dell client solutions security portfolio · dell client solutions security portfolio comprehensive,...
Post on 01-Jun-2020
14 Views
Preview:
TRANSCRIPT
Dell Client Solutions Security PortfolioComprehensive, easy-to-manage solutions for protecting your data wherever it goes
2 Dell - Restricted - Confidential
Ransomware 2017 Statistics
1) Now over a 1 Billion dollar a year business!
1) Consumers will be attacked every 20 seconds
2) Organizations will be attacked every 40 seconds
2) Phishing emails have become the number one delivery vehicle.
3) Ransomware variants grew 11x last year.
4) Once attacked, the majority of organizations are infected (71%).
5) Backups are often slow to restore and sometimes do not have all of the data.
6) Encryption was just the beginning
1) Threaten to release captured data.
2) Steal victim info and credentials.
3 Dell - Restricted - Confidential
City & County Ransomware Attacks
• Licking County in Ohio goes back to paper-and-pen after Ransomware attack:
– https://www.tripwire.com/state-of-security/latest-security-news/county-shut-system-following-ransomware-attack/
• City of Atlanta: Veeam Backups Attacked. https://www.wsbtv.com/news/local/atlanta/ransomware-attack-cost-city-27-million-records-show/730813530.
• CT Judicial: Court proceedings affected. http://www.courant.com/breaking-news/hc-courts-judicial-ransomware-attack-0310-story.html.
• San Francisco Public Transportation System opened all of their turnstiles for a weekend because of Ransomware:– http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#489f5a8954dd
4 Dell - Restricted - Confidential
School Ransomware Attacks
• Rhinebeck Central School District, NY took 9 hours to recover a server from a Ransomware attack.
• http://www.dailyfreeman.com/general-news/20160615/rhinebeck-school-district-computer-system-attacked-by-ransomware
• Riverdale, NJ email and website held hostage.
• http://archive.northjersey.com/news/education/ransomware-takes-school-data-hostage-1.1534163
• Big Fork, Montana unable to access student records
• http://www.washingtontimes.com/news/2016/nov/24/ransomware-attack-on-bigfork-schools-fix-in-works/
• Senator Charles Schumer asks for Federal assistance to prevent future ransomware attacks:
• https://www.schumer.senate.gov/newsroom/press-releases/schumer-reveals-russian-hackers-zeroing-in-on-upstate-ny-forcing-small-governments-to-pay-big-bills-to-remove-ransomware-that-can-breach-municipal-computer-systems-upstate-towns-and-villages-are-easy-prey-for-hack-attack-that-ends-up-costing-local-taxpayers-and-could-jeopardize-personal-info-senator-urges-feds-to-give-local-governments-the-tools-to-fight-back
Dell - Restricted - Confidential5
Endpoint Security Suite Enterprise advanced threat prevention
Commodity threats Zero-day & advanced threats
99%
0%
100%
50%
Leading Anti-Virus
Endpoint Security Suite Enterprise (powered by Cylance)
Average effectiveness against Malware
Signature-based anti-virus and anti-malware solutions are increasingly ineffective against Zero-Day threats, advanced persistent threats, targeted
attacks, and even commodity malware
Dell - Restricted - Confidential6
How are you balancing end user expectations with the need to protect data?
End user demands Data protection
7
THE DELL ENDPOINT DATA SECURITY & MANAGEMENT PORTFOLIO
▪ Dell Encryption
▪ Mozy Pro
▪ Mozy Enterprise
Data Threat Identity Management
▪ Dell Threat
Defense (Cylance)
▪ RSA NetWitness
Endpoint
▪ Dell Security Tools
▪ RSA SecurID
Access
▪ Dell Command
▪ AirWatch Green
▪ AirWatch Blue
▪ AirWatch Express
Dell DP | Endpoint Security Suite Enterprise
8
IN THE GARTNER ADAPTIVE SECURITY ARCHITECTURE
EPP AND EDR OCCUPY DIFFERENT QUADRANTS
NetWitness® Endpoint
Cylance PROTECT
Dell - Restricted - Confidential9
The future of security
Past
AI
Present Future
AV SANDBOXING ISOLATION
z
HIPS / ANTI-EXPLOITATION
Endpoint Detection &
Response
Pre-ExecutionHumans Needed
Post-ExecutionPre-ExecutionNo Humans
Dell - Restricted - Confidential10
EDR/HIPS – Find it faster
Dell - Restricted - Confidential11
Sandboxing
12
Proactively identify threats without signatures
Algorithmic Science
• Machine Learning
• Cluster & Classify
Confidence Scoring
Threat Indicators
• Anomalies
• Collection
• Data Loss
• Deception
• Destruction
2018 SVM
99+%
security
WannaCry
-19Mo.
