Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Novell®
Endpoint Security Management
Nolan Rosen Chris Christiansen Vice President Worldwide Sales, Novell Program Vice President at IDCSystems & Resource Management Security Products and Services
Chip Nemesi Richard WhiteheadVice President Americas, Novell Director of Product Marketing, NovellSystems & Resource Management Systems & Resource Management
© Novell Inc. All rights reserved
2
Today’s Agenda
Endpoint Security Issues – Chris Christiansen, IDC
Business at the Endpoint – Nolan Rosen, Novell
Endpoint Case Studies – Richard Whitehead, Novell
Q & A, Next Steps – Chip Nemesi, Novell
© 2008 IDC
EndPoint Security Issues
Podslurping, Thumbsucking... learn the best practices that will help everyone mind their manners, and protect your data! Novell WebinarMarch 13, 2008
Chris Christiansen, Program VP, Security Products & Services
© 2008 IDC
Mobility Threats
Laptops Outsell Desktops
Locally-stored Exceeds Server-stored Data
Wireless Outpacing Wired Networks
Smartphones Adding WiFi & Storage
Bottom Line: – Anti-Virus and Network Access Control
Not Enough.– Mobility Jeopardizes Corporate Data,
but Users Demand Mobility. – Turns IT into a Blind Target.
© 2008 IDC
Security Breaches
Data Lost in Transit
LGT Group 2002 - 2008 stolen: Liechtenstein private banking datasold to other government tax authorities
TD Ameritrade Sep 2007 stolen: personal data for 6.3 million peopleGAP Inc. Sep 2007 stolen: personal data for 800,000 peopleMonster.com Aug 2007 stolen: personal data for 1.6 million peopleFox News July 2007 stolen: personal data for 1.5 million peopleTJX Jan 2007 stolen: credit card details for 94 million peopleCardSystems June 2005 stolen: credit card details for 40 million people
UK Gov’t Nov 2007 lost: personal data for 15 million UK citizens
ACS Mar 2007 lost: personal data for 2.9 million people
CitiGroup June 2005 lost: personal data for 3.9 million customers
Bank of America Feb 2005 lost: SS numbers for 1.2 million customersSource: Privacy Rights Clearinghouse & Wall Street Journal
Major Data Security Breaches
© 2008 IDC
External Threat Landscape Focuses on Targeted Attacks
New Landscape
Threats are silent & go unnoticed
Threats are highly targeted
Threats steal data & damage brands impact undetermined
Remediation more complex, may need to investigate data leak
Overwhelming amount of variants and zero-day threats
Old Landscape
Threats are noisy & highly visible
Threats are indiscriminate
Threats are disruptive impact quickly visible
Remediation action is technical (“remove”)
Fewer named threats to focus on
© 2008 IDC
Internal vs. External Threats- Information Protection and Control
Source: IDC’s Enterprise Security Survey 2006
© 2008 IDC
Resources
Mobile DevicesData
OperatingSystems
ApplicationsVoice, CRM, UC
Control AccessControl
MessagingSecurity
Anti-Spyware
Malware Protection
PerimeterVPN
WirelessAccess Point
Firewall
IDS
VirusChecking
Web Security
Antispam
Extended PerimeterBusinessPartners
RemoteUsers/Telecommuters
Customers
BranchOffices
RoadWarriors
MobileWorkers
WirelessLAN
Personal PerimeterYahoo IM
FaceTime
MySpace
Wikis
Blogs
Web Mail
Blogs
Photo Sharing
YouTube
VOIP
Perimeters Extend From Corporate Employees to Partners to Personal
HomeWorkers
© 2008 IDC
Threat’s to Company’s Enterprise Network Security
6%
6%
6%
7%
8%
9%
9%
10%
11%
11%
13%
14%
16%
18%
19%
13%
10%
12%
20%
12%
23%
19%
31%
24%
18%
21%
23%
29%
28%
30%
25%
19%
34%
28%
24%
33%
30%
33%
29%
25%
29%
22%
27%
30%
27%
26%
32%
31%
24%
32%
26%
25%
20%
26%
27%
28%
26%
21%
17%
14%
30%
34%
17%
21%
23%
9%
17%
7%
11%
19%
9%
16%
8%
6%
10%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Inability to meet Government regulatory mandates
Competitor espionage
Casual intruders who don't fall under definitions of competitors,cyberterrorists, employees or partners
Mobile devices (PDAs, Smart Phones)
Cyberterrorism
Application vulnerabilities
Wireless LANs
Spyware
Misconfiguration of network and security equipment
Insider sabotage
Hackers
Data stolen by employee or business partner
SPAM
Trojans, viruses, worms and other malicious code
Employees inadvertently exposing confidential information
Significant Threat (5) 4 3 2 No Threat (1)
© 2008 IDC
Banking & Retail: Reputation Risk Carries Big Consequences
Customers don’t care where or how the breach occurred,they take action to mitigate identity theft risk (change banks)
0%
5%
10%
15%
20%
25%
18-24 25-34 35-44 45-54 55-64 65+
Changed Banks
Stopped Shopping Online
Identity Theft Victims
Average5.7%
18.3%
8.4%
Est. for US Population12 mill.
