Protecting endpoints from targeted attacks

®

Protecting endpoints from targeted attacks.Forrester / Dell / AppSense

®

Every company is becoming an IT company they’re just focused on

different verticals.” John Chambers, Cisco

= Huge attack surface

Today’s Session

Security, user experience & visibility State of threats and security

and the need to “think different”

Two domains: Managed endpoints and unmanaged endpoints

5 design principles for an effective endpoint security strategy

How VDI plays a big role in security and security plays a big role in VDI

Thin clients’ natural malware resistance

Presenters

Chris Sherman, AnalystSecurity and Risk

Dan O’Farrell, Sr. Director of Product Marketing,Cloud Computing

Bassam Khan, VP of Product Marketing

© 2015 Forrester Research, Inc. Reproduction Prohibited

Five Steps To Protect Your Endpoints From Targeted AttacksChris Sherman, AnalystMay 2015

© 2015 Forrester Research, Inc. Reproduction Prohibited 6

Orgs will continue to struggle with 0-Day malware through 2015

Q1 2

010

Q2 2

010

Q3 2

010

Q4 2

010

Q1 2

011

Q2 2

011

Q3 2

011

Q4 2

011

Q1 2

012

Q2 2

012

Q3 2

012

Q4 2

012

Q1 2

013

Q2 2

013

Q3 2

013

Q4 2

013

Q1 2

014

Q2 2

014

Q3 2

014

Q4 2

0140

10

20

30

40

50

60

Unique Variants of Malware Per Quarter

Var

ien

ts (

in M

illi

on

s)

600,000 new malware variants/day!Source: McAfee Threats Report: First Quarter 2015


Orgs will continue to struggle with targeted attacks

Publicly reported cyber incidents and breaches in the US

Source: Cyberfactors, LLC

© 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 8

The Golden Age Of Hacking Continues


Other

Don't Know

Lost/stolen asset (e.g., smartphone, tablet, laptop, external hard drive, USB flash drive, etc)

Internal incident within a business partner/third party supplier’s organization

Internal incident within our organization

External attack targeting a business partner/third-party supplier

External attack targeting our organization

1%

7%

23%

24%

49%

33%

39%

“What were the most common ways in which the breach(es) occurred in the past 12 months?”

Source: Forrester BT Security Survey, Q3 2014

Base: 457 North American and European IT security executives and technology decision makers whose firms had experienced a breach in the past 12 months

Thieves go for the gold: PII and IP

Data breaches have led to 330,000,000 lost records in 2014 alone*

*Cyberfactors, LLC

© 2015 Forrester Research, Inc. Reproduction Prohibited© 2014 Forrester Research, Inc. Reproduction Prohibited 10

Breach Costs Will Continue To Increase In 2015

› Average total cost: $3.5 million

› Up 15% from 2013

› Each lost record cost $136

› Up 9% from 2013


This Much Is Clear: Traditional Endpoint Security Tools Are Failing And Will Continue To Fail Through 2015


An Ongoing Anti-Malware Technology Arms Race

Signature

based detecti

on

Encrypted

payloads

Decryptor

matching/pas

sive heurist

ics

Polymorphic code

Active heuristics/sandboxin

g

Sandbox

evasion

techniques

Sandbox

hardening

Self-directe

d (metamorphi

c) code

Runtime

behavior

detection

Further

obfuscation techniques/signed

binaries/beha

vior rando

mization

An

ti-m

alw

are

Eff

ecti

ven

ess

Time

Reactive


The 90’s called, they want their endpoint security strategy backDespite…

Anti-Virus Application

Whitelisting

80%

52%48%

54% reporting frequent

attacks involving software

vulnerabilities

92% reporting rising

operation costs involving

malware

Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey

Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2014

…Many organizations still

rely heavily on antivirus.

A New Approach Is

Needed!

48%

Application

Priv. Mgmt.

52% 48%

Application

Sandboxing


We are hyper focused on the WRONG things


Organizations Must Refocus Their Endpoint Security Strategies In 2015


Do a better job of endpoint protection.

Managed endpoints

Unmanagedendpoints

Your Challenges are Twofold

Protect your data and operations without owning the assets!


Five design principles for an effective endpoint security strategy

Get your house in

order (managed endpoints)

Focus on data (unmanaged endpoints)

Think thin, think cloud (combined)

Zero trust

(combined)

Eye in the sky

(combined)


Principle No. 1: Get your house in order –attack surface reduction

This completes 75% of the work.

Exercise application control. • Limit Firefox, Opera, and QuickTime

• Options include application whitelisting, execution isolation, privilege management

• Weigh the pros and cons of each form of app control

Disable Java in web browsers.

Deploy the Enhanced Mitigation Experience Toolkit.

While you are at it:

• Eliminate superfluous applications from your environment.


Get your house in order — manage your vulnerabilitiesYou need an intelligent patch management system.


Get your house in order (Summary)An effective endpoint security strategy must:

Start with managing vulnerabilities.

• Leverage a patch management solution which supports 3rd party applications

• Focus on vulnerabilities with an existing exploit

• Patch it well, and patch it early.

Reduce attack surface through some form of application control.

• Figure out which risky applications you don’t need, and eliminate them.

• Policy-driven solutions require less effort (ex. trusted publisher, vendor signature, application category, etc)

• Build a good exception-handling workflow.

Augment with antimalware.

