Upload
lumension
View
663
Download
1
Tags:
Embed Size (px)
Citation preview
Today’s Speakers
2
Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE
Paul ZimskiVP of Solution StrategyLumension
IT Networks 2000: Static Networks
4
Corporate HQ
Remote Offices & Subsidiaries
WAN
Corporate Data Center
Data centers used to house an organization’s critical information inside a
safe and well- defined perimeter
Changing Role of IT
5
Enabling the Use of New Technology
» Major Shift For IT Security
» It’s now IT’s job to say YES!
What Applications are Running on Your Endpoints?
Use of Instant Messaging
All Industries
Frequency Detected 95%
Total bandwidth consumed 2 TB
Total # of variants detected 62
Underlying technology 31 browser based25 client server6 peer-to-peer
Avg # of variants per org 12
Top 5 most commonly detected
1. YahooIM2. Facebook
Chat3. Gmail Chat4. MSN5. Meebo
Use of Social Networking
All Industries
Frequency Detected 94%
Total bandwidth consumed 2.9 TB
Total # of variants detected 35
Avg # of variants per org 14
Top 5 most commonly detected
1. Facebook2. Twitter3. Myspace4. LinkedIn5. Flixster
Palo Alto – The Application Usage and Risk Report, Spring 2010
6
Growing Application Centric Risk
» Social networking applications were detected in 95% of organizations. *
» 78% of Web 2.0 applications support file transfer.*
» 2/3 of applications have known vulnerabilities.*
» 28% of applications were known to propagate malware.*
* Palo Alto Networks Application Survey 2009, 2010
7
Patching Client Side Apps Now #1 Priority
The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks.
Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.
SANS Institute, Top Cyber Security Risks, September 2009
10
Web Applications are the Leading Attack Path
The applications we use today for productivityCollaborative / Browser-based / Open Source
Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.
Source: Verizon, 2010 Data Breach Investigations Report
12
Social Media has Changed the Attack Vector
Botnet driven operations--Worm spreads via address replicator--Members trust downloadsMALWARE installed: --Pitches scareware --Steals cookies --Installs Waldac email spamming engine --Installs ZeuS banking Trojan --Carries out click-through fraud
Sample CAPTCHA: smwm
CAPTCHA protection
Memberaccount
Koobface unleashed with help of CAPTCHA breakers
18
1. Ensure Endpoints are Patched & Configured
2. Identify and Remove Known Malware from Endpoints
3. Enforce Application Use Policies
Strategy 1: Ensure Endpoints are Updated
Source:
1 - SANS Institute
21
• The top security priority is “patching client-side software”1
» Streamline patch management and reporting across OS’s AND applications
• Patch and defend is not just a Microsoft issue
» More than 2/3 of today’s vulnerabilities come from non-Microsoft applications
• Enforce policies to standardize and secure endpoint configurations from application risk
» Leverage NIST and OVAL, which provide non-biased vulnerability prioritization information
Adobe Application Support
Adobe Reader
Adobe Flash Player
Adobe Shockwave Player
Adobe Acrobat Pro
Adobe Photoshop
Adobe Air
Adobe InDesign
Lumension has more coverage than any other patch vendor!
22
Manage Online AND Offline Endpoints
Improve operations & reduce power consumption with Wake-On-LAN
• Allow maintenance of systems that are powered down
» Deliver critical patches and updates to offline machines
» Eliminate blind spots in ongoing network maintenance
» Improve your security posture
»Enhanced WOL relay architecture
23
Strategy 2: Identify & Remove Known Malware
•Make sure AV signatures are updated
•Important layer in your approach, but not effective as stand-alone
•Time-tested approach to identify and remove known malware
•Remove any known threats before the endpoint is locked
24
•Traditional AV scanning
•DNA Partial Pattern Recognition
•Exploit Detection
•Sandbox Analysis
25
Methods to Clean Endpoints
Strategy 3: Enforce Application Use Policies
26
Learned(Adaptive)
Allow Known Good; Block Everything Else
Block Known Bad; Allow Everything Else
•Approach to endpoint security must be based on Defense-In-Depth to effectively address targeted and blended threats
» Antivirus shifts to after-the-fact cleanup» Application whitelisting must support change over
time
Gartner Research
Malware
Application Whitelisting
Authorized•Operating Systems•Business Software
Known• Viruses• Worms• Trojans
Unauthorized•Games•iTunes
•Shareware•Unlicensed S/W
Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware
ApplicationsU
n-T
rust
ed
28
•For endpoints to be secure they have to be well managed
» Enforce security policy without disrupting business productivity• IT will be asked to support applications that they don’t own or control
• Balance user’s freedom with IT’s need for control
» Ensure software and endpoints are free of known malware and up-to-date
» Build and maintain the whitelist
Summary
29
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com