Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered. There have been a number of ways today's more willful attackers have been able to breach networks to siphon off data over periods of weeks or months. Download these webcast slides from SC Magazine, as they sit down with an industry expert to discuss how third-party apps of various kinds are proving a workable conduit for them.

1. APTs:
The Role of Third-Party Applications
Russ Ernst
Group Product Manager, Lumension

2. APT Attack Vectors

3. Cybercriminals Focus on 3rd
Party Apps
 7 out of 10 organizations feel that cyber criminals are
shifting their efforts toward third-party apps
 ¾ of Large Enterprise shifting focus from OS based
attacks to 3rd party apps
 Is this a surprise to you?

4. Cyber Criminals - Focus on 3rd Party Apps
59% of Organizations have more
than 10 Third-Party Apps on a
Typical Endpoint
How Many Are Considered
Mission-Critical?
4% 3%
10%
1 to 5
6 to 10
10 to 15
27% 56%
15 to 20
More than 20

5. Addressing Patch Lag
 Time to fix – time between vulnerability is publicly
disclosed and when vendor provides remediation
 Time to patch – time between remediation is
available and end user machines are patched

6. 3rd Party Apps Causing Concern
 Larger companies use more 3rd party apps than
smaller companies
 Only 1 to 5 of these are critical to their operations
 Apps that cause the most concern:
– Adobe Flash and Acrobat – Office
– Java – VMware
– Internet Explorer – Skype

7. Third-Party Apps
Causing Concern

8. Wouldn’t it Be Easier to Abandon
3rd Party Apps?
 Turning off Java sounds easy
– Apple regularly does it automatically with no notification
– Are you sure you’ve removed all instances of Java?
 Does eliminating 3rd party apps really solve the problem?
– What business processes require 3rd party apps?

9. Banning Third-Party Apps?

10. Is Visibility into Third-Party Apps
Important?

11. What’s the Best Practice to
Prevent Unauthorized Apps?

12. What Can You Do Right Now?
Only allow business critical apps on specific PCs to
reduce the overall enterprise Threat Envelope
1. Identify if there is a real business or usability need for the
application before it is approved for users.
2. Identify assets that do not require apps and uninstall
unneeded applications.
3. Ensure that all required apps are patched on an approved
schedule.
4. Isolate critical systems that are business process sensitive
from the production environment as much as possible.

13. End Users Are Your Weakest Link
 Be Aware of What You Share – End User Resource Center
http://www.lumension.com/be-aware

14. Focus On The End Game
 The best approach is to use mitigating
layered controls and processes on endpoints
including:
– Application control whitelisting to defend against unknown
payloads
– Enable native memory security controls in Windows including
DEP and ASLR to limit the success of generic memory based
attacks
– Deploy advanced memory-injection attack protection including
RMI and Skape/JT to interrupt advanced memory attacks
– Use Device control to block USB-borne malware
– Utilize Strong patch management practices
– Blacklist outdated plugin versions
– Adopt the concept of least privilege for end users

15. Defense-in-Depth Strategy
Successful risk mitigation
AV
Control the Bad
starts with a solid vulnerability
management
Device Control foundation, augmented by
Control the Flow additional layered defenses
which go beyond the traditiona
blacklist approach.
HD and Media Encryption
Control the Data
Application Control
Control the Gray
Patch and Configuration Management
Control the Vulnerability Landscape
15

16. More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Vulnerability Scanner – discover all OS and http://www.lumension.com/endpoint-
application vulnerabilities on your network management-security-suite/buy-now.aspx#2
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/special-
offer/premium-security-tools.aspx
• Lumension® Endpoint
Management and Security
Suite
» Online Demo Video:
http://www.lumension.com/Resources/Demo-
Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
16