• A layered defense = best for security

• Measure solutions based on zero-day effectiveness


Enter unmanaged devices…


Principle No. 2: Focus on the data, not infrastructureDecouple data and threat protection from the infrastructure

• Build security capabilities into the application.

• E.g., encryption in the application

• E.g., threat detection in the application

• Malware

• Fraud

• Jailbreak

Application

DataFortifying this


Principle No. 3: Think Thin, Think Cloud

• If possible:• Thin client

• Thin device

• Process centrally, present locally

• Leverage on cloud delivery and scaling

• Requires connection

• High Server-side operational load

• Endpoint security tools still required


Principle No. 4: Zero Trust• Authentication is always contextual:

› Location, environment, and malware detection . . . all factor into authentication/authorization.

• Authorization to access services must be evaluated dynamically

• Trust is derived and verified, never assumed


Principle No. 5: Eye In The Sky

• Provides intelligence to focus on the right things

• Monitor and control data flows across logical security boundaries

• Requires data classification

• Increased situational awareness

Unmanaged devices, infrastructure

Managed devices


Principle No. 5: Eye In The Sky (Cont’d)

› Endpoint Visibility & Control (EVC) provides detailed visibility into activity occurring on the endpoint:

• Process executions

• Application/file/registry modifications

• Network activity

• Active memory

• Kernel-driver activity

› Some provide containment


Recommendations

1. Implement meaningful app control

2. Run a targeted patch program

3. Deploy recommended practices (DEP, EMET)

4. Improve authentication measures

5. Integrate network and endpoint security controls where possible; aim for increased visibility

<12 months


Recommendations

1. Continue to shift focus to unmanaged or lightly managed endpoints

2. Decouple protection from device and infrastructure

3. Think thin, think cloud

4. Toss your trust assumptions

5. Maintain a high level of visibility over your endpoints and data

1-3 years


#ageofthecustomer

Chris [email protected]

@ChrisShermanFR

mailto:[email protected]

Cloud client-computingThe ultimate secure, manageable and reliable end to end virtual desktop solutions.

Cloud client-computing• Dell - Internal Use - Confidential

Deliver nearly any desktop app to any user on any deviceMove your desktops to the cloud and:

Empower the workforceEnable BYOD, deliver securely to any device, enhance user collaboration

Optimize IT resourcesReduce IT resources, scale and speed deployment

Improve securityControl data, recover from disasters, apply policies, comply with regulations, and monitor risk

Manage costsMonitor and optimize total cost of ownership, achieve greater utilization from infrastructure assets, reduce energy use


Highly-regulated industries were first to embrace this model to increase security and reduce costs


Solutions that scale with your needs

Specialized appliances

Reduced TCORapid deployment

Easy installation

Your choice of datacenter hardware with…

…your choice of pre-tested software options

Wyse Datacenter

Towers with local storage

VRTX (new form factors)

Full racks with modular options


Wyse Clients

Industry-leading thin clients

Secure the most secure thin

clients on the planet

Versatile tailored clients for Citrix, VMware, and Microsoft

Powerful handle demanding tasks from video editing to 3D

modeling

Connected support a broad range of

peripherals

Desktop All-in-one Mobile Ultra mobile

Dell offers the most extensive selection of secure, easy-to-manage thin and zero clients to suit your budget, application, and performance needs.


See for yourself - next steps

More information

On the web: Dell.com/wyse

Schedule a demo

Work with your sales representative to schedule a demo.Access a range of demos, including Dell Enterprise Solutions, Dell DaaS, Dell DVS Simplified Appliance and others. Learn More

Engage the experts

Engage with your cloud client-computing sales specialist early in the pursuit.Leverage the knowledge of Dell's desktop virtualization experts.

a demo at a Dell Solution Center

View

Dell IT Consulting to assess your needs

Engage

an Executive Briefing on cloud client-computing

strategy

Schedule

https://demos.dell.com/

https://demos.dell.com/

Backup

•Thank You

®

We believe you canmanage and secure

while providing agreat user

experience

It’s Not Only About Security Needs

Endpoint manageabilityLicense controlProfile management

Simple Desktop IT Administration

Ransomware, phishing, social engineering

Unnecessary privilegesAudit & Compliance

Effective Endpoint Security

PerformanceFlexibility & control

Consistency

Excellent User Experience

The most comprehensive UEM platform.

PersonalizationEnvironment Manager™

SecurityApplication Manager™

Managed dataDataNow™

AppSense management

Management Center™

Endpoint analyticsInsight™

Optimal capacity & responsiveness

Performance Manager™

AppSense

AppSense

AppSense AppSense

AppSense

AppSense

®

Personalizatio

n

Policy

Privileges

Performance

Data

Analytics

Personalizatio

n

Policy

Privileges

Performance

Data Access

Analytics

®

®

EndpointAnalytics

Demo

®®

AppSense User-First SecuritySecure, manageable, great user experience

Privilege ManagementLeast privileges with just in time

self-elevation

Application ControlManageability & security through

Trusted Ownership™

AnalyticsVisibility into what’s really

going on

®

Global UEM LeaderFounded in 1999 to help customersdeliver a great user experience.

• 3400+ customers

• 7.5M+ endpoints

• 400+ employees

AppSense Global HQ in Sunnyvale, California

Manchester | Reading | Munich

Amsterdam | Paris | Melbourne

Sydney | NYC | Sunnyvale | Raleigh

10 GLOBAL LOCATIONS

®

Question &Answer

®

Thank you!

For more information, visit www.appsense.com or email

[email protected]