39 mill.
18 mill.
Source: Financial Insights Consumer Banking Survey, N = 1,000
© 2008 IDC
U.S. - Privacy/Security Laws, Bills, Standards, and Guidelines
Gramm-Leach-Bliley SEC 17A-4
USA PATRIOT Act Check-21
SANS Top 20
Banking & Finance
Sarbanes-Oxley HIPAA
ISO 17799 FERC/NERC
Utilities & Manufacturing
Gramm-Leach-Bliley California SB-1386
Credit Card PCI
Services & Retail
HIPAA 21 CFR Part 11
Sarbanes-Oxley
Healthcare & Pharmaceuticals
Telecommunications
CALEA USA PATRIOT Act
e-Signature Act Sarbanes-Oxley
Government
FISMA USA PATRIOT Act
Paperwork Reduction Cyber Security Enhancement
© 2008 IDC
Top User Security Concerns Echo Mobilization and Extended Perimeter
Risk Source % Responding Mobile Employees 52% Wireless Access 46% Guests (Interior Access) 45% Local Employees (Interior Access) 45% Contractors (Interior Access) 42% Managed Remote Offices 36% Partners (Exterior Access) 32% Customers (Exterior Access) 30%
© 2008 IDC
EndPoint Features
Desired Integrated NAC Features (Product Categories)
Identity Management 75%
Anti Virus (i.e., Malware) 74%
Endpoint Quarantine 70%
Policy Management 69%
App Level Authorization 63%
Automated Remediation 61%
Patch Management 61%
Compliance Reporting 60%
Feature % Responding
© 2008 IDC
Call for Action: 2008 Customer Priorities
Priority Items % Responding
Unauthorized Int./Ext. Net Access 81%Data Security And IP Protection 74%Malware Protection 68%Control Unmanaged Devices 58%Policy Management & Enforcement 57%Ensure Endpoint Compliance 53%Improved Network Health 52%Meet Regulatory Requirements 50%
Business at the EndpointNolan Rosen
Vice President Worldwide Sales, Novell, Inc.Systems & Resource Management
© Novell Inc. All rights reserved
16
Industrial Strength Security Solution
© Novell Inc. All rights reserved
17
Business at the Endpoint
• Two-thirds of fresh and critical business data resides on employee workstations or notebooks, NOT on servers
• 63 percent of enterprises view extending paper-based and desktop applications to endpoints devices as critical for maintaining the competitive advantage of their businesses
• Mobile worker population to
increase from 650M to more than 850M in 2009. Productivity of people and secure mobile data.
“In many cases, corporations have invested significant resources in securing their servers and networks, but don’t realize the extent to which there’s an entire domain left largely ignored -- the extended space of mobile computing.”
