why application control is vital for it security
DESCRIPTION
Ensuring that your enterprise IT infrastructure is secure is a challenging job even under ideal conditions. Using endpoint security, deploying firewalls and keeping your servers and clients patched with the latest security updates can only go so far. Over the last few years, an increasing number of attacks have been aimed at attacking vulnerabilities in third-party applications. IT administrators would be wise to discover, analyze, and either patch or remove third-party applications as yet another aspect of a cohesive security posture. In this security webinar, Windows IT Pro Industry News Analyst and security columnist Jeff James and Chris Merritt, director of solution marketing for Lumension, discuss some tips and best practices for managing and securing third-party applications in your IT environment.TRANSCRIPT
![Page 1: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/1.jpg)
The Case for Application Control
With Jeff JamesSecurity Columnist, Windows IT Pro
![Page 2: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/2.jpg)
Meet our Expert
Jeff James is industry news analyst for Windows IT Pro. He was previously editor in chief of Microsoft TechNet Magazine, was an editorial director at the LEGO Company, and has more than 15 years of experience as a technology writer and journalist.
![Page 3: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/3.jpg)
What is Application Control?
Windows Server 2008 and Windows 7 are the most secure versions of Windows ever. Yet even with aggressive patching and updating of server and client OSes, far too many third-party and “rogue” apps create security vulnerabilities.
An effective IT security posture needs to include avoidance of dangerous apps and effective management of approved third-party applications.
“Microsoft: Windows is Secure, Applications Not So Much” – Paul Thurrott, Windows IT Pro
![Page 4: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/4.jpg)
Application Control Growth
“Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver
![Page 5: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/5.jpg)
Application Control Tips
1. Embrace Patch Management2. Limit Admin Rights and Privileges3. Leverage Windows 7 User Access Control (UAC)4. Explore Windows 7 AppLocker5. Consider Whitelisting Software6. Bonus Tip: Use Data Protection
![Page 6: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/6.jpg)
Tip #1- Embrace Patch Management
Keeping your OS, clients, and third-party applications patched an updated is a must. Here are some IT patch management tips from Windows IT Pro author Orin Thomas:
•Determine which updates have already been deployed•Prevent update traffic from saturating WAN links•Prevent update installation from interrupting end users' computer use•Test updates before deployment
Resource: “Solve 4 Common Patch Management Problems” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 103599
![Page 7: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/7.jpg)
Tip #2 - Limit Admin Rights and Privileges
Limit the rights assigned to administrator accounts as much as possible, and use restricted groups policies to restrict membership of sensitive groups. Configure accounts to expire on a regular basis.
![Page 8: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/8.jpg)
Tip #3 – Leverage Windows 7 User Access Control (UAC)
UAC – when managed properly – can be a helpful tool in an IT administrator’s application control toolbox.
![Page 9: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/9.jpg)
Tip #4 - Explore Windows 7 AppLocker
Applocker – a feature found in Windows 7 Ultimate and Enterprise -- can be used to prevent unlicensed software, stop users from running unauthorized applications, and only allow users to run approved applications and software updates.
Resource: “AppLocker in Windows Server 2008 R2 and Windows 7” by Jan DeClercq - www.windowsitpro.com - InstantDoc ID 104625
![Page 10: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/10.jpg)
Tip #5 – Consider Whitelisting Software
Anti-virus (AV) and anti-malware software are important parts of any IT security toolbox, but the reality is that traditional signature-based AV doesn’t provide effective protection by itself in today’s threat environment. In addition to AV, implement an application white listing solution such as Microsoft AppLocker or a more robust and comprehensive third-party solution.
Resource: “Comparative Review: Application Restriction Products” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 129350
![Page 11: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/11.jpg)
Bonus Tip - Use Data Protection
Create and enforce policies that outline best practices for data use and protection, including encryption usage and policies for removable media. Enforcing these policies will decrease the likelihood of manually-delivered malware and other malevolent software from attacking your network.
