We all like the idea of a silver bullet—a single, simple solution to a complex problem. Some IT professionals still cling to the vain hope that antivirus alone will protect their endpoints entirely. But today’s endpoints demand even more protection.
In this presentation, led by expert IT security panelists, you will learn:
* The most common attack vectors in today’s IT environment
*Six steps to help you improve endpoint security
*Secrets to an effective defense-in-depth approach
Define a new way of thinking that goes beyond just battling threats to enabling operational improvement.
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
E is for Endpoint: 6 Security Strategies for High Effective IT Professionals
1. E is for Endpoint:
6 Security Strategies
for Highly Effective IT
Professionals
2. Today’s Agenda
Most Common Threats in Today’s Environment
6 Steps to Improve Endpoint Security
Secrets to Effective Defense-in-Depth Approach
Q&A
3. Today’s Panelists
Richard Stiennon Paul Henry Jim Czyzewski
Chief Research Analyst Security & Forensics Analyst Supervisor – Clinical Desktop
IT-Harvest Support
MidMichigan Medical Center
3
4. Most Common Threats
• Hard to dispute the fact that patching
an underlying software flaw in most
cases is the best defense
• In the current environment 72% of
vulnerabilities have a patch
available within 24 hours of
disclosure
• In the current environment 77% of
vulnerabilities have a patch
available within 30 days of
disclosure
• Microsoft data indicates that in the first
half of 2011 Zero Day attacks
amounted to less the 1% of the attack
surface
Patch or get hacked the Source http://www.zdnet.com/blog/security/report-third-
choice is yours…
party-programs-rather-than-microsoft-programs-
responsible-for-most-vulnerabilities/10383?tag=nl.e539
4
5. Most Common Threats
• Vulnerable software is not just a
Microsoft problem…
• Third party software historically has
had more unpatched vulnerabilities
then Microsoft
• Java is your number one issue today
followed by Adobe – the leader for the
past couple of years
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-
programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
Bottom line is WSUS is
not going to save you !
Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-
insecure-java-versions/9541?tag=content;siu-container
5
6. Most Common Threats
• Hackers are always going to take
advantage of areas that simply are not
properly handled by defenders
• Looking at the chart on the right is
there any question why Java, Adobe
and QuickTime are favored by the Bad
Guys
• In case you missed it the chart is
showing the “Most Outdated Web
Browser Plugins”
What did you really Source: http://www.zscaler.com/state-of-web-q3-2011.html
think was going to
happen?
6
7. Most Common Threats
• It is important to remember that
taking advantage of a vulnerability is
not really the “End Game” for a bad
guy
• The Vulnerability only
represents a “Delivery
Mechanism”
• The “End Game” is actually to
allow them to Execute Malicious
Code in your environment
• Why are we focusing on the delivery
method not the end game
• Duh - because everyone else is
• Hackers will always beat us in the
delivery mechanism “Arms Race”
• Get ahead of the problem by
focusing on the End Game
7
9. 1 - Think Different
Traditional Emerging Defense
Endpoint in Depth Endpoint
Security Security Stack
Blacklisting
As The Core
Consumerization
Zero of IT Patch &
Day Configuration
Mgmt.
Malware
3rd Party
As a
Application
Service
Risk
9
10. 2 – Eliminate Exploitable Surface Area
Areas of Risk
• Patch and configuration analysis and delivery are at the Endpoint
needed across all systems; operating systems
5%
and applications. Zero-Day
• Unmanaged endpoints on the network are
unknown and unprotected. 30%
Missing Patches
• Application and operating system patching is not
benchmarked or continuously enforced.
• Standard configurations are not assessed or
65%
enforced. Misconfigurations
• Un-patched browsers represent the highest risk
for web-borne malware.
Source: John Pescatore Vice
President, Gartner Fellow
10
12. 4 - Protect Your Data
Targeted Attacks Malicious Insider Negligent Insider
12
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
13. 5 - Reduce Complexity and Cost
Effective Effective
but not Efficient And Efficient
Many Consoles
IT Control Made Simple
Single
Console
• Agile platform architecture
• Leverage existing endpoint
technology
• Reduced integration and
maintenance costs Agile architecture
Disparate
Architecture • Improved endpoint performance
• More effective endpoint security
Single Promotable
Agent
Many
Agents
13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
14. 6 – Relating Risk to the Business
Strategic Tactical
Business Impact Compliance & IT Risk Compliance Audit Operational Assessment
Exposure & Reporting
6 – Relating Risk to the Business
Compliance & IT Risk
Management Console
Integrated strategic compliance and IT risk visibility with tactical assessment
information to maintain continuous monitoring of organizational compliance & policy
14
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
15. Best Practices: Lessons Learned From the Field
• Virtualize the Endpoint
» Security Management becomes easier since you are now only securing the
virtual desktop pool instead of hundreds of endpoints
» You remove the chance of any data residing on the endpoint
• Scan Unmanaged Clients
» Clients without security management software need to be identified,
monitored and remediated (if possible)
• Test, Test, Test
» We have over 600 applications running
» Patch, Remediation, and Configuration changes can have different effects
» Utilize Production Testing
• End User Education
» Keep them aware of the threats
» Inform them what it is you‟re are doing and why you‟re doing it
15
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
16. Tips for Securing Endpoints
• Think „least privilege‟ when choosing platforms
» While Microsoft‟s strategy of the same code everywhere serves their purpose, it is not
the most secure strategy for an enterprise.
» Kiosks, single purpose machines (medical equipment), mobile devices, and embedded
systems should run on specialized Oos with reduced functionality to reduce exposed
attack surface.
• NSA Approved Whitelisting for Most Critical Systems
» Start the transition to whitelisting as the primary defense, and AV as the back-up.
• What Endpoint Security Strategy is Best for New Data Centers & Cloud
Environments?
» Virtualization makes cleanup (post infection) easier but exposes critical systems to wide
spread attacks.
• Consider Virtual Desktops (VDI)
» For tasks like call centers, data entry and accounting
• Server Lockdown: Neglected in Many Environments
» Systems that do not change, often should have rigid controls.
A Secure endpoint should consider the network hostile, just as a secure
network should consider the endpoints as hostile. (And secure apps
should treat the user as hostile.)
17. More Information
• Quantify Your IT Risk with Free E is for Endpoint: 6 Strategies for
Scanners Highly Effective IT Pros
» http://www.lumension.com/special-offer/
premium-security-tools.aspx http://www.lumension.com/E-is-for-Endpoint.aspx
• Lumension® Endpoint Management
and Security Suite
» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
17