Bill Malik,Aberdeen Group
TECHNOLOGY REALITY
Source: IDC, Gartner, TechRepublic
© Novell Inc. All rights reserved
18
Endpoints – the Achilles heel of corporate security Devices can connect to each PC – no visibility, no control
• Over 26,000 different USB products exist, 1.4 billion shipped in 2005
– Storage devices– Networking adapters– Printers, scanners, webcams– Coffee warmers, hand
massagers…
• Over 1 billion devices have been sold to date
– Over 32 million iPods sold in 2005– Over 5 million Bluetooth devices
are sold every week– Their capacity keeps growing –
10GB drive for $50 by 2010– They are virtually impossible to
trace
© Novell Inc. All rights reserved
19
Complete Endpoint Security
© Novell Inc. All rights reserved
20
What is the Security problem?Secures the Endpoint and \ or the Network
from the Endpoint
• Network Access Control
• Remediation
• Enforcement
• Intrusion Prevention
• Vulnerability Assessment
ENDPOINT
© Novell Inc. All rights reserved
21
Policy Enforcement Approach
© Novell Inc. All rights reserved
22
Corporate Directory Integration
The administrator can publish policies to individuals, to groups, to OUs, or everyone, transparently leveraging existing enterprise identity repositories (such as e-Directory, Active Directory, NT4 domains, LDAP, eDirectory…)
© Novell Inc. All rights reserved
23
Comprehensive Policies Portfolio
Benefits
Real-time endpoint security enforcement
Defense-in-depth protection from attacks
Context Sensitive security Corporate directory integrated Centralized management Comprehensive 360 enforcement Compliance out of the box Ease of Deployment
Capabilities
Advanced Firewall VPN Enforcement Wireless Bluetooth USB Security. Removable Storage Encryption (Roadmap) Compliance reporting Policy enforcement Application Control Self Defense
© Novell Inc. All rights reserved
24
Location-Aware Enforcement
Location-Aware
• Automatically adjusts controls and protections
• No user configuration or decisions required
• Ideal for Wireless, Application Control, and Removable Storage Device policy enforcement.
IT Problem Statement: “I can secure our users while they’re on corporate networks, but can we keep endpoint PCs under policy controls when not connected to corporate LANs, and without users having to change their own configurations?”
© Novell Inc. All rights reserved
25
Best Practice Methodology
Vulnerability Assessment
Policy Definition
Architecture & Design
Deployment & Configuration Manage
1 2 3 4 5
Transform paper-based policies into technology solution
to mitigate corporate risk
Deployment and configuration of
solution.
Support, management and
maintenance
Assessing vulnerabilities
associated with business and IT
processes, problems and objectives
Translate business goals and
vulnerabilities into paper-based policies
that can be solved with technology
Case Studies
© Novell Inc. All rights reserved
27
Neumont University - Education
• Computer science university, supplies students with laptops and campus wireless infrastructure
• Faculty and Campus– Data in motion: sensitive information for grades, student
information, course materials– Accreditation requirements to protect this data
• Students– Ensure access to campus wireless infrastructure to protect
their data and their devices
© Novell Inc. All rights reserved
28
Technicolor - Entertainment
• As a studio partner, Technicolor handles hundreds of individual movies and television titles each year
• Handling customer data before official release• Optical writer (CD/DVD) controls• Control for removable storage devices• Reporting on data transferred
© Novell Inc. All rights reserved
29
Military and Government
• Ensure traveling laptops are protected with layer 2 personal firewalls to protect from lowest level attacks – including protocol exploit attacks.
• Ensure traveling laptops follow remote connectivity mandates, including enforcement of VPN usage when the laptop is out of the office.
• When in the office, ensure that wireless usage is controlled per mandates – including automatically disabling as appropriate.
• When in the office, ensure that the laptop cannot run both wired and wireless network connections simultaneously by disabling the wireless network driver whenever a wired connection is active.
© Novell Inc. All rights reserved
30
Next StepsVisit: www.novell.com/endpointwebcast1) Sign Up Today if you're interested in joining us for an
exclusive Endpoint Security Seminar in your local area (space is limited)
2) Find out how secure your corporate data really is• Take the Free Endpoint Security Threat Assessment
3) Easy Access:• IDC Endpoint Security White Paper • Endpoint Security Webcast (within 48 hours)• Webcast Presentation & Q&A Document
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.