Embed Size (px)
Citation preview
Stronger Security and IT Operational Excellence:How to Achieve Both from Your Endpoint Management and Security Suite
Hosted by
*Any* Computing*Any* Computing
• Connecting to critical information• At any time• From any where• On any device
Defining the “Endpoint” Defining the “Endpoint”
• Over the past few years, lots of stuff has
been added to endpoint agents:• Anti-spyware• HIPS• Firewall• Encryption
• 10 lbs of **** in a 2 lb. bag
Endpoint Agent OverloadEndpoint Agent Overload
Problem: ScaleProblem: Scale• Attacks aplenty• Millions of new malware
samples• Automated attack kits
• Financial motives brings
new attackers
• The problem isn’t getting
better
Problem: EffectivenessProblem: Effectiveness
• Detection rates on slippery downward slope
• Today’s attacks are not predictable
• Attacks target different exposures
• Web browsers
• Applications (XSS & CSRF)
Problem: SilosProblem: Silos
Ah No.
Are we more Secure?Are we more Secure?
It’s not working.It’s not working.
So why are endpoint security suites still
a multi-billion dollar business?
Oh crap! The Cloud is coming...Oh crap! The Cloud is coming...
• What happens when data can be
both internal/external?
• Perimeter? Buh Bye.
• Increases focus on the endpoint.
The Answer?The Answer?
• Layered Defenses
• Fundamentals
• Management Leverage
Operating SystemsOperating Systems
• Operating systems are getting more secure (relatively)
• Windows 7, Mac OS X
• Mobile OS lockdown and control (iOS vs. Android)
• But it’s still a lot of code and there will be problems
• Anti-Exploitation Techniques
• Data Execution Prevention (DEP)
• Address Space Layout Randomization (ASLR)
Endpoint Security FundamentalsEndpoint Security Fundamentals• Patch and Update
• Secure Configurations
• HIPS/file integrity
monitoring
• System lockdown
(standard user, GPO,
white listing)
The Continuum of IntegrationThe Continuum of Integration
Visibility vs. ControlVisibility vs. Control
SummarySummary• Endpoint security is not dead, nor is it a panacea
• Agent technologies evolving
• Management silos hurt efficiency and effectiveness
• Defense in depth still critical
• Pay attention to the fundamentals
Securosis LLCMike Rothman
http://securosis.com
Twitter: @securityincite
Paul ZimskiVP of Solution Strategy
Lumension
Challenges of Endpoint Management
21
IT Operations
Challenges
IT Security
» Lack of Common Management Console
» Increasing Agent Bloat
» Increasing and costly back-end Integration
» Lack of visibility and collaboration with IT security
Challenges» Need for better accuracy
» User access rights (Local Admin)
» Lack of Scalability
» Silos and insufficient collaboration between IT and business operations*
Lack of integration across technologies is the #1 IT security
risk.*
*Worldwide State of The Endpoint Report 2009
Consolidate Your Endpoint Security Technologies
• Multiple Consoles• 3-6 different management consoles on average
• Agent Bloat• 3-10 agents* installed per endpoint• Decreased network performance
• Lack of Control• 54% of IT security professionals cite managing
the complexity of security as their #1 challenge• Decreasing visibility-disparate data• Ad-hoc monitoring of security posture
• 43% of existing access rights were either excessive or should have been retired
• Increasing TCO of Point Technologies• Integration & Maintenance
Lumension Global State of The Worldwide Endpoint 2009
22
New Approach to Endpoint Management & Security
Agile Architecture
Best of BreedSolution Capability
Modular Delivery
The Lumension Approach
24
Unified Management Console
25
2009 Integration
Endpoint Operations
Endpoint Security
Compliance
» Role-based workflows
» Consolidated data
» Intuitive web interface
» Central control & visibility
» Operational & strategic reporting
» Improved productivity
25
Modular Agent – Pluggable Enterprise Service Bus
•Single common agent delivers and manages many capabilities via pluggable services
•Provides single, integrated communication mechanism between the agent and the server
•Monitors and secures modules on the endpoint
26
Patch and Remediation
Application Control
Client Transport
SecurityCO
MM
Eve
nt Q
ueue
26
Lumension® Endpoint Management and Security Suite
•Single Endpoint Management solution on a unified platform» Ease of management» Feature extensibility via separately licensed
modules» Integrated endpoint security workflows
•Reduced management overhead» Integrated console» Centralized visibility and control» Single agent architecture
27A
nti
viru
s
Ap
pli
cati
on
Co
ntr
ol
Pat
ch &
Rem
edia
tio
n
Po
wer
Man
agem
ent
n M
od
ule
L.E.M.S.S. Platform
27
Effective and Operational IT Security
SingleConsole
Agile architecture
Single Promotable Agent
Many Consoles
Disparate Architecture
ManyAgents
IT Control Made Simple
• Agile platform architecture
• Leverage existing endpoint technology
• Reduced integration and maintenance costs
• Improved endpoint performance
• More effective endpoint security
Effective but not Efficient
Effective AND Efficient
28
Defense-in-Depth
Patch & Config.Mgmt.
