It securepro 10 nov 2010

Is your company protected against confidential data leakage?

November 10, 2010 www.itsecurepro.com

Agora Security Conference www.business-software.ro

Jan Petculescu General Manager - IT SECURE PRO



About It Secure Pro



2010 – new partnership





Avecto Privilege Guard




Avecto Privilege Guard enables organizations to adopt the principle of least privilege.

It is no longer necessary to assign admin rights to users, as these rights can now be assigned dynamically to applications, tasks and scripts.

Privilege Guard enables users to log on with minimal rights and empowers them to perform their day to day role, without compromising the integrity and security of the corporate systems.




Simple Policy Configuration

Enabling an application to run with elevated rights couldn’t be simpler. Define the application in the Privilege Guard Policies and set its identification options, such as filename, file hash, trusted publisher or command line.

Next, assign the application to the users who require elevated rights over the application and set up any additional options, such as end user messaging, auditing and privilege monitoring.

The policies are automatically committed to Active Directory Group Policy and will be deployed during the next Group Policy refresh cycle.




Privilege Monitoring

To assist in policy definition, Privilege Guard can be deployed in “passive mode” to users who have local admin or power user rights.

Privilege monitoring will analyze application behaviour and log events for any application that would fail to run under a standard user account. More detailed activity logs can also be captured, which enable closer inspection of any privileged operations performed by applications.

Once this information is collated, suitable policies may be defined to elevate the individual applications, enabling users to be removed from the local administrators or power users groups.




Application Control

In addition to controlling the privileges assigned to applications, Privilege Guard may also be used to control the applications that a user is allowed to install or run.

Policies may be configured that whitelist the trusted applications on a system, by identifying applications based on a combination of trusted folders, files, publishers or hashes. Any unauthorized applications, including software installers and scripts may be blocked and audited.

The end user is informed with a fully customizable message, including the option for the user to email a request for a blocked application. More advanced users may be allowed to run unauthorized applications, and in this scenario the user can simply be warned and their actions audited.




Privilege Guard Supported Platforms:

Windows XPWindows VistaWindows 7Windows Server 2003Windows Server 2008Windows Server 2008 R2

Both 32-bit and 64-bit versions are available for all platforms




Lumension® Device Control




Lumension® Device Control:

Centrally manages security policies regarding use of removable devices (e.g., USB flash drives) and media (e.g., DVDs/CDs) using a whitelist / "default deny" approachEnforces encryption policies when copying data to removable devices / mediaPrevents malware intrusion via removable devices / media, adding a layer of protection to your networkProvides the visibility, forensics and reporting needed to demonstrate compliance with applicable laws




1.Discover - Identify all removable devices that are now or have ever been connected to your endpoints through the use of a “learning” mode that allows you to collect information without disrupting business.

2.Assess - Define rules at both default and machine-specific levels for groups and individual users with regards to device access by class, model and/or specific ID, and uniquely identify and authorize specific media. These permissions can be linked to the user and user group information stored in Microsoft Active Directory or Novell eDirectory.


http://www.lumension.com/Partners/lumension-technology-programs/Microsoft-Gold-Certified-Partner.aspx

http://www.lumension.com/Partners/lumension-technology-partners/Novell.aspx

http://www.lumension.com/Partners/lumension-technology-partners/Novell.aspx



3.Implement - Enforce device and data usage policies by: file copy limitations (amount per day, time of day) and file type filtering. You can also enforce the encryption of data moved onto removable devices / media and apply permissions to specific and/or groups of endpoints, ports, devices and users (both on- and off-line), including scheduled / temporary access.

4.Monitor - Continuously monitor the effectiveness of device and data usage policies in real time and identify potential security threats by logging all device connections, recording all policy changes and administrator activities, and tracking all file transfers by file name and content type. You can even keep a copy of every file that is transferred to or from a removable device using our patented bi-directional shadowing technology.


http://www.lumension.com/Solutions/data-protection/usb-security-and-encryption-software.aspx



5.Report - Create both standard and customized reports on all device and data activity showing allowed and blocked events, which can be saved into a repository, shared via email, and/or imported into 3rd party applications




Lumension® Device Control features:

Per-Device PermissionsFlexible Policy with Granular ControlTemporary / Scheduled AccessFile Type FilteringData Copy Restriction256-bit AES Encryption




Lumension® Application Control




The threats aren’t going to stop and antivirus software alone cannot control the problem as malware threats are being developed faster than the necessary fixes and organizations need a product that prevents the execution of malicious code.

Centrally manage, monitor, and control applications with a whitelist approach that allows only authorized applications to run ensuring no malware, spyware, keyloggers, Trojans, worms, viruses, zero-day threats and unwanted or unlicensed software will execute on your network and disrupt your business.


http://www.lumension.com/Solutions/endpoint-protection/application-whitelisting-software.aspx



1.Discover - Identify all executable files and devices, collect profiles and organize into pre-defined file groups.

2.Implement - Assign permissions for applications to run based on executable, user, or user group attributes. Use an application whitelist approach to ensure that only authorized and legal applications can run on a computer. When a user wants to run an application, the OS request at the kernel level is intercepted by the Lumension driver. If the user has rights, then access will be granted. If the application is not known or the user does not have rights, then access will be denied






3.Monitor - Monitor the effectiveness of endpoint security policies in real time and identify potential threats by logging all application execution attempts and recording all policy changes and administrator activities.

