DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Management - Riga NOV 2011

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Good Morning!

“Real time IT security risk and compliance

management”

Thomas Wendrich, Director Nordics & CIS, Lumension Security

SORRY, WE DON’T ACCEPT CREDIT CARDS!

1. NEW GENERATION

2. ENDPOINT SECURITY

Blacklisting

As The Core

Zero Day

3rd Party

Application

Risk

Malware

As a

Service

Volume of

Malware

Traditional

Endpoint Security

5

A Perfect Storm At The Endpoint

5

Increasing

Threats

Rising

Costs

Ineffectiveness of

AntiVirus

“How many Malware Signatures identified?

… yearly

… monthly

… daily

QUESTION?

7 November 28, 2011 7

Cyber Crime Altering Threat Landscape

Malware Growth (Main Variations)

200,000

400,000

100,000

300,000

500,000

2003 2004 2005 2006 2000 2001 2002 2007

Source: McAfee Labs

Virus and Bots PUP Trojan

8 November 28, 2011

2003 2004 2005 2006 2000 2001 2002 2007


400,000

800,000

200,000

600,000

1,000,000

1,200,000

1,400,000

1,600,000

1,800,000

2,000,000

2,200,000



2008

Source: McAfee Labs

9 November 28, 2011 9

2008




2,400,000

2,600,000

2,800,000

3,000,000

3,200,000

400,000

800,000

200,000

600,000

1,000,000

1,200,000

1,400,000

1,600,000

1,800,000

2,000,000

2,200,000

2009

Source: McAfee Labs

Macintosh

Macintosh

Major Wave of Fake-AV

Question?

“How many Malware Signatures identified?

… yearly

… monthly

… daily +55.000

Zeus Tracker (https://zeustracker.abuse.ch/)

3. DATA LOCATION

…but which cloud will it be?

…Agenda

16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

… confidential bank account information

IT Networks today …globally & virtually distributed

Corporate

HQ

Mobile Endpoints

Remote Offices

& Subsidiaries

WAN Internet

Cloud-based

Computing

Data

Center

PCI DSS, PA DSS, 27001, CoBiT, Basel II, SOX, VbV, MC SecureCode

National Bank regulations … … …

4. COMPLIANCE

Mounting External Compliance Regulations

EU Directive

Basel II

HIPAA

Sarbanes-Oxley,

Section 404

PCI Data Security

Standards (DSS)

PII Security

Standards

21CFR11

Gramm Leach

Bliley (GLBA)

USA Patriot Act

SB1386

(CA Privacy Act)

EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive

HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA

21CFR11 21CFR11 21CFR11 21CFR11 21CFR11

Gramm Leach

Bliley (GLBA)

Gramm Leach

Bliley (GLBA)

Gramm Leach

Bliley (GLBA)

Gramm Leach

Bliley (GLBA)

USA Patriot Act USA Patriot Act USA Patriot Act

SB1386

(CA Privacy Act)

SB1386

(CA Privacy Act)

Basel II

PCI Data Security

Standards (DSS)

Time *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com

3 out 4 organizations must comply with two or

more regulations and corresponding audits.

43% of organizations comply with 3 or more

regulations.

Our IT Networks Were Never Designed With

Compliance In Mind

Today Organizations Spend 30-50%

More On Compliance Than They Should

!! SUMMARY !!

5. CRISIS

Thank you!

Lumension-at-a-Glance

» Founded 1991

» 300 Employees Worldwide

» Dedicated Operations

in 8 Countries

» Deloitte Tech Fast 500

» 18% 4-Year Revenue

CAGR

» Industry-Leading Patented

Technology

» Over 5,000 worldwide

customers

» ~14M Nodes Managed

Diversified customer base in Public Sector, Financial Services, Professional Services and Healthcare


Lumension Leads the Way

25

First cross-platform

and application patch

management solution

First credentialed-

based vulnerability

scanner

First to introduce

whitelisting / patented

file “shadowing”

technology

First Patent pending

Risk Intelligence

Engine

1991

Market Share Leader: Patch Management, Enterprise Risk Management, Device Control

2007 2009 2010

First

Intelligent

Whitelisting


What do these Companies have in Common

http://www.theiia.org/chapters/files/35/i/logo_capitalone2.gif

http://www.metrokc.gov/exec/news/1999/102899wellsfargo.gif

http://www.hsbc.com/

http://images.google.com/imgres?imgurl=http://www.osbaccess.com/Logos/Golden1Logo.gif&imgrefurl=http://www.osbaccess.com/modules.php?op=modload&name=News&file=index&catid=&topic=1&h=50&w=150&sz=4&hl=en&start=18&um=1&tbnid=mzEuKUkaKPXX9M:&tbnh=32&tbnw=96&prev=/images?q=the+golden+1+credit+union+logo&svnum=10&um=1&hl=en

http://successfulbankingjobs.com/wp-content/uploads/2008/06/12.jpg

http://www.mlpsa.org/siteassist_images/sponsor-logos/JPMorganChase-logo.JPG

http://www.swedbank.com/sst/inf/out/infOutVisa/0,,136866,00.html

http://images.google.com/imgres?imgurl=http://www.tsysprepaid.com/content/tsysprepaid/graphics/logos/tsys_top_logo.gif&imgrefurl=http://www.tsysprepaid.com/content/tsysprepaid/news/press_releases/tsys_discuss_intele-cardexpo_9-12-06.htm&h=35&w=105&sz=2&hl=en&start=2&um=1&tbnid=9Pv5n4ILLmGiDM:&tbnh=28&tbnw=84&prev=/images?q=tsys+processor+logo&svnum=10&um=1&hl=en

How about these technologies …

•Ethernet

•Graphical user interface

•Mouse

•Laser printing

•Object-oriented programming

•WYSIWYG & file formatting

•Fiber Optics

•Encryption Systems

•Optical storage

•WORM

•Natural Language processing

•Solid –State Laser


Putting the Enterprise Back in Control

Malware

Signatures

Costs of dealing

w/ Incidents

Effectiveness

of current

technologies

2004

3 million Malware

signatures

2009

30 million Malware

signatures

Reduce Costs with

dynamically deployed

IWL in an operational

environment

The State of Endpoint Insecurity

“Over 90% of cyber attacks exploit known

security flaws for which a remediation is

available” Gartner

» Malware has increased by 500% and major

AV firms are falling behind on documenting

known signatures. 1

» 2M+ malware signatures identified monthly

» Nearly 90% of vulnerabilities could be

exploited remotely 2.

