Upload
andris-soroka
View
897
Download
1
Embed Size (px)
DESCRIPTION
Presentation from "DSS" organized ITSEC conference on 24th of November, RIga, Latvia.
Citation preview
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Good Morning!
“Real time IT security risk and compliance
management”
Thomas Wendrich, Director Nordics & CIS, Lumension Security
SORRY, WE DON’T ACCEPT CREDIT CARDS!
1. NEW GENERATION
2. ENDPOINT SECURITY
Blacklisting
As The Core
Zero Day
3rd Party
Application
Risk
Malware
As a
Service
Volume of
Malware
Traditional
Endpoint Security
5
A Perfect Storm At The Endpoint
5
Increasing
Threats
Rising
Costs
Ineffectiveness of
AntiVirus
“How many Malware Signatures identified?
… yearly
… monthly
… daily
QUESTION?
7 November 28, 2011 7
Cyber Crime Altering Threat Landscape
Malware Growth (Main Variations)
200,000
400,000
100,000
300,000
500,000
2003 2004 2005 2006 2000 2001 2002 2007
Source: McAfee Labs
Virus and Bots PUP Trojan
8 November 28, 2011
2003 2004 2005 2006 2000 2001 2002 2007
Malware Growth (Main Variations)
400,000
800,000
200,000
600,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2,000,000
2,200,000
Virus and Bots PUP Trojan
Cyber Crime Altering Threat Landscape
2008
Source: McAfee Labs
9 November 28, 2011 9
2008
Virus and Bots PUP Trojan
Cyber Crime Altering Threat Landscape
Malware Growth (Main Variations)
2,400,000
2,600,000
2,800,000
3,000,000
3,200,000
400,000
800,000
200,000
600,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2,000,000
2,200,000
2009
Source: McAfee Labs
Macintosh
Macintosh
Major Wave of Fake-AV
Question?
“How many Malware Signatures identified?
… yearly
… monthly
… daily +55.000
Zeus Tracker (https://zeustracker.abuse.ch/)
3. DATA LOCATION
…but which cloud will it be?
…Agenda
16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
… confidential bank account information
IT Networks today …globally & virtually distributed
Corporate
HQ
Mobile Endpoints
Remote Offices
& Subsidiaries
WAN Internet
Cloud-based
Computing
Data
Center
PCI DSS, PA DSS, 27001, CoBiT, Basel II, SOX, VbV, MC SecureCode
National Bank regulations … … …
4. COMPLIANCE
Mounting External Compliance Regulations
EU Directive
Basel II
HIPAA
Sarbanes-Oxley,
Section 404
PCI Data Security
Standards (DSS)
PII Security
Standards
21CFR11
Gramm Leach
Bliley (GLBA)
USA Patriot Act
SB1386
(CA Privacy Act)
EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive
HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA
21CFR11 21CFR11 21CFR11 21CFR11 21CFR11
Gramm Leach
Bliley (GLBA)
Gramm Leach
Bliley (GLBA)
Gramm Leach
Bliley (GLBA)
Gramm Leach
Bliley (GLBA)
USA Patriot Act USA Patriot Act USA Patriot Act
SB1386
(CA Privacy Act)
SB1386
(CA Privacy Act)
Basel II
PCI Data Security
Standards (DSS)
Time *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com
3 out 4 organizations must comply with two or
more regulations and corresponding audits.
43% of organizations comply with 3 or more
regulations.
Our IT Networks Were Never Designed With
Compliance In Mind
Today Organizations Spend 30-50%
More On Compliance Than They Should
!! SUMMARY !!
5. CRISIS
Thank you!
Lumension-at-a-Glance
» Founded 1991
» 300 Employees Worldwide
» Dedicated Operations
in 8 Countries
» Deloitte Tech Fast 500
» 18% 4-Year Revenue
CAGR
» Industry-Leading Patented
Technology
» Over 5,000 worldwide
customers
» ~14M Nodes Managed
Diversified customer base in Public Sector, Financial Services, Professional Services and Healthcare
24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension Leads the Way
25
First cross-platform
and application patch
management solution
First credentialed-
based vulnerability
scanner
First to introduce
whitelisting / patented
file “shadowing”
technology
First Patent pending
Risk Intelligence
Engine
1991
Market Share Leader: Patch Management, Enterprise Risk Management, Device Control
2007 2009 2010
First
Intelligent
Whitelisting
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
What do these Companies have in Common
How about these technologies …
•Ethernet
•Graphical user interface
•Mouse
•Laser printing
•Object-oriented programming
•WYSIWYG & file formatting
•Fiber Optics
•Encryption Systems
•Optical storage
•WORM
•Natural Language processing
•Solid –State Laser
28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Putting the Enterprise Back in Control
Malware
Signatures
Costs of dealing
w/ Incidents
Effectiveness
of current
technologies
2004
3 million Malware
signatures
2009
30 million Malware
signatures
Reduce Costs with
dynamically deployed
IWL in an operational
environment
The State of Endpoint Insecurity
“Over 90% of cyber attacks exploit known
security flaws for which a remediation is
available” Gartner
» Malware has increased by 500% and major
AV firms are falling behind on documenting
known signatures. 1
» 2M+ malware signatures identified monthly
» Nearly 90% of vulnerabilities could be
exploited remotely 2.