Petya-Like
-20Mo.
GlassRAT
-18Mo.
effectiveness
GoldenEye
-13Mo.
Remsec
-18Mo.
zCryptor
-7Mo.
Shamoon2
-17Mo.
Satan
-18Mo.
Dell - Restricted - Confidential14
Dell ESS Advanced Threat Protection
• 99% Efficacy
• No signature file updates required– Doesn’t require Patient 0.
– Prevents malware/viruses from ever being able to run
• Works when the PC is not connected to the Internet– Protection at your most vulnerable point.
• PCI and HIPAA Certified
Dell - Restricted - Confidential15
Detect and stop malware attacks that target the PCs BIOS
• BIOS is an extremely high impact compromise - attacking the root of trust for the PC and thus are very persistent
• Anti-malware solutions cannot scan this low-level PC function making an exploit nearly invisible at this layer
• Dell BIOS verification directly addresses the gap in other anti-malware solutions, with Dell’s latest generation of PCs and is enabled with ESS Enterprise.
• Verification is off-host, in other words verification occurs in a secure cloud location and tests the PC BIOS measurement against the point of origin – the Dell BIOS labs measurement official measurements.
• This unique to Dell protection is enabled and managed with Endpoint Security Suites Enterprise advanced threat protection policies
• BIOS verification places Dell ahead of the competition: HP Sure Start verifies on the potentially compromised PC, and does not provide reporting to the IT dept. of a potential issue. Lenovo does not have a solution
• Does not perform validation check on other Dell platforms, non Dell or custom BIOS
Presented in Endpoint Details page
Dell exclusive BIOS verification
16 Dell - Restricted - Confidential
A Better Encryption Experience.
Centralized, remote management &
compliance
Reduce deployment time with pre-installed
encryption, available when purchased on Dell
commercial PCs
Deploy 5X faster than traditional
encryption solutions, saving >3 hours per PC
Single source for simplified purchase and
support experience
Remotely manageall encryption from a
single console, even for non-Dell devices
Strong encryptionwon’t interfere with existing IT processes,
such as patch management
Save time with a single remote management console, easy deployment and seamless integration into your IT environment
Available on Dell and non-Dell platforms
17 Dell - Restricted - Confidential
File level encryption that protects data no-matter where is goes…
…and IT maintains encryption keys and control
Dell Data Protection | Encryption
A simple, comprehensive, flexible way to protect data from device to the cloud on Dell and non-Dell devices
Corporate issue PC
Personal tablet
BYOD Smartphone
USB & other removable
media
Public Cloud
Company data
File level encryption
18 Dell - Restricted - Confidential
Dell Data Protection | Encryption Portfolio
External Media Edition Encryption for SD, CD/DVD, USB & other removable media plus port controls and blocking
BitLocker ManagerEasily manage Microsoft BitLocker™ for comprehensive enterprise-wide protection, auditing and compliance
Rights ManagementEncryption follows the file wherever it goes. You control who has access to information.