![Page 12: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/12.jpg)
Security Resources
Windows IT Pro Security pagehttp://www.windowsitpro.com/categories/category/Security.aspx
Windows IT Pro Security Bloghttp://www.windowsitpro.com/blogs/security.aspx
Russell Smith’s Least Privilege Security Bloghttp://leastprivilegesecurity.blogspot.com
![Page 13: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/13.jpg)
Q & A
For follow up information, contact Jeff James at [email protected] or on Twitter at @jeffjames3.
Thank You!
![Page 14: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/14.jpg)
Lumension® Intelligent Whitelisting™
Integrated Endpoint Protection usingLumension® Endpoint Management and Security Suite
Chris Merritt, Solution Marketing
![Page 15: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/15.jpg)
Changing Role of IT
15
Enabling the Use of New Technology
» Major Shift For IT Security
» It’s now IT’s job to say YES!
![Page 16: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/16.jpg)
Growing Application Centric Risk
» Social networking applications were detected in 95% of organizations.
» 78% of Web 2.0 applications support file transfer.
» 2/3 of applications have known vulnerabilities.
» 28% of applications were known to propagate malware.
Source: Palo Alto Networks Application Survey, 2010
16
![Page 17: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/17.jpg)
Using Lumension Intelligent Whitelistingto Mitigate Application Risk
![Page 18: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/18.jpg)
Defense-in-Depth Against Malware
Typical Approach • Multiple layers
» Antivirus» Patching
18
![Page 19: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/19.jpg)
Defense-in-Depth Against Malware
Typical Approach • Multiple layers
» Antivirus» Patching
However, both are: • Reactive• Negative security model • Straining to deal with pace and sophistication of today’s financially- and politically-motivated attackers
19
![Page 20: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/20.jpg)
Defense-in-Depth Against Malware
For real defense-in-depth • Additional layer needed• Fundamentally different approach
Application Whitelisting• Proactive• Positive security model
20
![Page 21: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/21.jpg)
Malware
Application Whitelisting
Authorized•Operating Systems•Business Software
Known• Viruses• Worms• Trojans
Unauthorized•Games•iTunes
•Shareware•Unlicensed S/W
Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware
ApplicationsU
n-T
rust
ed
21
![Page 22: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/22.jpg)
Intelligent Whitelisting
Lumension Endpoint Management and Security Suite
L.E.M.S.S.
Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment
Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting
Scalable | Single Extensible Agent | Modular Products | Secure
22
![Page 23: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/23.jpg)
Intelligent Whitelisting
Lumension Endpoint Management and Security Suite
L.E.M.S.S.
Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment
Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting
Scalable | Single Extensible Agent | Modular Products | Secure
Device Control
•Control Removable Devices•Enforced Encryption for Removable Storage•Filename Tracking & Full File Shadowing Audits
23
![Page 24: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/24.jpg)
Intelligent Whitelisting
Lumension Endpoint Management and Security Suite
L.E.M.S.S.
Patch & Remediation
•Heterogeneous Support•Broadest 3rd Party Vulnerability Content •Automated Baselines•Advanced Patch Deployment and Reboot Control
Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment
Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting
Scalable | Single Extensible Agent | Modular Products | Secure
Device Control
•Control Removable Devices•Enforced Encryption for Removable Storage•Filename Tracking & Full File Shadowing Audits
24
![Page 25: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/25.jpg)
Intelligent Whitelisting
Lumension Endpoint Management and Security Suite
L.E.M.S.S.
AntiVirus
•Comprehensive Malware Signature Database•Variant and Exploit Detection •Sandbox Analysis•Run-time Scanning
Patch & Remediation
•Heterogeneous Support•Broadest 3rd Party Vulnerability Content •Automated Baselines•Advanced Patch Deployment and Reboot Control
Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment
Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting
Scalable | Single Extensible Agent | Modular Products | Secure
25
![Page 26: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/26.jpg)
Intelligent Whitelisting
Lumension Endpoint Management and Security Suite
L.E.M.S.S.
