Govind Rammurthy - Securing The Endpoints In Networks - Interop Mumbai 2009

Securing the Endpoints in Networks

By Govind RammurthyCEO & Managing Director

Agenda

• Business Continuity Demands• Threat Scenario – Past & Present• Endpoints & Endpoint Security• Layers of Endpoint Security• Endpoint Security Best Practices

Business Continuity Demands• Unified Networks for

– Email, Text Chat, Web Browsing, File Sharing, Games– Voice, Audio, Video, Tele-presence, Telemedicine– Web Services, EDI, SCADA, Emergency Services

• Users To Enjoy Mobility– Any service from any device on any network– Seamless mobility across devices and networks– Strong but easy user authentication

• Reliability and Security of Networks.

Business Continuity Demands• Increased Access to Sensitive Information• Mission-critical network• Mobile and remote devices and users• Wide variety of endpoints• Wide variety of users: employees, customers, contractors,

guests• Interoperability

Vendors

Mobile PDA

Mobile Laptops

Home Computer

Local Users

File Servers

Web or App Servers

Email Servers

Desktops

Typical Network Security Scenario

Very High

High

Medium

Risks

Very Low

Low

Typical Network Security Scenario

Very High

High

Medium

Risks

Very Low

Low

Business Continuity Vs Security

Statistics on Attack Trends that could lead to Data/Identity Theft.

Theft / Loss

Insecure Policies

Hacking

Insider Threats

Unknown

54%

28%

13%

4%

1%

Threats were indiscriminate, hit everyone

Threats are highly targeted, regionalized

Threats were disruptive impact visible

Threats steal data & damage brands impact unclear

Remediation action was technical (“remove”)

Remediation more complex, may need to investigate data leak

Entry through perimeter and gateway

Entry through uneducated network clients and endpoints

Threats were noisy & visible to everyone

Threats are silent & unnoticed with variants

Threat Scenario – Past & Present

Endpoints & Endpoint SecurityKey Influencers:

A. Devices and Storage Mediums

B. Portability of Data

C. Accessibility

D. Compliance Laws & Regulations (HIPAA, SOX, etc.)

E. Extranet/Intranet Access provided to employees & partners.

F. Network Downtime due to infections

Endpoints & Endpoint SecurityA. Loss/leak of confidential information

B. Losing valuable employees

C. Unknown/invisible threats and loss of productivity due to using non-complaint storage mediums

D. Unauthorized intrusions – via Web Servers, email Servers, etc.

E. Access to internal networks via individual end points

F. Loss of Productivity due to Infections

A. IPODs / Portable Entertainment devices

B. Bluetooth Cell Phones

C. Wireless LAN

D. USB Devices

E. Open Non-authenticated Mail/Proxy Servers

F. Lack of defined employee security policies

G. Authorized Applications

Endpoints & Endpoint Security

• Data in Motion• Emails• Instant Messaging• P2P• File Transfers• Web Posts• Blogs

• Data at Rest• Laptops/Desktops/File Servers• USB

Key Data to be Protected

Endpoint Security Is Mission Critical


Reducing Threat Exposure

Information Protection & Control• Data in Motion• Data in RestAsset Protection & Control• Asset management• Desktop computing support• Application Control• Security Incident Alerts/logs• Policy Implementation & Oversight• NAC/NAP


• Endpoint management costs are increasing– Cost of downtime impacts both productivity and revenue– Costs to acquire, manage and administer point products are increasing, as well as the demand

on system resources• Complexity is increasing as well

– Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming

• Growing number of new known and unknown threats– Stealth-based and silent attacks are increasing, so there is a need for anti-virus to do much more

• The Perfect Endpoint Security system is with a Centrally Managed Client Security Solution. Some of the Major Technology based threats

– Bluesnarfing - Using Bluetooth– Podslurping – Using iPods– Thumbsucking – Using Thumb Drives– Zero-day threats – New and evolving threats


Layers of Endpoint Security

AntiVirus / Antispyware

Web Protection

Firewall

IntrusionPrevention

Device Control

Network AccessControl / Network Access

Protection

Antispam / Antiphising


AntiVirus / Antispyware

• Real-Time AV Scanning

• Spyware, Adware, Keylogger, & Rootkit Blocker

• Suspicious Application Detection

• Registry Monitoring

• Protection against web based threats

• Protection against email based threats

• Spyware and rootkit detection and removal

• Ability to safely remove infections & restore system files effectively

Detect, prevent and remove malicious code & Vulnerability-based protection


• Web/FTP/CHAT Scanning

• Domain and IP reputation based checker

• Block websites with restricted words

• Block web content (Multi-Media & Applications)

• Block web applets, Cookies, Scripts

• Block Pop-Ups

• Browser Cleanup

Web Protection


• Real-Time Antispam filter

• Sender reputation checker

• Antiphising filter

• Attachment Control

Antispam / Antiphising


Firewall

• Managed desktop firewall• Adaptive policies allowing for location awareness• Network, port, protocol, and application control


Intrusion Prevention

• Behavior-based prevention• Network traffic inspection• Application inspection


Device Control

• Device control to prevent data leakage at the endpoint • Protection against mp3 players, USB drives, etc.


Network Access Control / Network Access ProtectionControl Access

– to critical resources– to entire network

Based on– User identity and role– Endpoint identity and health– Other factors

With– Remediation– Management

Endpoint Security Best Practices1. Inventory all IT resources2. Group resources into levels of sensitivity3. Define end user access scenarios4. Associate end user access scenarios with levels of sensitivity5. Validate the policies with a select group using event logging6. Roll policies into full production7. User must Be authenticated

1. With Identity Management System8. Endpoint Must Be Healthy

• Anti-Virus software running and properly configured• Recent scan shows no malware• Personal Firewall running and properly configured• Patches up-to-date

9. Behavior Must Be Acceptable• No port scanning, sending spam

Any Questions and Queries?

THANK YOU!!!THANK YOU!!!