Hardware- and software-based encryption
Protect data wherever it goes
Centralized management & compliance for heterogeneous environments
Personal Edition Locally managed software encryption for all local drives and External Media
Enterprise Edition Centrally managed software encryption for all local drives and External Media
Advanced ThreatProtection99% EfficacyNo signature files
Self-Encrypting Drive (SED)Fully integrated compliance & management of SEDs with your other encryption
End User Computing Product Group
Protected Endpoint DevicesEnterprise Server
Active Directory
SQL Database
Existing Infrastructure
Internet
DELL Data Protection deployed
+ Leverages existing infrastructure for seamless integration
+ Device detection and enforced provisioning across all connections
Protected Endpoint Devices
Central Admin Console
INTERNAL NETWORK DMZ
FIR
EWA
LL
Policy Proxy
REMOTE NETWORK
FIR
EWA
LL
Protected Endpoint Devices
+ Local policy enforcement ensures data protection travels with the device at all times
+ Scalable, single point of management and control for all platforms
20© Copyright 2016 EMC Corporation. All rights reserved.
Persistence, Device Discovery, Geofencing
Dell Data Guardian
Endpoint Backup & Recovery
Multi-Factor Authentication & Endpoint Detect & Response
Endpoint Advanced Threat & Malware Prevention
Data Protection Encryption
ESSE Suite
Dell EMC’s “Security Onion”“We make the bad guys cry with our multi-layered security portfolio!”
• $2.2M patient records resulting from stolen laptop
Dell - Restricted - Confidential21
Lost or Stolen Laptops
22 Dell - Restricted - Confidential
What Data is on the Laptop?
- Is it sensitive information?
- PII
- PCI
- PHI
- Company IP
- Is it Encrypted?
- Is it Backed Up?
- Did the user save it to a network share?
- How quickly can you re-provision the laptop?
23 Dell - Restricted - Confidential
Is it Sensitive Data?
• Absolute DDS
– 1) Remote Wipe/Asset Recovery
– BIOS level
– Geo-locate the device
– Brick the device
– Work with local law enforcement to recover
– 2) Data Discovery
– Identify PCI, PHI, PII and other sensitive data.
– Alert the organization to the risks of losing the data and the potential costs
– 3) Self-Healing
– Define critical applications that need to be on the device
– SCCM agent, Antivirus, Encryption, etc.
24© Copyright 2016 EMC Corporation. All rights reserved.
ENDPOINT RECOVERY SOLUTIONSMOZY PROVIDES BACKUP TO A NON EXECUTABLE ENVIRONMENT, ISOLATED OFF-PREMISE WITH POINT IN TIME RECOVERY OPTIONS
Non Executable Data Store
Data Stores are:
Non readable
Non Executable
Immutable Copy
Roll back to a point in time
User & Admin Based restore options
Point in Time
Isolated
Backups are not accessible without authentication
No Third Party Access
Protect
Isolated Off-Premise
25© Copyright 2016 EMC Corporation. All rights reserved.
Enhanced Licenses Options
ENTERPRISE
• Base Functionality +
• For Large, Diverse User
Base (15 Replicas)
• SSO Portal Use for Saas
and Web Integrations
• Hardware, Software,
On-Demand & Risk
Based Authenticators
Perpetual Licenses + Tokens
PREMIUM
• Hybrid Deployment (On
Prem + Cloud)
• Secure Legacy, Web
and Saas Applications
• Provide Context Driven
Policies for Identity
Assurance
• All Authentication
Methods
Subscription Model
26© Copyright 2016 EMC Corporation. All rights reserved.
HU
ND
RED
S O
F A
PP
LIC
ATIO
NS
ON
-PR
EM
AN
D IN
TH
E C
LOU
D
Access Manager
Cloud
On-Premises
Who can access?
What can they access?
Where can they access?
SEC
UR
E A
CC
ESS C
ON
TR
OL W
ITH
CO
NV
EN
IEN
T S
ING
LE S
IGN
-ON
Convenient Single Sign-On
Secure Access Control
SAML / WS-FED
Password
Vaulting
Reverse Proxy
IWA
Any User, Anywhere, Any Device
27© Copyright 2016 EMC Corporation. All rights reserved.
A Hybrid Approach
• A secure approach to
supporting all
applications
• Sensitive user & org
information remains
on-premises
• Active Directory
passwords are
NEVER sent to cloud
• Dedicated runtime
not shared with
other tenants
Identity Router
SecurID Access
28© Copyright 2016 EMC Corporation. All rights reserved.
