DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Management - Riga NOV 2011
1. Good Morning!
“Real time IT security risk and compliance
management”
Thomas Wendrich, Director Nordics & CIS, Lumension Security
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
4. 2. ENDPOINT SECURITY
Traditional
Endpoint Security
Blacklisting
As The Core
Zero Day Volume of
Malware
3rd Party Malware
Application As a
Risk Service
5. A Perfect Storm At The Endpoint
Rising Increasing
Costs Threats
Ineffectiveness of
AntiVirus
5
18. IT Networks today …globally & virtually distributed
Cloud-based
Computing
Remote Offices
Mobile Endpoints & Subsidiaries
Internet WAN
Corporate
HQ
Data
Center
19. 4. COMPLIANCE
PCI DSS, PA DSS, 27001, CoBiT, Basel II, SOX, VbV, MC SecureCode
National Bank regulations … … …
20. Mounting External Compliance Regulations
PII Security
3 out 4 organizations must comply with two or Standards
more regulations and corresponding audits. Sarbanes-Oxley,
Section 404
PCI Data Security PCI Data Security
43% of organizations comply with 3 or more Standards (DSS) Standards (DSS)
regulations. Basel II Basel II
SB1386 SB1386 SB1386
(CA Privacy Act) (CA Privacy Act) (CA Privacy Act)
USA Patriot Act USA Patriot Act USA Patriot Act USA Patriot Act
Gramm Leach Gramm Leach Gramm Leach Gramm Leach Gramm Leach
Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA)
21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11
HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA
EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive
*The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com
Time
21. Today Organizations Spend 30-50%
More On Compliance Than They Should
Our IT Networks Were Never Designed With
Compliance In Mind
24. Lumension-at-a-Glance
» 18% 4-Year Revenue
» Founded 1991 CAGR
» 300 Employees Worldwide » Industry-Leading Patented
Technology
» Dedicated Operations » Over 5,000 worldwide
in 8 Countries customers
» Deloitte Tech Fast 500 » ~14M Nodes Managed
Diversified customer base in Public Sector, Financial Services, Professional Services and Healthcare
24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
25. Lumension Leads the Way
Market Share Leader: Patch Management, Enterprise Risk Management, Device Control
First cross-platform First credentialed- First to introduce First Patent pending First
and application patch based vulnerability whitelisting / patented Risk Intelligence Intelligent
management solution scanner file “shadowing” Engine Whitelisting
technology
1991 2007 2009 2010
25
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
27. How about these technologies …
•Ethernet
•Graphical user interface
•Mouse
•Laser printing
•Object-oriented programming
•WYSIWYG & file formatting
•Fiber Optics
•Encryption Systems
•Optical storage
•WORM
•Natural Language processing
•Solid –State Laser
28. Putting the Enterprise Back in Control
Malware
Signatures
Reduce Costs with
dynamically deployed
IWL in an operational
environment
Costs of dealing
w/ Incidents
Effectiveness
of current
technologies
2009
2004
30 million Malware
3 million Malware
signatures
28
signatures
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
29. The State of Endpoint Insecurity
“Over 90% of cyber attacks exploit known
security flaws for which a remediation is
available” Gartner
» Malware has increased by 500% and major
AV firms are falling behind on documenting
known signatures. 1
» 2M+ malware signatures identified monthly
» Nearly 90% of vulnerabilities could be
exploited remotely 2.
