Ensuring that your enterprise IT infrastructure is secure is a challenging job even under ideal conditions. Using endpoint security, deploying firewalls and keeping your servers and clients patched with the latest security updates can only go so far. Over the last few years, an increasing number of attacks have been aimed at attacking vulnerabilities in third-party applications. IT administrators would be wise to discover, analyze, and either patch or remove third-party applications as yet another aspect of a cohesive security posture. In this security webinar, Windows IT Pro Industry News Analyst and security columnist Jeff James and Chris Merritt, director of solution marketing for Lumension, discuss some tips and best practices for managing and securing third-party applications in your IT environment.
Time Series Foundation Models - current state and future directions
Why Application Control is Vital for IT Security
1. The Case for Application Control With Jeff James Security Columnist, Windows IT Pro
2. Meet our Expert Jeff James is industry news analyst for Windows IT Pro . He was previously editor in chief of Microsoft TechNet Magazine , was an editorial director at the LEGO Company, and has more than 15 years of experience as a technology writer and journalist.
3. What is Application Control? Windows Server 2008 and Windows 7 are the most secure versions of Windows ever. Yet even with aggressive patching and updating of server and client OSes, far too many third-party and “rogue” apps create security vulnerabilities. An effective IT security posture needs to include avoidance of dangerous apps and effective management of approved third-party applications . “ Microsoft: Windows is Secure, Applications Not So Much” – Paul Thurrott, Windows IT Pro
4. Application Control Growth “ Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver
5.
6.
7. Tip #2 - Limit Admin Rights and Privileges Limit the rights assigned to administrator accounts as much as possible, and use restricted groups policies to restrict membership of sensitive groups. Configure accounts to expire on a regular basis.
8. Tip #3 – Leverage Windows 7 User Access Control (UAC) UAC – when managed properly – can be a helpful tool in an IT administrator’s application control toolbox.
9. Tip #4 - Explore Windows 7 AppLocker Applocker – a feature found in Windows 7 Ultimate and Enterprise -- can be used to prevent unlicensed software, stop users from running unauthorized applications, and only allow users to run approved applications and software updates. Resource : “AppLocker in Windows Server 2008 R2 and Windows 7” by Jan DeClercq - www.windowsitpro.com - InstantDoc ID 104625
10. Tip #5 – Consider Whitelisting Software Anti-virus (AV) and anti-malware software are important parts of any IT security toolbox, but the reality is that traditional signature-based AV doesn’t provide effective protection by itself in today’s threat environment. In addition to AV, implement an application white listing solution such as Microsoft AppLocker or a more robust and comprehensive third-party solution. Resource : “Comparative Review: Application Restriction Products” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 129350
11. Bonus Tip - Use Data Protection Create and enforce policies that outline best practices for data use and protection, including encryption usage and policies for removable media. Enforcing these policies will decrease the likelihood of manually-delivered malware and other malevolent software from attacking your network.
12. Security Resources Windows IT Pro Security page http://www.windowsitpro.com/categories/category/Security.aspx Windows IT Pro Security Blog http://www.windowsitpro.com/blogs/security.aspx Russell Smith’s Least Privilege Security Blog http://leastprivilegesecurity.blogspot.com
13. Q & A For follow up information, contact Jeff James at [email_address] or on Twitter at @jeffjames3. Thank You!
14. Lumension® Intelligent Whitelisting™ Integrated Endpoint Protection using Lumension ® Endpoint Management and Security Suite Chris Merritt, Solution Marketing
22. Lumension Endpoint Management and Security Suite Intelligent Whitelisting L.E.M.S.S. Discovery & Agent Deployment Role Based Access Control HW/SW Inventory Assessment Enhanced Wake-on-LAN Active Directory Synchronization Centralized Reporting Scalable | Single Extensible Agent | Modular Products | Secure
23.
24.
25.
26.
27.
28.
29.
30.
31. Reduce Local Admin Risk Control Panel – uninstall program Task Manager – kill process Regedit / Command Install Applications Change Configurations Remove Patches & Uninstall Software Defeat Security Tools control.exe Denied Application: Denied Application: cmd.exe regedit.exe taskmgr.exe Denied Application: Application Control: Easy Lockdown Trust Engine Action Example How Lumension Stops
32. Lumension Intelligent Whitelisting The Efficiency of Antivirus The Flexibility and Ease Of Use The Effectiveness of Application Control Intelligent Whitelisting
35. Defense-in-Depth with Intelligent Whitelisting Known Malware Unknown Malware Unwanted, Unlicensed, Unsupported applications Application Vulnerabilities Configuration Vulnerabilities AntiVirus X X Application Control X X Patch & Remediation X X Security Configuration Management X
36. A Complete Defense With Lumension Intelligent Whitelisting Physical Access Firewall / IPS Anti-Malware Patch Management
37.
38.
Notes de l'éditeur
Talking Points Intro / CC DC Module, now an integrated part of LEMSS another component of integrated defense-in-depth provides visibility, control (ports, devices, data and malware), encryption and reporting CC is going to demo, but first let me frame the discussion a bit.
browser is delivering unprecedented levels of business productivity and IT risk everyday to your endpoint environment. Most organizations can’t stop it business productivity younger workforce blends social-business-personal communications together as one Social networking applications are in use in 95% of businesses today 78% of these applications support file transfers, many are known to be propagators of malware and have vulnerabilities associated with them. Same in industries like Fin Services and healthcare-95% usage of social network across the board Cybercriminals are targeting these social applications greatest opportunities for them is the amount of trust end users put into these social applications. Once in they can replicate their malware with amazing speed and devastating impact. browser based risk we then are in reality starting to talk about cloud computing. isn’t anyone in IT today who hasn’t heard or discussed cloud computing.
Application control or whitelisting provides a new layer in the foundation for endpoint protection. Whitelisting is about identifying the known good and by default not letting anything other than what’s on the whitelist from executing. Simply put, any executable – whether a business application, a video driver, or a web browser plug-in – not specified on the whitelist cannot load and run. It’s the most effective security layer as its prevents execution in the kernel.
The new way of thinking means nothing will execute unless we know it’s trusted. This shift in thinking requires asking new questions about change coming into our IT environment,… … such as is where did this application come from, who or what installed it, and what vendor wrote it.
Many users in today’s organizations are “Local Admins” Legacy operating systems and software require users to have Local Admin accounts in order to install and run correctly Local Admins can make any changes they wish on their own machines Install & remove software Change configurations Kill processes to defeat security tools Removing “local admin” privileges for many organizations is not something that is fees able to do in the short-term The resulting lack of control leads to increased Endpoint Risk and IT management overhead
It’s not about blacklisting versus whitelisting. It’s about being intelligent in the way we can take the best of both worlds and deliver a new solution that’s effective , efficient and operational . An intelligent approach makes it easy for your sales manager at an airport in Singapore to download the latest WEBEX update, without any delays or calls into your help desk. It allows your IT operations team to quickly deploy new software, and patches without having to constantly and manually update the whitelist. And gives you the ability to “optimize” your policy level of security based on user, machine, or group. This approach also allows you to throttle your level of control for different assets in your enterprise. Lockdown servers completely and give your sales force the flexibility required to remain productive. It’s about understanding acceptable risk vs. required productivity and managing towards that goal.
Endpoint Protection Complexity
Using Lumension Device Control, you can mitigate these insider risks by: »» Enforcing a device and media access policy on your endpoints which won’t impede the productivity of the business; »» Enforcing a data encryption policy for removable storage devices and media to protect that valuable data when is copied off of your endpoints; and by »» Monitoring what’s happening in your environment; You can manage and report on all endpoint activity in your organization.