Dell World 2014

Enhanced Security and Compliance

with Dell Endpoint System ManagementBrandon Whitman, Sales EngineerAlejandro Vazquez, Software Technologist

Dell WorldUser Forum

Compliance?

A baseline for security

• Authoritative Documents– HIPAA– SOX– PCI– Etc.

• Process Compliance– ITIL

• Software Compliance– Licensing– Configuration

Dell World User Forum

Security?

How you become compliant

• Discovery– SCAP– OVAL– Inventory

• Action– Patching– Permissions– Processes

Dell World User Forum

ESM SolutionsEnd to end system management

• K1000 Management Appliance– Device Inventory– Software Catalog– Patching– Helpdesk– Vulnerability Assessment

• Desktop Authority Management Suite– Least Privilege Access– User Workspace Management

• Password Manager– Self Service Password Management

Dell World User Forum

Dell World 2014

What are SCAP and OVAL

SCAP

• Easy to use tool to ensure common endpoint configurations and confirm organizational compliance.

• Published and maintained by the National Institute of Standards and Technology (NIST) for Windows.

OVAL

• Comprehensive suite of tests to detect security vulnerabilities.

• Community based but primarily sponsored by DHS Office of Cyber Security.

• Reports offer recommended remediation steps.

Discover

Analyze

Secure

Dell World 2014

Why SCAP and OVAL?

SCAP

• Ensure systems are deployed at “Known Good” baseline.

• Meet FDCC Compliance and/or enable organizations to enforce their own configuration standards

OVAL

• Preventative maintenance to close vectors for malware infections

• Automate the task of finding vulnerabilities and configuration issues.

• Reports offer recommended remediation steps.

Discover

Analyze

Secure

Dell World 2014

How? Preventative Image Hardening

• Deploy with K2000

• Image is already compliant with company policies

• Easier to manage in the future.

• Prepare K1000 agent for imaging

• Run amptools.exe cloneprep=1

• Removes KUID

• Use SysprepCreator

• Capture with K2000

• Remediate per current policies

• Run additional scans

• Confirm compliance with current policies

• Install K1000 agent

• Run Benchmarks

• OS

• MS Office

• IE

• Analyze Results

• Compare to current policies

Scan Comply Capture Deploy

Dell World 2014

What is Desktop Authority Management Suite?

Desktop Authority Standard & Privilege Manager

• Toolset to enable administrators to proactively provision and manage the Windows user environment.

• Create a secure, consistent environment for each user

• Ensure applications run with only the privileges and access needed

• Targeted configurations and privileges to ensure a balance security with user productivity

Profiles

Privileges

Happy Users!

Dell World 2014

Why Desktop Authority Management Suite?

• Managing the user environment has always been difficult

• Built-in management tools, namely GPOs, can apply many settings, however, application can be cumbersome to configure

• Logon scripts are widely used and often embedded into GPOs

• Desktop Authority is simply easier to use than a collection of configuration tools.

• Happy IT Staff AND Happy Users!

• Complements Endpoint Management Solutions

Profiles

Privileges

Happy Users!

10

Dell - Restricted - Confidential

How to make Happy Users! (and Happy IT Staff)

Configuration and Management

• Validation Logic• Replace Logon Scripts• Customize Applications• Printer and Drive Mapping• Folder Redirection

Dynamic Security

• Validation Logic• USB Port Security• Group Policy Templates• Security Policies• Least Privilege Application

Access

Enhance Traditional Client Management

• Complete the User Workspace Configuration

• Complement Existing System Management Infrastructure

Power Management

• Validation Logic• Inactivity Monitoring• Power Schemes• Savings Calculator

Dell World 2014

What is Dell Password Manager?

• Self-service password reset tool with an end-user friendly interface

• Tool to allow IT to easily enforce stronger password policies and automate password change intervals

• Seamless integration with Windows and the K1000

• Increase data security by eliminating common intrusion vectors

Forgotten

Locked

Fixed

Dell World 2014

Why use Dell Password Manager?

• Reduce helpdesk and IT involvement

• Increase user productivity

• Eliminate the need for users to write down passwords

• Reduce the risk of data breach due to weak passwords

• Reduce lost productivity

Forgotten

Locked

Fixed

Dell World 2014

How?Familiar User InterfaceDell Password manager presents end users with an interface much like web commerce sites.

Dell Password Manager

Self-EnrollmentUsers enroll and choose from a list of security questions and provide their unique answers.

Self-ServiceWhen a user forgets their password, they simply answer their questions and can reset it without the need for IT intervention.

Dell World User Forum

All together now…

• Preventative Image Compliance

• Using SCAP and OVAL to secure the OS prior to Deployment with the K2000 Deployment Appliance

• Live System Auditing

• Using SCAP and OVAL on currently running systems

• Least Privilege Access

• Privilege Manager can allow legacy programs to run as Administrator while the user retains a lower privilege set

• User Workspace Management

• USB Port Security

• Prevent the need for end users to seek other methods to do their job.

• Password Manager

• Increase security and reduce cost

• Empower users

Dell World 2014

Thank you.

Dell World 2014

Reference

Dell World 2014

Helpful Links

• Unified Compliance– https://www.unifiedcompliance.com/

• Addressing HIPAA Challenges with KACE and SecureWorks– http://www.kace.com/~/media/Files/Resources/White-Papers/Addressing-HIPAA-Challenges-Dell-KACE-and-Dell-

SecureWorksoach.pdf

• Desktop Authority Licensing and FAQ– http://www.quest.com/docs/desktop-authority-management-suite-faq-24287.pdf

• Dell Password Manager Datasheet– http://www.quest.com/documents/password-manager-datasheet-3490.pdf

• The Privilege Management Conspiracy– https://software.dell.com/docs/the-privilege-management-conspiracy-whitepaper-7789.pdf

• Killing Administrator– https://software.dell.com/docs/WPW-KillingAdministrator-082212.pdf

• Six Ways to Extend and Expand Your Systems Management Capabilities to Your User Environment – http://software.dell.com/documents/six-ways-to-extend-and-expand-your-system-management-capabiltiies-to-

your-user-environment-whitepaper-27653.pdf