» 19 new vulnerabilities are released per day. 3
» Average cost of a data breach $6.75M. 4
» 70% of all serious data incidents sparked by
an insider. 5 Sources:
1 : AV-test.org
2 : Aberdeen Group Vulnerability Management Report, 2008
3 : National Vulnerability Database, April 9, 2010
4 : Ponemon Institute ,2010
5 : IDC Security Report, 2007
29
The State of Endpoint Complexity
» 3-5 different software consoles are used
in the day to day management of endpoint
security & operational functions.*
» The average endpoint has 3-5 agents
installed.*
» 49% of endpoint TCO is associated with
security and operational management.**
» 52% of IT Operations professionals cite a
lack of integration across technologies as
the #1 security risk.*
30
*Ponemon Institute, State of The Endpoint, 2009
** Aberdeen Research, Endpoint Security, Endpoint Management, 2009
“Point technologies tax IT resources with additional
administration, integration, and maintenance,
burden while limiting user productivity”
Lumension® Endpoint Management Platform
Single endpoint management
solution on a unified platform
» Ease of management
» Feature extensibility via separately
licensed modules
» Integrated endpoint security
workflows
Reduced management overhead
» Integrated console
» Centralized visibility and control
» Single agent architecture
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
31
An
tivir
us
Ap
pli
cati
on
Co
ntr
ol
Patc
h &
Rem
ed
iati
on
Po
wer
Man
ag
em
en
t
n M
od
ule
Lumension® Endpoint
Management Platform
31
Unified Management Console
32
2009 Integration
Endpoint Operations
Endpoint Security
Compliance
» Role-based workflows
» Consolidated data
» Intuitive web interface
» Central control &
visibility
» Operational & strategic
reporting
» Improved productivity
Unified Management Console
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Modular Agent - Pluggable Enterprise Service Bus
•Single common agent delivers
and manages many capabilities
via pluggable services
•Provides single, integrated
communication mechanism
between the L.E.M.S.S. agent
and the server
•Monitors and secures L.E.M.S.S.
modules on the endpoint
33
Patch and Remediation
Application Control
Client Transport
Security CO
MM
E
ve
nt Q
ue
ue
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension Endpoint Management and Security Suite: Dashboard
34 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension Endpoint Management Platform
35
Pla
tfo
rm
Endpoint
Management
Security
Suite
I W
L
Lumension
Intelligent
Whitelisting IT G
RC
Lumension
Risk
Manager
Risk
Centric
Operations
support
Control and efficiency
Business transformation
Compliance
Centric
Security
Centric
Busin
ess v
alu
e e
xpecta
tions
IT Security Capability
Today Most Businesses & Governments are Compliance-Centric
Forrester 2010
OBJECTIVE? COMPLIANCE? …where we are?
36 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
PCI DSS
ISO 27001
Internal Policy
Challenges in Compliance and Risk Management
Databases
Applications
Networks
Facilities
Servers
Partners
Processes
Workstations
Business Interests
MC SecureCode
VbV
...
Auditor
Stakeholders
? Executive
Management
38
What is your Security Posture?
Key Questions to ask
Can you currently assess your
Compliance & IT Risk posture?
What’s your security posture?
How are your departments
doing in complying with
policy?
What and where are your
deficiencies?
What is the impact to your
business if you have a data
breach?
Organizations lack the visibility across Compliance & IT Risk exposure and are
unable to take proactive action
?
? ?
?
2009 Enterprise Management Associates Survey of IT Governance Risk & Control
?
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension® Risk Manager: Vision and Strategy
What is the Security Posture Index?
1.Security Posture Index is a score that tells a CISO, Director
of Infosec, Security Team how secure they are…over time.
2.Security Posture Index includes:
» An index or score, shown in LRM as the Security Posture Index (SPI)
» A set of metrics measuring risk against the criticality of your assets
» Trending information showing compliance to your internal policies
» Analytics and impact analysis
» Remediation projects
39 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Posture Index
Comprehensive
» Gain true visibility into your security posture through the measurement
of technical, procedural, and physical controls
» LRM is built on a comprehensive framework that incorporates all
types of controls
40 40
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Posture Index
Current
» Good visibility depends
on current data
» LRM provides
automatic
assessments for data
collection through
connectors
» We capture scoring
evidence from systems
we connect to daily,
quarterly, annually
41 41
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Posture Index
Current
» We also collect data from things
that can’t be scanned!
• Assessment workflows
• Survey capabilities
42 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
43 43
Compliance & IT Risk
Management Console
LRM Continuous Monitoring
Business Impact Compliance Audit
& Reporting
Compliance & IT Risk
Exposure
Operational Assessment
Strategic Tactical
Integrated strategic compliance and IT risk visibility with tactical assessment
information to maintain continuous monitoring of organizational compliance & policy
43 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
44 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
LAC: Application Scanner 2.0 – Assess Files
LPR: Composite Inventory Report
45 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
LRM: Security Dashboard and Metrics
46
Security Posture Index (SPI) Trending
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Questions?
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
COFFEE!
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Thank you!