» Address the core IT risk with Patch & Configuration Management
» Stop unwanted / un-trusted change with Application Control
» Protect against insider risk with Device Control
» Deploy a broad defensive perimeter with AntiVirus
» Reduce endpoint complexity with a truly integrated Endpoint Management and Security Suite
29
Lumension Solution Strategy
Endpoint Security
Endpoint Operations
Unified Platform
Endpoint Management & Security
“By 2011, leading enterprise endpoint protection platform (EPP) and PC life cycle management (PCLM) vendors will offer mature integrated security and operations tools. IT organizations should understand the benefits of these tools and develop a strategy for adoption.”
Peter FirstbrookGartner Analyst 2009
30
Lumension® Endpoint Management and Security Suite
• Expanded visibility and control of endpoints - both online and offline
• Heterogeneous O/S support
» Linux (RHEL), Oracle Enterprise Linux, Microsoft, Mac
• Largest 3rd party application vulnerability content support
» Adobe, Microsoft, Apple and more
• Power Management supports custom power policy definition and reporting
• NIST-validated Configuration Management solution
• Mandatory baseline import/export for efficient syndication of baseline polices
Endpoint
Security
End
poin
t O
pera
tions
Endpoint Operations
ManagementLumension® AntiVirus
Lumension® Application Control
Lumension® Device Control
Lumension® Patch and Remediation
Lumension® Configuration Mgmt.
Lumension® Power Management
31
Lumension® Endpoint Management and Security Suite
• Granular policy-based whitelisting, blacklisting and device policy distribution
• Comprehensive discovery of apps, online/offline machines and removable devices
• Proactive protection against Zero-day threats
• Effective malware removal to ensure cleaned system environments
• Integrated workflow across multiple defense layers
• Flexible Trust Engine for change mgmt. across processes, paths, users, vendors
• Encryption to ensure secure data in the event of accidental or malicious data loss
Endpoint
Security
End
poin
t O
pera
tions
Endpoint Security
Lumension® AntiVirus
Lumension® Application Control
Lumension® Device Control
Lumension® Patch and Remediation
Lumension® Configuration Mgmt.
Lumension® Power Management
32
Endpoint
Security
End
poin
t O
pera
tions
Lumension® Endpoint Management and Security Suite
Total Endpoint Management
• Comprehensive solution suite that unifies IT operational and security functions• Delivers a more effective defense-in-depth endpoint security solution• Simplifies endpoint system and agent management through a single console• Centralizes policy management and reporting• Expands operational and security visibility• Reduces technology complexity and integration costs• Flexible and modularly licensed best-of-breed application modules• Scalable and agile single-agent, single-server platform architecture
Lumension® AntiVirus
Lumension® Application Control
Lumension® Device Control
Lumension® Patch and Remediation
Lumension® Configuration Mgmt.
Lumension® Power Management
33
Q&A
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
Attendee Services
• Download a copy of today’s presentation
• Provide your feedback! Please complete our survey
• View our calendar of upcoming events
• A recorded version of this seminar will be available at www.eSeminarsLive.com
Hosted by
