Today’s Agenda
Most Common Threats in Today’s Environment
6 Steps to Improve Endpoint Security
Secrets to Effective Defense-in-Depth Approach
Q&A
Today’s Panelists
3
Richard StiennonChief Research Analyst
IT-Harvest
Paul HenrySecurity & Forensics Analyst
Jim CzyzewskiSupervisor – Clinical Desktop
Support
MidMichigan Medical Center
4
Most Common Threats
• Hard to dispute the fact that patching
an underlying software flaw in most
cases is the best defense
• In the current environment 72% of
vulnerabilities have a patch
available within 24 hours of
disclosure
• In the current environment 77% of
vulnerabilities have a patch
available within 30 days of
disclosure
• Microsoft data indicates that in the first
half of 2011 Zero Day attacks
amounted to less the 1% of the attack
surface
Patch or get hacked the
choice is yours…Source http://www.zdnet.com/blog/security/report-third-
party-programs-rather-than-microsoft-programs-
responsible-for-most-vulnerabilities/10383?tag=nl.e539
5
Most Common Threats
• Vulnerable software is not just a
Microsoft problem…
• Third party software historically has
had more unpatched vulnerabilities
then Microsoft
• Java is your number one issue today
followed by Adobe – the leader for the
past couple of years
Bottom line is WSUS is
not going to save you !
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-
programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-
insecure-java-versions/9541?tag=content;siu-container
6
Most Common Threats
• Hackers are always going to take
advantage of areas that simply are not
properly handled by defenders
• Looking at the chart on the right is
there any question why Java, Adobe
and QuickTime are favored by the Bad
Guys
• In case you missed it the chart is
showing the “Most Outdated Web
Browser Plugins”
What did you really
think was going to
happen?
Source: http://www.zscaler.com/state-of-web-q3-2011.html
7
Most Common Threats
• It is important to remember that
taking advantage of a vulnerability is
not really the “End Game” for a bad
guy
• The Vulnerability only
represents a “Delivery
Mechanism”
• The “End Game” is actually to
allow them to Execute Malicious
Code in your environment
• Why are we focusing on the delivery
method not the end game
• Duh - because everyone else is
• Hackers will always beat us in the
delivery mechanism “Arms Race”
• Get ahead of the problem by
focusing on the End Game
1 - Think Different
Blacklisting
As The Core
Zero
Day
3rd Party
Application
Risk
Malware
As a
Service
Consumerization
of IT
Traditional
Endpoint
Security
Patch &
Configuration
Mgmt.
Emerging Defense
in Depth Endpoint
Security Stack
9
2 – Eliminate Exploitable Surface Area
•Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.
•Unmanaged endpoints on the network are unknown and unprotected.
•Application and operating system patching is not benchmarked or continuously enforced.
•Standard configurations are not assessed or enforced.
•Un-patched browsers represent the highest risk for web-borne malware.
Source: John Pescatore Vice
President, Gartner Fellow
30%
Missing Patches
Areas of Risk
at the Endpoint
65%
Misconfigurations
5%
Zero-Day
10
4 - Protect Your Data
12PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Attacks Malicious Insider Negligent Insider
5 - Reduce Complexity and Cost
13PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Single
Console
Agile architecture
Single Promotable
Agent
Many Consoles
Disparate
Architecture
Many
Agents
IT Control Made Simple
• Agile platform architecture
• Leverage existing endpoint
technology
• Reduced integration and
maintenance costs
• Improved endpoint performance
• More effective endpoint security
Effective
but not Efficient
Effective
And Efficient
1414
Compliance & IT Risk
Management Console
14PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
6 – Relating Risk to the Business
Business Impact Compliance Audit
& Reporting
Compliance & IT Risk
Exposure
Operational Assessment
Strategic Tactical
Integrated strategic compliance and IT risk visibility with tactical assessment
information to maintain continuous monitoring of organizational compliance & policy
6 – Relating Risk to the Business
•Virtualize the Endpoint
» Security Management becomes easier since you are now only securing the
virtual desktop pool instead of hundreds of endpoints
» You remove the chance of any data residing on the endpoint
•Scan Unmanaged Clients
» Clients without security management software need to be identified,
monitored and remediated (if possible)
•Test, Test, Test
» We have over 600 applications running
» Patch, Remediation, and Configuration changes can have different effects
» Utilize Production Testing
•End User Education
» Keep them aware of the threats
» Inform them what it is you‟re are doing and why you‟re doing it
15PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Best Practices: Lessons Learned From the Field
Tips for Securing Endpoints•Think „least privilege‟ when choosing platforms
» While Microsoft‟s strategy of the same code everywhere serves their purpose, it is not
the most secure strategy for an enterprise.
» Kiosks, single purpose machines (medical equipment), mobile devices, and embedded
systems should run on specialized Oos with reduced functionality to reduce exposed
attack surface.
•NSA Approved Whitelisting for Most Critical Systems
» Start the transition to whitelisting as the primary defense, and AV as the back-up.
•What Endpoint Security Strategy is Best for New Data Centers & Cloud
Environments?
» Virtualization makes cleanup (post infection) easier but exposes critical systems to wide
spread attacks.
•Consider Virtual Desktops (VDI)
» For tasks like call centers, data entry and accounting
•Server Lockdown: Neglected in Many Environments
» Systems that do not change, often should have rigid controls.
A Secure endpoint should consider the network hostile, just as a secure
network should consider the endpoints as hostile. (And secure apps
should treat the user as hostile.)
More Information
• Quantify Your IT Risk with Free
Scanners» http://www.lumension.com/special-offer/
premium-security-tools.aspx
• Lumension® Endpoint Management
and Security Suite» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
E is for Endpoint: 6 Strategies for
Highly Effective IT Pros
http://www.lumension.com/E-is-for-Endpoint.aspx
17
Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com