» 19 new vulnerabilities are released per day. 3
» Average cost of a data breach $6.75M. 4
» 70% of all serious data incidents sparked by
Sources:
an insider. 5
1 : AV-test.org
2 : Aberdeen Group Vulnerability Management Report, 2008
3 : National Vulnerability Database, April 9, 2010
4 : Ponemon Institute ,2010
5 : IDC Security Report, 2007
29
30. The State of Endpoint Complexity
“Point technologies tax IT resources with additional
administration, integration, and maintenance,
burden while limiting user productivity”
» 3-5 different software consoles are used
in the day to day management of endpoint
security & operational functions.*
» The average endpoint has 3-5 agents
installed.*
» 49% of endpoint TCO is associated with
security and operational management.**
» 52% of IT Operations professionals cite a
lack of integration across technologies as
the #1 security risk.*
*Ponemon Institute, State of The Endpoint, 2009
** Aberdeen Research, Endpoint Security, Endpoint Management, 2009
30
31. Lumension® Endpoint Management Platform
Single endpoint management
solution on a unified platform
Patch & Remediation
Power Management
Application Control
» Ease of management
» Feature extensibility via separately
n Module
Antivirus
licensed modules
» Integrated endpoint security
workflows
Reduced management overhead
» Integrated console Lumension® Endpoint
Management Platform
» Centralized visibility and control
» Single agent architecture
31 31
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
32. Unified Management Console
Unified Management Console
» Role-based workflows
» Consolidated data
» Intuitive web interface
2009 Integration
» Central control &
visibility
Endpoint Operations
» Operational & strategic
Endpoint Security
reporting
Compliance
» Improved productivity
32
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
33. Modular Agent - Pluggable Enterprise Service Bus
•Single common agent delivers
and manages many capabilities
via pluggable services
Patch and Remediation
Event Queue
Application Control •Provides single, integrated
Client Transport
communication mechanism
between the L.E.M.S.S. agent
COMM
Security
and the server
•Monitors and secures L.E.M.S.S.
modules on the endpoint
33
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
34. Lumension Endpoint Management and Security Suite: Dashboard
34
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
35. Lumension Endpoint Management Platform
Endpoint Lumension Lumension
Platform
IWL
IT GRC
Management Intelligent Risk
Security Whitelisting Manager
Suite
35
36. OBJECTIVE? COMPLIANCE? …where we are?
Today Most Businesses & Governments are Compliance-Centric
Business value expectations
Business transformation Risk
Centric
Control and efficiency Security
Centric
Operations
support Compliance
Centric
Forrester 2010
IT Security Capability
36
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
37. Challenges in Compliance and Risk Management
Business Interests
Databases
ISO 27001
Applications
Partners Internal Policy
Processes Auditor
PCI DSS
Workstations
Facilities VbV
Networks
MC SecureCode
Servers
...
Stakeholders
38. What is your Security Posture?
Organizations lack the visibility across Compliance & IT Risk exposure and are
unable to take proactive action
Key Questions to ask
Can you currently assess your
? Compliance & IT Risk posture?
What’s your security posture?
? How are your departments
?
Executive
? doing in complying with
policy?
Management
? What and where are your
deficiencies?
What is the impact to your
? business if you have a data
breach?
2009 Enterprise Management Associates Survey of IT Governance Risk & Control
38
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
39. Lumension® Risk Manager: Vision and Strategy
What is the Security Posture Index?
1.Security Posture Index is a score that tells a CISO, Director
of Infosec, Security Team how secure they are…over time.
2.Security Posture Index includes:
» An index or score, shown in LRM as the Security Posture Index (SPI)
» A set of metrics measuring risk against the criticality of your assets
» Trending information showing compliance to your internal policies
» Analytics and impact analysis
» Remediation projects
39
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
40. Security Posture Index
Comprehensive
» Gain true visibility into your security posture through the measurement
of technical, procedural, and physical controls
» LRM is built on a comprehensive framework that incorporates all
types of controls
40 40
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
41. Security Posture Index
Current
» Good visibility depends
on current data
» LRM provides
automatic
assessments for data
collection through
connectors
» We capture scoring
evidence from systems
we connect to daily,
quarterly, annually
41 41
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
42. Security Posture Index
Current
» We also collect data from things
that can’t be scanned!
• Assessment workflows
• Survey capabilities
42
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
43. LRM Continuous Monitoring
Strategic Tactical
Business Impact Compliance & IT Risk Compliance Audit Operational Assessment
Exposure & Reporting
Compliance & IT Risk
Management Console
Integrated strategic compliance and IT risk visibility with tactical assessment
information to maintain continuous monitoring of organizational compliance & policy
43
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
44. LAC: Application Scanner 2.0 – Assess Files
44
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION