2. About Securosis
• Independent analysts with backgrounds on
both the user and vendor side.
• Focused on deep technical and industry
expertise.
• We like pragmatic.
• We are security guys - that’s all we do.
3.
4. Advanced Malware is
Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow their trail.
• But first you need to
understand the kill chain.
http://flic.kr/p/4UPRJ7
9. How customers view
Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not is not
the issue.
• And to be clear, traditional
anti-malware technology
doesn’t work anymore.
http://flic.kr/p/9kC2Q1
10. Adversaries: Better
and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.flickr.com/photos/dzingeek/4587871752/
11. You don’t know what malware
is going to look like...
But you DO know what
software should and should
not do.
12. Advanced Protection
Techniques
• Better Heuristics
• Profile the “Big 7” (browsers,
Java, Adobe, Word, Excel,
PPT, Outlook)
• “Application HIPS”
• Better Isolation (Sandboxes)
• Browser Isolation
• O/S Isolation (virtualization)
• White Listing (endpoints
user experience impact,
good for servers)
• Endpoint Activity Monitoring
• Device Forensics
• Retrospective Alerting
18. Configuration Management
Technology Considerations
• Coverage (OS and apps)
• Discovery
• Supported standards
and benchmarks
• Agent vs. agentless
• Handling remote devices
• Integration with
operational processes
• Policy exceptions
• Who has the “special
machines?”
19. Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr.com/photos/rave2npg/2667464740/
21. Device Control
Technology
Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (small footprint)
• Hardware key logger
protection
• Offline support
• Forensics
• Grace periods/User
override
22. Blurring lines between
technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management &
IT Ops
• Device Control with Endpoint
DLP
• Who wants the hot potato?
• Accountability and
organizational complexities
http://www.flickr.com/photos/zen/253267347/
24. BYOD
• Not just mobile devices
• Selective
enforcement/granularity of
policies
• Require Anti-malware?
• Manage Hygiene?
http://www.flickr.com/photos/jennip/8465930151/
25. Mobility/Smart Devices
• Management a bigger problem
than security (for now)
• Mobile malware?
• MDM/MAM and other
management technologies
• Containers
http://www.flickr.com/photos/becw/2404120929/
30. To Cloud or
Not to Cloud
• No server management
• Uptime
• Multi-tenancy: Data
segregation and protection
• User experience
http://www.flickr.com/photos/52859023@N00/644335254
31. Buying Process/
Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Confirm with peer group
• Big vs. small vendor
• Platform vs. pricing leverage
• Research & Intelligence
http://www.flickr.com/photos/jeffanddayna/4081090389/
32. Summary
• Don’t forget about the
security of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app vulnerabilities
• Malware protection remains a
cat/mouse game
• BYOD/Mobility just another
consideration
http://www.flickr.com/photos/74571262@N08/6710953053/
33. Read our stuff
• Blog
• http://securosis.com/blog
• Research
• http://nexus.securosis.com/
• http://securosis.com/research
• We publish (almost) everything for free
• Contribute. Make it better.