Key Strategies to Address Rising Application Risk in Your Enterprise

Today’s Speakers

2

Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE

Paul ZimskiVP of Solution StrategyLumension

Shifting IT Risk… from Servers and Operating Systems to

Endpoints and Applications

IT Networks 2000: Static Networks

4

Corporate HQ

Remote Offices & Subsidiaries

WAN

Corporate Data Center

Data centers used to house an organization’s critical information inside a

safe and well- defined perimeter

Changing Role of IT

5

Enabling the Use of New Technology

» Major Shift For IT Security

» It’s now IT’s job to say YES!

What Applications are Running on Your Endpoints?

Use of Instant Messaging

All Industries

Frequency Detected 95%

Total bandwidth consumed 2 TB

Total # of variants detected 62

Underlying technology 31 browser based25 client server6 peer-to-peer

Avg # of variants per org 12

Top 5 most commonly detected

1. YahooIM2. Facebook

Chat3. Gmail Chat4. MSN5. Meebo

Use of Social Networking

All Industries

Frequency Detected 94%

Total bandwidth consumed 2.9 TB

Total # of variants detected 35

Avg # of variants per org 14

Top 5 most commonly detected

1. Facebook2. Twitter3. Myspace4. LinkedIn5. Flixster

Palo Alto – The Application Usage and Risk Report, Spring 2010

6

Growing Application Centric Risk

» Social networking applications were detected in 95% of organizations. *

» 78% of Web 2.0 applications support file transfer.*

» 2/3 of applications have known vulnerabilities.*

» 28% of applications were known to propagate malware.*

* Palo Alto Networks Application Survey 2009, 2010

7

Increasing # of Web App Vulnerabilities

IBM X-Force

8

It’s Not Just a Microsoft Issue Anymore

9

Patching Client Side Apps Now #1 Priority

The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks.

Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.

SANS Institute, Top Cyber Security Risks, September 2009

10

The Top 5 Hacked Applications

Web Applications are the Leading Attack Path

The applications we use today for productivityCollaborative / Browser-based / Open Source

Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.

Source: Verizon, 2010 Data Breach Investigations Report

12

Adobe Targeted by Cyber Criminals

13

Browser - Gateway to Unauthorized Access

14

Apple is Not Immune

15

The Impact of Social Media

The Social Attack Vector Evolves

Source: Verizon, 2010 Data Breach Investigations Report

17

Social Media has Changed the Attack Vector

Botnet driven operations--Worm spreads via address replicator--Members trust downloadsMALWARE installed: --Pitches scareware --Steals cookies --Installs Waldac email spamming engine --Installs ZeuS banking Trojan --Carries out click-through fraud

Sample CAPTCHA: smwm

CAPTCHA protection

Memberaccount

Koobface unleashed with help of CAPTCHA breakers

18

Strategies to Mitigate Application Risk

1. Ensure Endpoints are Patched & Configured

2. Identify and Remove Known Malware from Endpoints

3. Enforce Application Use Policies

Strategy 1: Ensure Endpoints are Updated

Source:

1 - SANS Institute

21

• The top security priority is “patching client-side software”1

» Streamline patch management and reporting across OS’s AND applications

• Patch and defend is not just a Microsoft issue

» More than 2/3 of today’s vulnerabilities come from non-Microsoft applications

• Enforce policies to standardize and secure endpoint configurations from application risk

» Leverage NIST and OVAL, which provide non-biased vulnerability prioritization information

Adobe Application Support

Adobe Reader

Adobe Flash Player

Adobe Shockwave Player

Adobe Acrobat Pro

Adobe Photoshop

Adobe Air

Adobe InDesign

Lumension has more coverage than any other patch vendor!

22

Manage Online AND Offline Endpoints

Improve operations & reduce power consumption with Wake-On-LAN

• Allow maintenance of systems that are powered down

» Deliver critical patches and updates to offline machines

» Eliminate blind spots in ongoing network maintenance

» Improve your security posture

»Enhanced WOL relay architecture

23

Strategy 2: Identify & Remove Known Malware

•Make sure AV signatures are updated

•Important layer in your approach, but not effective as stand-alone

•Time-tested approach to identify and remove known malware

•Remove any known threats before the endpoint is locked

24

•Traditional AV scanning

•DNA Partial Pattern Recognition

•Exploit Detection

•Sandbox Analysis

25

Methods to Clean Endpoints

Strategy 3: Enforce Application Use Policies

26

Learned(Adaptive)

Allow Known Good; Block Everything Else

Block Known Bad; Allow Everything Else

•Approach to endpoint security must be based on Defense-In-Depth to effectively address targeted and blended threats

» Antivirus shifts to after-the-fact cleanup» Application whitelisting must support change over

time

Gartner Research

Malware

Application Whitelisting

Authorized•Operating Systems•Business Software

Known• Viruses• Worms• Trojans

Unauthorized•Games•iTunes

•Shareware•Unlicensed S/W

Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware

ApplicationsU

n-T

rust

ed

28

•For endpoints to be secure they have to be well managed

» Enforce security policy without disrupting business productivity• IT will be asked to support applications that they don’t own or control

• Balance user’s freedom with IT’s need for control

» Ensure software and endpoints are free of known malware and up-to-date

» Build and maintain the whitelist

Summary

29

Q&A

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com

http://blog.lumension.com