4.Report - Demonstrate policy compliance and ensure software license compliance to meet Sarbanes Oxley, NERC, HIPAA, PCI, and GLBA requirements by drilling down on suspicious behavior for security or legal follow-up.


http://www.lumension.com/compliance-and-IT-risk-management/nerc-compliance-solutions.aspx

http://www.lumension.com/Solutions/reporting-and-compliance-software/hipaa-compliance-solutions.aspx

http://www.lumension.com/compliance-and-IT-risk-management/pci-compliance-solutions.aspx



Lumension® Endpoint Management and Security

SuitePatch and Remediation

LEMSS - Patch and Remediation



As IT environments have become increasingly complex, supporting virtual, distributed, and disparate platforms, companies must ensure that they maintain control of their endpoints.

Ensuring secure and standard endpoint configurations and patch management for third party applications and operating systems is paramount to reducing IT risk and improving endpoint operations.


http://www.lumension.com/vulnerability-management/patch-management-software-updates.aspx



LEMSS - Patch and Remediation is part of Lumension® Vulnerability Management which has been rated by analyst firms such as Forrester and IDC as a "leader" in vulnerability management because of its robust feature-set and broad support and provides broad support for multiple platforms, including Windows, Unix, Linux and Mac OS, and for third party applications, with the largest repository of Adobe vulnerability content




1. Discover - Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.

2. Assess - Proactively identify known issues before they can be exploited. Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.




3. Prioritize - Focus on your most critical security risks first.

4. Remediate - Automatically deploy patches to an entire network. Simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.

5. Report - Gain a holistic view your environmental risk. Access a full range of operational and management reports that consolidate discovery, assessment and remediation information on a single management console.




Lumension® Compliance and IT Risk Management





In today’s fast paced business environment, organizations face the challenge of complying with numerous regulations but still employ manual and improvised IT audit processes, incurring high costs with inaccurate results.

Over 400 Regulations and Standards documents are included in our solution with full cross-references to supporting IT controls




1. Risk Profiling - Easily model the relationship between your IT assets and business interests to identify IT-borne business risk. Lumension categorizes an organization’s resource types including technology, people and processes, and then develops a powerful risk profile through its patent-pending risk intelligence engine. The risk profile information is automatically correlated with internal and external compliance requirements and suggests mitigating IT controls to address potential regulatory and IT risk exposure.

2. Controls Framework - Leveraging the industry-standard Unified Compliance Framework (UCF), Lumension Risk Manager harmonizes controls across hundreds of different regulations including PCI, SOX, FISMA, HIPAA, NERC, CobiT, NIST, ISO frameworks, and many more. This means that no control is ever duplicated and the structure and language of each control follows the same predictable format.

http://www.lumension.com/Solutions/Unified-Compliance-Framework.aspx

http://www.lumension.com/compliance-and-IT-risk-management/pci-compliance-solutions.aspx

http://www.lumension.com/compliance-and-IT-risk-management/fisma-compliance-solutions.aspx

http://www.lumension.com/compliance-and-IT-risk-management/hipaa-compliance-solutions.aspx

http://www.lumension.com/compliance-and-IT-risk-management/nerc-compliance-solutions.aspx




3. Controls Assessment - Streamline and automate the workflow for assessing technical, physical and procedural controls by interfacing to either Lumension security solutions or third party point products such as vulnerability scanners. Utilize automated surveys to complete your assessment of physical and procedural controls.

4. Risk & Compliance Reporting - Generate reports with key metrics to satisfy a diverse IT risk and compliance audience through compliance and IT risk reporting, operational security reporting and remediation modeling and forecasting. Create "what-if" scenarios to better estimate how a project or remediation effort will improve your IT risk and compliance posture. Assign and track remediation projects to measure and reflect improvement in compliance and IT risk metrics.







Spector 360 incorporates SpectorSoft's award-winning computer monitoring technology that automatically records everything including emails sent and received, chat and instant messaging, web surfing, keystrokes typed, files transferred/printed/saved, online search, program activity, document tracking, and more!

Spector 360 takes the recorded Internet and computer activities from each of your employees, feeds that information into a database and provides you with more than 50 built-in, comprehensive reports -plus- unlimited customization.



With Spector 360 you will find answers to questions such as:

Which employees spend the most time surfing web sites?Who is spending time on shopping sites, sports sites or adult sites?Which employees chat or use anonymous email services like Hotmail and Gmail?Who is sending the most emails with attachments?Which employees may be leaking company confidential information via removable media like flash drives, CDs and DVDs?Which employees are printing sensitive documents?Who is arriving to work late and leaving early? Who takes long lunch breaks?What are my employees searching for on Google, Yahoo and MSN?



In August, SpectorSoft announced the release of Spector 360 Version 7.1 (7.1.1108).

Spector 360 adds support for Mac OS X making it possible to record user activities on both Windows and Apple computers. The new release provides you with the functionality to review both PC and Mac recordings from the same familiar Dashboard interface.











Spector 360 allows you to monitor what your employees do on their PC and on the Internet, so all applications run and all keystrokes typed are immediately available to you.

Just as a VCR records and plays back, Spector 360 provides you with the total picture of everything your employee does.

If training or other assistance is necessary to make that employee more productive or proficient, you’re able to quickly rectify the situation.



Thank you for your atention.Any questions?

Documents

It securepro 10 nov 2010