Andreas Müller
advertisement
Lumension: Because Hope is no Strategy Andreas Müller Regional Sales Manager D/A/CH Press Highlights Conficker hits Kärnten Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Data of Customers lost! About 1.000.000 version of new Malware in 2008! Cybercrime cost $1 Trillion in 2008 1 Endpoints are the Weakest Link Skript-Kiddies changed to business man 2 Endpoints are the Weakest Link 3 What Sources of Endpoint Risk do Threats Target? Attacks Exploit Risks at the Core 5% Zero-day 30% Missing Patches 65% MisConfigurations Source: John Pescatore Vice President, Gartner Fellow 4 The CORE / Sources of Risk Traditional, Reactive Security Approaches Security Add-on Solutions Desktop Firewall Anti-Virus Spyware IPS Heuristics The CORE / Sources of Risk Application Blacklist X EXTERNAL THREATS X X X X X 5 Endpoints are the Weakest Link The weakest Point in IT: The 6 User Proactive, Operational Approach Internal Threats: Enforce Application & Device Use Policies Authorize Software Use Eliminate Data Leakage 7 Endpoints are the Weakest Link How has the Security Landscape Changed and What is the Impact? • Increasing number of vulnerabilities for all platforms and applications • Endpoints are targeted by internal and external threats • Attacks from “well funded adversaries” target endpoints • Data protection is a major challenge and cost • Traditional and reactive security approaches are ineffective • Evolving regulations create strict compliance and reporting standards 8 What We Deliver Lumension delivers best-of-breed, policy-based solutions that address the entire security management lifecycle. Assess, prioritize and remediate vulnerabilities for continuous validation and compliance reporting Proactively discover and assess risks and threats within the IT environment for comprehensive view of risk profile 9 Dynamically enforce application/device policies to prevent security threats at the endpoint Lumension More Effectively Secures the Endpoint Endpoint Security must address internal and external threats Platform Security VA and Remediation External Threats Application Control Vulnerability Management / Patch Solution Endpoint Security Solution User Security Application Control Device Control Data Security Device Control Data-at-Rest Content Filtering 10 Internal Threats Endpoint Security Solution Internal and External Threats Data Security Solution Effective Endpoint Security is a Continuous Process Discover Assets Audit Develop Policy Centralized Management & Reporting Enforce Policy Compliance 11 Assess & Remediate Threats Who is responsible for this? YOU! 12 Patchlink Scan 1 Comprehensive Reporting • Out-of-the-box reports provide high-level or detailed information on vulnerabilities found • Compare security posture to common industry tracking mechanisms 14 PatchLink Scan™ Value • Quickly Discover All Network Assets and Vulnerabilities • Accurate Network-based Assessments • Actionable Information Delivered to Make Intelligent Policy Decisions • Comprehensive Vulnerability Coverage • Highly Scalable Architecture • Common Criteria EAL2 Certified 15 Patchlink Update PatchLink Update™ Value • Stay Ahead of Threats with Automated and Accurate Enterprise-Wide Patch Management » » » » Most accurate patch applicability and assessment Deploy patches within hours of release from vendor Capabilities and context to effectively act on information - Role and Task Based Redundant vulnerability assessment • Broad Support of Content via Open Architecture » Leverages content directly from OS/Application vendors » Broad English and international content support » Security and operational patches • Protect Heterogeneous Environments with One Solution » All major Operating System platforms » All major third party applications 17 Rapid, Accurate Network-based Scans Thorough and accurate discovery of all network devices Detailed assessment checks on configurations, AV, worms, Trojans, missing patches, open ports, services and more Deep inspection of target systems 18 PatchLink Security Configuration Management™ 1 PatchLink SCM™ Workflow Policy Management • Upload a Security Configuration Specification • Customize Security Specifications Policy Assessment • Apply a Security Configuration Specification • Perform a Manual Assessment Policy Compliance Reporting • View Group Policy Compliance Details • View Device Security Configuration 20 20 Open, Standards-Based Approach to Policy Compliance • Comprehensive Policies » Security Content Automation Protocol (SCAP) » Hundreds of pre-defined checks • Easy-to-edit XML Format » New policy checklists can be added/created • Based on Industry Standards » OVAL, XCCDF, CVE, CME, CPE » Ensure compliance with specific regulations (i.e. FDCC, PCI, etc.) » Improved operational efficiencies due to security best practices 21 21 How Policies get into PatchLink SCM™ Policy Government (OMB Mandate) Industry (PCI, SOX, HIPAA) US or other Regulations Corp. Specific best practices XCCDF Policy Instance Mapping policies and other sets of requirements to high-level technical checks OVAL Archive Mapping technical checks to the low-level details of executing those checks PatchLink SCM Automation (monitoring/reporting) SCAP Checklist 22 22 How Policies get into PatchLink SCM™: Example NIST SP 800-53 Policy Government (OMB Mandate) Industry (PCI, SOX, HIPAA) US or other Regulations Corp. Specific best practices XCCDF Policy Instance Mapping policies and other sets of requirements to high-level technical checks OVAL Archive Mapping technical checks to the low-level details of executing those checks Authentication Management Policy: System’s minimum password length is at least 8 characters XCCDF Mapping: Map specific requirement for system’s minimum password length is at least 8 characters OVAL Check Mapping: Check to be performed (E.g.) on all Windows XP based computers SCAP Checklist 23 23 PatchLink SCM™ Value Ensures that security configurations are standardized throughout the enterprise Ensures continuous policy compliance Improves operational efficiency Consolidates vulnerability and mis-configuration monitoring and reporting 24 24 PatchLink Developers Kit™ 2 Develop Custom Patches • Create and deliver patches and updates for commercial or proprietary software • Patch legacy applications and niche products • Open and modify any packages available via PatchLink Update 26 PatchLink PDK™ – How it Works 27 Lumension VMS 2 Comprehensive Vulnerability Assessment and Remediation Discover, Assess and Remediate Vulnerabilities for Policy Compliance Rapid identification of unprotected endpoints Vulnerability Assessment and Remediation for Configuration Issues & Patches PatchLink Security Configuration Management™ (Add-On Module) – FDCC and PCI Automated remediation of configuration and software vulnerabilities PatchLink Scan™ PatchLink Update™ PatchLink Developers Kit™ (Network Based) (Agent Based) (Add-On Module) Advanced vulnerability, configuration and policy compliance reporting Flexible, open support for all major platforms, applications and vulnerability and configuration content Purpose-built to support compliance with regulatory policies and industry standards 29 Sanctuary® Application Control 3 Sanctuary® Application Control Value • Protects against both known and unknown threats • Safeguards against zero-day threats and targeted attacks • Controls proliferation of unwanted applications from burdening network bandwidth • Maximizes benefits of new technologies and minimizes risk of network disruption • Stabilizes desktop and Windows server configurations • Enables adherence with software license agreements 31 Sanctuary® Device Control 3 Sanctuary® Device Control Enforcement of Peripheral Device Use Policies • Automates discovery of peripheral devices • Provides granular device control permission settings • Offers flexible encryption options Endpoint Policy Enforcement Sanctuary® Sanctuary® PatchLink Developers Kit™ Application Device Control Control (Agent Based) Delivers detailed audit capabilities Patented bi-directional “Shadowing” of data written to/from a device All device access attempts All administrator actions 33 Sanctuary® Device Control Value • Minimizes risk of data theft / data leakage via any removable device » » » » » Granular Device Control Policies Forced Encryption File Type Filtering Detailed Audit Capabilities Blocks USB Keyloggers • Prevents malware introduction via unauthorized removable media • Assures compliance with privacy and confidentiality regulations and policies 34 Overall 3 Lumension Product Portfolio Enterprise Policy Management PatchLink Security Management Console ™ Vulnerability Management for Configuration Issues & Patches PatchLink Security Configuration Management™ (Add-On Module) – FDCC and PCI PatchLink Scan™ PatchLink Update™ PatchLink Developers Kit™ (Network Based) (Agent Based) (Add-On Module) Enterprise-Wide Compliance Reporting PatchLink Enterprise Reporting ™ 36 Endpoint Policy Enforcement Sanctuary® Application Control Sanctuary® Device Control (Agent Based) Who we are? 3 Who We Are Leading global security management company, providing unified protection and control of all enterprise endpoints. Ranked #14 on Inc. 500 list of fast growing companies Ranked #1 for Patch and Remediation for third consecutive year Ranked #1 Application and Device Control Over 5,100 customers and 14 million nodes deployed worldwide Award-Winning, Industry Recognized and Certified 38 Worldwide Customer Deployments Education Financial Government/ Military Health Care Manufacturing Miscellaneous Services Transportation/Utilities Dolphin Drilling Media Legal Charities Bishop’s Stortford College 39 Industry-Leading Partnerships 40 Distribution partner Baltics 41 Thank you.