Identity Assurance
RoleNetwork
Session
Device
App
Desktop or Mobile
(Web Browser)
PASS
29© Copyright 2016 EMC Corporation. All rights reserved.
Identity Assurance Workflow
30© Copyright 2016 EMC Corporation. All rights reserved.
31© Copyright 2016 EMC Corporation. All rights reserved.
32© Copyright 2016 EMC Corporation. All rights reserved.
33© Copyright 2016 EMC Corporation. All rights reserved.
34© Copyright 2016 EMC Corporation. All rights reserved.
• Schedule a Dell Security Consultation– Discuss your current environment
– Identify potential gaps
– Create a plan to address
TAKING THE NEXT STEP
End User Computing Product Group
Protected Endpoint DevicesEnterprise Server
Active Directory
SQL Database
Existing Infrastructure
Internet
DELL Data Protection deployed
+ Leverages existing infrastructure for seamless integration
+ Device detection and enforced provisioning across all connections
Protected Endpoint Devices
Central Admin Console
INTERNAL NETWORK DMZ
FIR
EWA
LL
Policy Proxy
REMOTE NETWORK
FIR
EWA
LL
Protected Endpoint Devices
+ Local policy enforcement ensures data protection travels with the device at all times
+ Scalable, single point of management and control for all platforms
End User Computing Product Group
Security Coverage
Confidential36 6/11/2018
99% 1%Prevention Detection
End User Computing Product Group
% w
here
“d
ays
or
less
”
Time to Discovery
Time to Compromise
Breaches Still Occur. What’s Happening?
Time to compromise is
decreasing• Majority of attacks
(>92%) succeed within
minutes
• Data exfiltration occurs
within days (>98%)
Source: 2016 Verizon Data Breach Investigation Report
• Time to detect attacks is
improving
• But not nearly enough
to keep pace with
attackers’ time to
compromise
End User Computing Product Group
Why RSA NetWitness Endpoint?
Detect by threat behavior
rather than by signature
Rapid Response Enabled
by Full Scope Visibility
Intelligent Risk-Level
Scoring System
More rapidly expose
new, unknown, and
non-malware threats on
endpoints
Eliminate white noise;
prioritize threats more
efficiently & accurately
Provide all data needed
to confirm threats and
quickly take action
73RISK
!
!
!
!
!!
!
!
! !
!
!
End User Computing Product Group
Accelerating Detection, Analysis, and Response
On Corporate
Network
Off Corporate
Network
DETECTIONLightweight kernel-level
agent for continuous
endpoint monitoring
• Live Memory Analysis
• Non-Malware Attacks &
PowerShell Attacks
• Suspicious Events
• Process Inventory & Tracking
• Machine Network Data
• Machine Physical Data
• Machine Security
Configuration, OS & Status
• Registry and MFT
ANALYSISPowerful server-side
multilayered analysis for
real-time threat detection
• Behavioral analysis detects
threat behavior & user-initiated
suspicious events
• Ingests threat intel from RSA
Experts, NW Endpoint
Community, and 3rd parties
• Reputation: Whitelisting &
Blacklisting
• Customizable YARA Engine
• Easily scalable, with up to 50K
agents per server
87Risk
RESPONSEQuickly understand root cause
& full scope to better respond
• Immediate Threat Blocking and
Quarantining
• Isolate with Machine Containment
• Send hash to Sandboxing, Google,
VirusTotal, and other resources
• Pivot to RSA NetWitness® Logs &
Packets
• Integrate with RSA NetWitness®
SecOps Manager and other systems
End User Computing Product Group
Rapidly and Accurately Analyze ALL Threats
IP/Domain Information & Geo
Threat Intelligence + RSA Community
YARA Rules Engine
Blacklisting (Multi-A / V )
File / App Whitelisting & Reputation
“Gold Image” Baselining
Certificate Validation
Live Memory Analysis
Direct Physical Disk Inspection
User-Initiated Suspicious Behavior
Endpoint/Module Behavior Analytics
73
85
99
21
87
RSA NetWitness Endpoint combines multiple detection methodologies to
detect both KNOWN and UNKNOWN threats faster and more accurately.
top related