AntiVirus
•Comprehensive Malware Signature Database•Variant and Exploit Detection •Sandbox Analysis•Run-time Scanning
Application Control
•Application Whitelisting•Simplified Whitelist and Policy Creation•Automated “Trust Engine” whitelist maintenance•Deny unwanted Applications
Patch & Remediation
•Heterogeneous Support•Broadest 3rd Party Vulnerability Content •Automated Baselines•Advanced Patch Deployment and Reboot Control
Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment
Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting
Scalable | Single Extensible Agent | Modular Products | Secure
26
![Page 27: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/27.jpg)
![Page 28: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/28.jpg)
Better Visibility and Control
• Easy Lockdown - discovers all local applications and creates a local whitelist
» Discovers everything» Accounts for all variations
• Application Library - aggregates all snapshot discovery results centrally
» Central visibility» Flexible application grouping with details (hash,
name, certificate, path, etc.)
• Application Event Log - provide intelligence around how applications are being used, how they were introduced, and how prevalent they are
• Easy Auditor - identifies change control policy violations through real-world analysis
29
![Page 29: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/29.jpg)
Eliminate Unwanted Applications
•Easily stop unwanted, unsupported or risky applications and plug-ins» Immediate and simple risk mitigation
» Does not require “whitelisting enforcement”
Denied Application Policy prevents unwanted applications even if they are already installed
Easily remove unwanted applications with Lumension Patch and Remediation
30
![Page 30: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/30.jpg)
Reduce Local Admin Risk
Control Panel – uninstall program
Task Manager – kill process
Regedit / Command
Action Example How Lumension Stops
Install Applications
Change Configurations
Remove Patches & Uninstall Software
Defeat Security Tools
control.exe
Denied Application:
Denied Application:
cmd.exeregedit.exe
taskmgr.exe
Denied Application:
Application Control:Easy LockdownTrust Engine
31
![Page 31: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/31.jpg)
The Efficiency of Antivirus
Lumension Intelligent Whitelisting
Intelligent Whitelisting
The Flexibility and Ease Of Use
The Effectiveness of
Application Control
32
![Page 32: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/32.jpg)
Multiple Consoles• 3 – 6 different management consoles (avg range)
Agent Bloat• 3 – 10 agents installed per endpoint (avg range)• Decreased network performance
Lack of Control• 54% of IT security professionals cite managing
security complexity as their #1 challenge• Decreasing visibility and disparate data• Ad hoc monitoring of security posture• 43% of existing access rights were either excessive
or should have been retired
Increasing TCO of Point Products• Integration and Maintenance
Endpoint Protection Complexity
33
![Page 33: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/33.jpg)
With Lumension Device Control, You Can …
34
![Page 34: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/34.jpg)
Defense-in-Depth with Intelligent Whitelisting
Known Malware
Unknown Malware
Unwanted, Unlicensed, Unsupported applications
Application Vulnerabilities
Configuration Vulnerabilities
AntiVirus X X
ApplicationControl
X X
Patch & Remediation
X X
Security Configuration Management
X
35
![Page 35: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/35.jpg)
A Complete Defense With Lumension
Intelligent
Whitelisting
Fir
ewal
l /
IPS
An
ti-M
alw
are
Pat
ch M
anag
emen
t
Physical Access
36
![Page 36: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/36.jpg)
Next Steps
• Lumension® Intelligent Whitelisting™ » Overview
• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx
» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx
• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.
• www.lumension.com/special-offer/App-Whitelisting-V2.aspx
» Using Defense-in-Depth to Combat Endpoint Malware• l.lumension.com/puavad
» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx
37
![Page 37: Why Application Control is Vital for IT Security](https://reader036.vdocuments.site/reader036/viewer/2022062319/554f500ab4c905b9508b4cb3/html5/thumbnails/37.jpg)
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com