The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
-
Upload
ibm-security -
Category
Technology
-
view
371 -
download
0
Transcript of The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
Dana Tamir
IBM Security Trusteer,
Director of Enterprise Security Product Marketing
© 2014 IBM Corporation
IBM Security
2
Introduction
Despite existing security controls, enterprises are breached on a daily basis
Yesterday’s security controls are no longer affective
What is your next step?
4 reasons to consider next-generation protection for enterprise endpoints
© 2014 IBM Corporation
IBM Security
5
The Business Impact of a Data Breach
Lost productivity
Lost revenue
Incident response and breach mitigation
Following implementation of technical controls
Legal Costs, Potential litigation
Potential fines due to compliance requirements
Notification costs
Customer loss
Decline in share value
© 2014 IBM Corporation
IBM Security
7
Data
Exfiltration
Threats to Employee Endpoints
Credentials Theft
****
Phishing Site
WWW
Spear Phishing WWW
Exploit Site
Malware Infection
Weaponized Attachment
MaliciousLink
Exploit
3rd Party Breach
Direct User Download
6
1
3
2
4
5
7
© 2014 IBM Corporation
IBM Security
8
Enterprise Endpoint Security Challenges
Evasive malware
• Anti-viruses (blacklisting)
cannot keep up with the high
volumes of new malware
• Whitelisting processes are
unmanageable
• Polymorphic engines and
other techniques used for
circumventing security controls
• New sophisticated evasion
constantly developed
Major security control
gaps
• Existing products offer no controls for major attack vectors
- Zero-day exploits
- Java-based attacks
- Credentials reuse and exposure
Challenging manageability
and operations
• Unpatched endpoints left due to incomplete patching processes leave the organization exposed
• Need to manage and maintain complex security controls already in place
• IT staff overloaded by number of alerts and notifications generated
• Lack of skilled professionals in the market
© 2014 IBM Corporation
IBM Security
9
Solution requirements
1. Ability to protect corporate credentials against theft and exposure
2. Ability to disrupt the exploit chain and prevent drive-by downloads
3. Ability to prevent malware communications and data exfiltration
4. Ability to address endpoint security gaps
5. Ability to protect enterprise endpoints without
increasing IT overhead
© 2014 IBM Corporation10
Business Case #2:Significantly reducing IT spend on endpoint
protection and mitigation
© 2014 IBM Corporation
IBM Security
11
The cost of implementing endpoint security solutions
Risk
Cost
Implementation Costs:
Security Controls
Cost of breach
© 2014 IBM Corporation
IBM Security
13
Threats
Inability to implement needed
protectionsIT overhead
• Running over the IT budget
• Lack of funds and resources
• Leaving security gaps
• Exposing the organization to
breach attempts
• On-going maintenance tasks
• Dealing with false positives
• High burnout rate of security
professionals
• Professionals not available
for other tasks
© 2014 IBM Corporation
IBM Security
14
Implementation Challenges
Large distributed environments:
– Endpoints can be distributed across various locations
– May travel in and out of the network
Implementation on various endpoint configurations:
– Different user endpoints require different configurations
– Different applications require different patches
– BYOC initiatives
© 2014 IBM Corporation
IBM Security
15
Solution requirements
1. Ability to address multiple threat vectors with a single solution
2. Reduce time and IT resource investment needed for mitigating infected endpoints
3. Easy to deploy and manage in large, distributed environments
4. Simple to deploy on various endpoint configurations
5. Limited impact, transparent to the user
© 2014 IBM Corporation
IBM Security
17
New vulnerabilities are discovered at alarming rates!
• Numbers taken from the National Vulnerability Database (NVD)
© 2014 IBM Corporation
IBM Security
18
Cybercriminals exploit vulnerabilities to download malware on PCs
Exploit
Deliveryof weaponized
content
Exploitationof app vulnerability
Malwaredelivery
Malware persistency
(…)
© 2014 IBM Corporation
IBM Security
19
Threats
Increased risk during
vulnerability window
Rushed patches may
create new problems
© 2014 IBM Corporation
IBM Security
20
Patching challenges
Zero-day vulnerabilities:
– Unknown or recently discovered vulnerabilities
for which a patch does not exist
Deploying patches in a timely manner to all user PCs
– Managed, semi-managed, BYOD
Deploying all patches need to protect vulnerable applications
– All applications, all versions
– Java (!)