» 19 new vulnerabilities are released per day. 3

» Average cost of a data breach $6.75M. 4

» 70% of all serious data incidents sparked by

an insider. 5 Sources:

1 : AV-test.org

2 : Aberdeen Group Vulnerability Management Report, 2008

3 : National Vulnerability Database, April 9, 2010

4 : Ponemon Institute ,2010

5 : IDC Security Report, 2007

29

The State of Endpoint Complexity

» 3-5 different software consoles are used

in the day to day management of endpoint

security & operational functions.*

» The average endpoint has 3-5 agents

installed.*

» 49% of endpoint TCO is associated with

security and operational management.**

» 52% of IT Operations professionals cite a

lack of integration across technologies as

the #1 security risk.*

30

*Ponemon Institute, State of The Endpoint, 2009

** Aberdeen Research, Endpoint Security, Endpoint Management, 2009

“Point technologies tax IT resources with additional

administration, integration, and maintenance,

burden while limiting user productivity”

Lumension® Endpoint Management Platform

Single endpoint management

solution on a unified platform

» Ease of management

» Feature extensibility via separately

licensed modules

» Integrated endpoint security

workflows

Reduced management overhead

» Integrated console

» Centralized visibility and control

» Single agent architecture


31

An

tivir

us

Ap

pli

cati

on

Co

ntr

ol

Patc

h &

Rem

ed

iati

on

Po

wer

Man

ag

em

en

t

n M

od

ule

Lumension® Endpoint

Management Platform

31

Unified Management Console

32

2009 Integration

Endpoint Operations

Endpoint Security

Compliance

» Role-based workflows

» Consolidated data

» Intuitive web interface

» Central control &

visibility

» Operational & strategic

reporting

» Improved productivity

Unified Management Console


Modular Agent - Pluggable Enterprise Service Bus

•Single common agent delivers

and manages many capabilities

via pluggable services

•Provides single, integrated

communication mechanism

between the L.E.M.S.S. agent

and the server

•Monitors and secures L.E.M.S.S.

modules on the endpoint

33

Patch and Remediation

Application Control

Client Transport

Security CO

MM

E

ve

nt Q

ue

ue


Lumension Endpoint Management and Security Suite: Dashboard


Lumension Endpoint Management Platform

35

Pla

tfo

rm

Endpoint

Management

Security

Suite

I W

L

Lumension

Intelligent

Whitelisting IT G

RC

Lumension

Risk

Manager

Risk

Centric

Operations

support

Control and efficiency

Business transformation

Compliance

Centric

Security

Centric

Busin

ess v

alu

e e

xpecta

tions

IT Security Capability

Today Most Businesses & Governments are Compliance-Centric

Forrester 2010

OBJECTIVE? COMPLIANCE? …where we are?


PCI DSS

ISO 27001

Internal Policy

Challenges in Compliance and Risk Management

Databases

Applications

Networks

Facilities

Servers

Partners

Processes

Workstations

Business Interests

MC SecureCode

VbV

...

Auditor

Stakeholders

? Executive

Management

38

What is your Security Posture?

Key Questions to ask

Can you currently assess your

Compliance & IT Risk posture?

What’s your security posture?

How are your departments

doing in complying with

policy?

What and where are your

deficiencies?

What is the impact to your

business if you have a data

breach?

Organizations lack the visibility across Compliance & IT Risk exposure and are

unable to take proactive action

?

? ?

?

2009 Enterprise Management Associates Survey of IT Governance Risk & Control

?


Lumension® Risk Manager: Vision and Strategy

What is the Security Posture Index?

1.Security Posture Index is a score that tells a CISO, Director

of Infosec, Security Team how secure they are…over time.

2.Security Posture Index includes:

» An index or score, shown in LRM as the Security Posture Index (SPI)

» A set of metrics measuring risk against the criticality of your assets

» Trending information showing compliance to your internal policies

» Analytics and impact analysis

» Remediation projects


Security Posture Index

Comprehensive

» Gain true visibility into your security posture through the measurement

of technical, procedural, and physical controls

» LRM is built on a comprehensive framework that incorporates all

types of controls

40 40



Current

» Good visibility depends

on current data

» LRM provides

automatic

assessments for data

collection through

connectors

» We capture scoring

evidence from systems

we connect to daily,

quarterly, annually

41 41



Current

» We also collect data from things

that can’t be scanned!

• Assessment workflows

• Survey capabilities


43 43

Compliance & IT Risk

Management Console

LRM Continuous Monitoring

Business Impact Compliance Audit

& Reporting

Compliance & IT Risk

Exposure

Operational Assessment

Strategic Tactical

Integrated strategic compliance and IT risk visibility with tactical assessment

information to maintain continuous monitoring of organizational compliance & policy



LAC: Application Scanner 2.0 – Assess Files

LPR: Composite Inventory Report


LRM: Security Dashboard and Metrics

46

Security Posture Index (SPI) Trending



Questions?


COFFEE!


Thank you!