Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
2015 Endpoint and Mobile Security Buyers Guide
1. Presents
2015 Endpoint and Mobile
Security Buyer’s Guide
Mike Rothman, President
mrothman@securosis.com
Twitter: @securityincite
2. About Securosis
• Independent analysts with backgrounds on
both the user and vendor side.
• Focused on deep technical and industry
expertise.
• We like pragmatic.
• We are security guys - that’s all we do.
3.
4. Advanced Malware is Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow their trail.
• But first you need to
understand the kill chain.
http://flic.kr/p/4UPRJ7
9. How customers view
Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not is not
the issue.
• And to be clear, traditional
anti-malware technology
doesn’t work anymore.
http://flic.kr/p/9kC2Q1
10. Adversaries: Better
and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.flickr.com/photos/dzingeek/4587871752/
11. You don’t know what malware is
going to look like...
But you DO know what software
should and should not do.
12. Advanced Protection
Techniques
• Better Heuristics
• Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT,
Outlook)
• “Application HIPS”
• Better Isolation (Sandboxes)
• Browser Isolation
• O/S Isolation (virtualization)
• White Listing (endpoints user experience impact, good for servers)
• Endpoint Activity Monitoring
• Device Forensics
• Retrospective Alerting
18. Configuration Management Technology
Considerations
• Coverage (OS and
apps)
• Discovery
• Supported standards
and benchmarks
• Agent vs. agentless
• Handling remote
devices
• Integration with
operational processes
• Policy exceptions
• Who has the “special
machines?”
19. Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr.com/photos/rave2npg/2667464740/
21. Device Control Technology
Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (small
footprint)
• Hardware keylogger
protection
• Offline support
• Forensics
• Grace periods/User
override
22. Blurring lines between
technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management &
IT Ops
• Device Control with Endpoint
DLP
• Who wants the hot potato?
• Accountability and
organizational complexities
http://www.flickr.com/photos/zen/253267347/
27. Employee-owned devices
• Not just mobile devices
• Selective enforcement/granularity of
policies
• Require Anti-malware?
• Manage Hygiene?
http://www.flickr.com/photos/jennip/8465930151/
28. Management Leverage
• Starts as stand-alone,
eventually bundled in
• Single user experience to
manage hygiene
• Single point to aggregate
endpoint logs
• Cloud or on-prem
management?
https://flic.kr/p/5LVn8X
32. To Cloud or
Not to Cloud
• No server management
• Uptime
• Multi-tenancy: Data
segregation and protection
• User experience
http://www.flickr.com/photos/52859023@N00/644335254
33. Buying Process/
Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Confirm with peer group
• Big vs. small vendor
• Platform vs. pricing leverage
• Research & Intelligence
http://www.flickr.com/photos/jeffanddayna/4081090389/
34. Summary
• Don’t forget about the security
of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app vulnerabilities
• Malware protection remains a
cat/mouse game
• BYOD/Mobility adds another
set of issues to protecting
endpoints
http://www.flickr.com/photos/74571262@N08/6710953053/
35. Read our stuff
• Blog
• http://securosis.com/blog
• Research
• http://securosis.com/research
• We publish (almost) everything for free
• Contribute. Make it better.
re:Privacy
We can simplify the discussion down to the root: whether an app is exploiting a vulnerability or other mechanism to provide unauthorized access to the device (a security issue) or legitimately accessing information it shouldn’t be able to (a privacy issue). But both increase risk to the organization, and, so that risk needs to be understood and managed.
If you choose to centralize security management of both PCs and smartphone/tablet devices, you will want the ability to define roles within the management environment to support your organizational model. If you have personnel detailed to manage only smartphones, they don’t need access to PC management or vice-versa.