on non-

corporate sites

• Prevent infections

via exploits

• Zero-day defense

by controlling

exploit-chain

choke point

• Mitigates mass-

distributed

advanced malware

infections

• Cloud based file

inspection for

legacy threats

• Block malware

communication

• Disrupt C&C

control

• Prevent data

exfiltration

• Prevent high-risk

actions by

malicious Java

applications


IBM Security

28

Attack Progression

Data exfiltrationExploit

Deliveryof weaponized

content

Exploitationof app vulnerability

Malwaredelivery

Malware persistency

Execution and malicious access

to content

Establish communication

channels

Dataexfiltration

Breaking the Threat LifeCycle

Pre-exploit

0011100101110100001011110001100011001101

Strategic Chokepoint



Advanced Malware

Prevention

Endpoint Vulnerability

Reporting

CredentialProtection

Exploit Chain Disruption

Lockdown for Java

Malicious Communication

Blocking


IBM Security

29

Low operational impact

Advanced threat analysis and turnkey service

Eliminate the traditional

security team approach

(detect, notify,

and manually resolve)

Low-footprint

threat prevention

Exceptional

turnkey service

Low impact

to IT security team

Minimize impact by

blocking only the most

sensitive actions

Centralized risk

assessment service

Directly update

endpoint users


IBM Security

30

Dynamic intelligence

Crowd-sourced expertise in threat research and dynamic intelligence

Global Threat Research and Intelligence

• Combines the renowned

expertise of X-Force with

Trusteer malware research

• Catalog of 70K+

vulnerabilities,17B+ web

pages, and data from

100M+ endpoints

• Intelligence databases

dynamically updated on

a minute-by-minute basis

Real-time sharing of Trusteer intelligence

NEW

Threat

Intelligence

Malware

Analysis

Exploit

Research

Exploit

Triage

Malware

Tracking

Zero-day

Research


IBM Security

31

Apex Blocks Threats that Bypass Other Security Controls!

Technology – 2,000 users (PoC, Monitoring)

- Apex identified an attempt to exploit MS Word that tried to install RAT

- 3 Malicious files that bypassed other security controls

PoC – 200 users (Monitoring)

- Apex prevented attempt to run malicious attachment (spear-phishing)

that tried to download Gamarue (RAT)

- Blocked exploit attempt that tried to download unknown Trojan

Healthcare Provider – 30,000 users (Live, Blocking)

- Aepx blocked over 200 high risk infections over the first weeks

- Apex blocked 4 unknown (never reported before) malicious downloaders

Shipping – 15,000 users (Live, Blocking)

- Blocked “Viking” on PoS

- Apex blocked Ransomeware (CTB-Locker), Keyloggers,

- Apex blocked multiple Trojans and malware downloaders


IBM Security Systems

32

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?

Technology

Transcript of The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?