View
891
Download
1
Category
Tags:
Preview:
DESCRIPTION
As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary – but not sufficient – layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term. View these slides to learn the recommended steps to check unknown executables on your endpoints as we dive into a technical discussion of what the critical items to address:* Prepare – properly laying the groundwork for implementing application whitelisting is crucial to ultimate success.* Lockdown – preventing unwanted or dangerous changes while providing necessary flexibility to support business needs.* Manage – maintaining the environment as application, end user and business needs develop.
Citation preview
Developing Best Practices for Application Whitelisting
An In-Depth Technical Webcast
Today’s Agenda
Introduction
Augment Your Defenses to Mitigate Zero-Days,with Lessons Learned from the Field• Laying the Groundwork• Creating Policies• Protecting Endpoints• Managing the Environment
Q & A
Today’s Panelists
3
David MurraySr. Product ManagerLumension
Douglas WallsChief Information OfficerEMSolutions, Inc.
4
Why Application Whitelisting Is Important
AVDevice Control
Application Control
Patch & Configuration Management
5%
Zero-Days30%
Missing Patches
65%
Misconfigurations
Sources of Endpoint RiskToday’s Endpoint Security Stack
AVERAGE detection rate after 30 days = 62%
5
Benefits of a Solid Whitelisting Process
Malware Costs Money Controlled Change is Good
© Creative Commons / Kevin Dooley
6
Application Whitelisting Best Practices
Laying the Groundwork
ProtectingEndpoints
CreatingPolicies
Managing the Environment
ApplicationWhitelisting
Process
Laying the Groundwork
Clean
8
Groundwork | Policies | Lockdown | Management
Avoid End User Disruption• No need to reimage
• Off-hours, thorough scan to remove known malware
Scan
9
Groundwork | Policies | Lockdown | Management
Organize
10
Groundwork | Policies | Lockdown | Management
Denied Apps
11
Groundwork | Policies | Lockdown | Management
Eliminate unknown or unwanted applications on your endpoints
Prevent applications from executing even while endpoints are in monitor mode only
Admin Console View
User Endpoint View
Creating Policies
Trusted Updater
13
Groundwork | Policies | Lockdown | Management
Automated whitelist maintenance reduces workload
Trusted Publisher
14
Groundwork | Policies | Lockdown | Management
Automated whitelist maintenance reduces workload
Trusted Path
15
Groundwork | Policies | Lockdown | Management
Automated whitelist maintenance reduces workload
Monitor
16
Groundwork | Policies | Lockdown | Management
Stabilize Whitelist Maintenance• Full visibility into unaccounted for
changes (good and bad)
• Accommodate variations
• Reduce maintenance workload
Local Authorization
17
Groundwork | Policies | Lockdown | Management
Admin Console View
User Endpoint View
Effectively Balance Security and Productivity• End user flexibility
• “Third Way” between Monitor and Lockdown
Protecting Endpoints
Enforce
19
Groundwork | Policies | Lockdown | Management
Easy Transition• Minimize disruption
• Provide flexibility
• Minimize workload
Fine-Tune
20
Groundwork | Policies | Lockdown | Management
Think Globally, Act Locally
• Harmonize where appropriate
• Anticipate future needs
Managing the Environment
Control
22
Groundwork | Policies | Lockdown | Management
Is this aKnown Good?
Should my users have this?
Is this Unwanted?
Who wrote this?
Is this aKnown Bad?
Where did this come from?
What is trying to install this?
Adapt
23
Groundwork | Policies | Lockdown | Management
© Creative Commons / Bruce Tuten
Develop processes• Changes in environment• Changes in end user needs• Changes in business needs
Create flexibility to balance security with productivity across entire organization
Q & A
More Information
• Free Security Scanner Tools» Application Scanner – discover all the apps
being used in your network» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network » Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Intelligent Whitelisting™» Online Demo Video:
http://www.lumension.com/Resources/Demo-Center/Endpoint-Security.aspx
» Free Trial (virtual or download):http://www.lumension.com/intelligent-whitelisting/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/intelligent-whitelisting/buy-now.aspx#7
25
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com
Recommended