© 2014 IBM Corporation
IBM Security
21
Solution requirements
Virtual patching: prevent exploitation of unpatched vulnerabilities
1. Disrupt the exploit chain and prevent endpoint compromise
2. Not dependent on patch availability
3. Not dependent on prior information about the threat
© 2014 IBM Corporation
IBM Security
23
Windows XP end-of-life
Windows XP reached its end-of-life in 2014
Many organizations are still in the process of migrating off these systems
– Many systems still active!
New OS and application vulnerabilities are no longer supported
– Potential for perpetual zero-days
© 2014 IBM Corporation
IBM Security
24
Solution Requirement
Prevent exploitation of zero-day vulnerabilities on Windows XP
systems even if a patch never becomes available
© 2014 IBM Corporation
IBM Security
26
IBM Security Trusteer Apex Advanced Malware Protection Preemptive, multi-layered protection against advanced malware and credentials theft
Effective Real-Time ProtectionUsing multiple layers of defense to
break the threat lifecycle
Security Analysis and
Management Services
provided by IBM Trusteer security
experts
Zero-day Threat ProtectionLeveraging a positive behavior-
based model of trusted application
execution
Trusteer
Apex
© 2014 IBM Corporation
IBM Security
27
Apex multi-layered defense architecture
KB to create icon
Threat and Risk ReportingVulnerability Mapping and Critical Event Reporting
Advanced Threat Analysis and Turnkey Service
CredentialProtection
Exploit Chain Disruption
Advanced Malware
Detection and Mitigation
Malicious Communication
Prevention
Lockdownfor Java
Global Threat Research and IntelligenceGlobal threat intelligence delivered in near-real time from the cloud
• Alert and prevent
phishing and
reuse on non-
corporate sites
• Prevent infections
via exploits
• Zero-day defense
by controlling
exploit-chain
choke point
• Mitigates mass-
distributed
advanced malware
infections
• Cloud based file
inspection for
legacy threats
• Block malware
communication
• Disrupt C&C
control
• Prevent data
exfiltration
• Prevent high-risk
actions by
malicious Java
applications
© 2014 IBM Corporation
IBM Security
28
Attack Progression
Data exfiltrationExploit
Deliveryof weaponized
content
Exploitationof app vulnerability
Malwaredelivery
Malware persistency
Execution and malicious access
to content
Establish communication
channels
Dataexfiltration
Breaking the Threat LifeCycle
Pre-exploit
0011100101110100001011110001100011001101
Strategic Chokepoint
Strategic Chokepoint
Strategic Chokepoint
Advanced Malware
Prevention
Endpoint Vulnerability
Reporting
CredentialProtection
Exploit Chain Disruption
Lockdown for Java
Malicious Communication
Blocking
© 2014 IBM Corporation
IBM Security
29
Low operational impact
Advanced threat analysis and turnkey service
Eliminate the traditional
security team approach
(detect, notify,
and manually resolve)
Low-footprint
threat prevention
Exceptional
turnkey service
Low impact
to IT security team
Minimize impact by
blocking only the most
sensitive actions
Centralized risk
assessment service
Directly update
endpoint users
© 2014 IBM Corporation
IBM Security
30
Dynamic intelligence
Crowd-sourced expertise in threat research and dynamic intelligence
Global Threat Research and Intelligence
• Combines the renowned
expertise of X-Force with
Trusteer malware research
• Catalog of 70K+
vulnerabilities,17B+ web
pages, and data from
100M+ endpoints
• Intelligence databases
dynamically updated on
a minute-by-minute basis
Real-time sharing of Trusteer intelligence
NEW
Threat
Intelligence
Malware
Analysis
Exploit
Research
Exploit
Triage
Malware
Tracking
Zero-day
Research
© 2014 IBM Corporation
IBM Security
31
Apex Blocks Threats that Bypass Other Security Controls!
Technology – 2,000 users (PoC, Monitoring)
- Apex identified an attempt to exploit MS Word that tried to install RAT
- 3 Malicious files that bypassed other security controls
PoC – 200 users (Monitoring)
- Apex prevented attempt to run malicious attachment (spear-phishing)
that tried to download Gamarue (RAT)
- Blocked exploit attempt that tried to download unknown Trojan
Healthcare Provider – 30,000 users (Live, Blocking)
- Aepx blocked over 200 high risk infections over the first weeks
- Apex blocked 4 unknown (never reported before) malicious downloaders
Shipping – 15,000 users (Live, Blocking)
- Blocked “Viking” on PoS
- Apex blocked Ransomeware (CTB-Locker), Keyloggers,
- Apex blocked multiple Trojans and malware downloaders
© 2013 IBM Corporation
IBM Security Systems
32
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.