When it comes to malware we usually think of workstations and laptops because they are the systems rubbing shoulders with the unwashed masses on the Internet. They are the systems in the hands of clueless end-users (aka “losers” by some of my less reverent colleagues). They are the systems running applications that download, parse and process file formats targeted by attackers such as Office documents, PDFs and image files.
Conventional wisdom says on the other hand that servers are much more isolated from the Internet. Also, servers are in the hands of security-conscious IT pros who refrain from dangerous activities like web browsing, file downloads or opening email. Even that servers don’t have dangerous applications like Office, Adobe Reader, Flash and other workstation applications installed.
But conventional wisdom isn’t accurate. Download this presentation to learn the 4 reasons for why Randy Franklin Smith from UltimateWindowsSecurity says that:
My own findings in recent IT audit engagements
A recent study about DNSChanger
An underground service that sells RDP access to Fortune 500 computers
The infamous lab system
Bot herders love servers because of their high computing power, connectivity and long term availability.
Attackers running APT attacks typically target workstations initially but then attempt to move horizontally through the network from one user and/or system to another until they reach their end target: usually a sensitive information cache on some a server. This is true in highly publicized attacks like the one awhile back on RSA SecurID and more recently with Adobe’s code signing server.
Learn how how application control is an important defense-in-depth measure that can provide detection and prevention of late-stage APT attacks. Lumension will talk briefly how their endpoint security suite addresses these risks.
19. Brought to you by
www.lumension.com
Speaker
Chris Merritt –
20. Defense-in-Depth Security
Keeps Bot Herders
Off Your Servers
Chris Merritt
Director of Solution Marketing
Lumension
source: http://commons.wikimedia.org/wiki/File:Botnet.svg
21. Defense-in-Depth Against Server Threats
Known Unknown Unwanted, Application Config. Physical
Malware Malware Unlicensed, Vulns Vulns Infiltration
Unsupported
Applications
AntiVirus X X
Application
Control X X X
Patch &
Remediation X X
Security
Configuration X
Management
Device
Control X
22. Lumension® Endpoint Management and Security Suite
Total Endpoint Protection
Endpoint Reporting Services
Lumension® Patch and Remediation Lumension® AntiVirus
Endpoint Operations
Endpoint Security
Lumension® Content Wizard Lumension® Application Control
Lumension® Configuration Mgmt. Lumension® Device Control
Lumension® Power Management Lumension® Disk Encryption
Lumension® Endpoint Management Platform
Single Server | Single Console | Scalable Architecture | Single, Modular Agent
23. Lumension® Endpoint Management and Security Suite
Total Endpoint Protection for Servers
Server Reporting Services
Lumension® Patch and Remediation Lumension® AntiVirus
Server Operations
Server Security
Lumension® Content Wizard Lumension® Application Control
Lumension® Configuration Mgmt. Lumension® Device Control
Lumension® Endpoint Management Platform
Single Server | Single Console | Scalable Architecture | Single, Modular Agent
24. Lumension® Patch and Remediation
Comprehensive and Secure Patch Management
Endpoint Operations Provides rapid, accurate and secure patch and
configuration management for applications and
Endpoint Operations
Lumension® Patch and Remediation operating systems:
Lumension® Content Wizard • Comprehensive support for multiple OS types
(Windows, *nix, Apple), native applications, and
Lumension® Configuration Mgmt.
3rd party applications
Lumension® Power Management • Streamline and centralize management of
heterogeneous environments
• Visibility and control of all online or offline endpoints
• Elevate security posture and proactively reduce risk
• Save time and cost through automation
25. Lumension® Content Wizard
Cost-Effectively Streamline Endpoint Management
Endpoint Operations Simple, wizard-based policy creation and
baseline enforcement – without add’l tools:
Endpoint Operations
Lumension® Patch and Remediation
• Patch Creation
Lumension® Content Wizard
• Software Installs and Uninstalls
Lumension® Configuration Mgmt. • Windows Security Policies
Lumension® Power Management • Power Management Policies
• NEW! Windows Firewall Policies
26. Lumension® Security Configuration Mgmt.
Prevent Configuration Drift and Ensure Policy Compliance
Endpoint Operations Ensure that endpoint operating systems and
applications are securely configured and in compliance
Endpoint Operations
Lumension® Patch and Remediation with industry best practices and regulatory standards:
Lumension® Content Wizard • Security Configuration Management
• Out-of-the-box Checklist Templates
Lumension® Configuration Mgmt.
• NIST Validated Solution
Lumension® Power Management • Continuous Policy Assessment and Enforcement
• Based on Open Standards for Easy Customization
• Security Configuration and Posture Reporting
27. Lumension® AntiVirus
Multilayered Protection Against Malware
Based on proven technology from industry Endpoint Security
leader providing complete protection
against known and unknown malware Lumension® AntiVirus
Endpoint Security
including viruses, worms, Trojans, spyware, Lumension® Application Control
adware and more
Lumension® Device Control
Includes a breadth of analysis techniques
from traditional signature matching to Lumension® Disk Encryption
behavioral analysis to effectively protect
against zero-day and evolving threats:
• Antivirus (AV) protection (full signature
matching)
• DNA Matching (partial signature matching)
• SandBox (behavioral analysis in an emulated
environment)
• Exploit Detection (find hidden/embedded
malware)
VB100 certified by VirusBulletin
2
28. Lumension® Application Contro
Proactive Protection Against Malware and More
Effective Endpoint Security: Block known Endpoint Security
and unknown malware without
signatures, and prevent exploitation of Lumension® AntiVirus
Endpoint Security
application / configuration vulnerabilities Lumension® Application Control
Control the Unwanted: Real-time view of Lumension® Device Control
all application inventory, ensuring only
approved software is allowed to run, and Lumension® Disk Encryption
denying / removing all unwanted
applications
Control the Unknown: Enforce, log and
audit all endpoint application change while
controlling end-users with Local Admin
rights
Flexible and Easy-To-Use: Unified
solution workflow via single console with
flexible trusted change management policy
29. Lumension® Device Control
Policy-Based Data Protection and Encryption
Protect Data from Loss or Theft: Endpoint Security
Centrally enforce usage policies of all
endpoint ports and for all removable Lumension® AntiVirus
Endpoint Security
devices / media. Lumension® Application Control
Increase Data Security: Define forced Lumension® Device Control
encryption policy for data flows onto
removable devices / media. Flexible Lumension® Disk Encryption
exception management.
Improve Compliance: Centrally encrypt
removable devices / media to ensure data
cannot be accessed if they are lost or
stolen.
Continuous Audit Readiness: Monitor all
device usage and data transfers. Track all
transferred files and content. Report on all
data policy compliance and violations.
30. Next Steps
Free Tools
http://www.lumension.com/Resources/Premium-Security-Tools.aspx
Application Scanner – see what applications are running on your servers
Device Scanner – see what removable devices are being used
Vulnerability Scanner – see what your OS / application risks are
Whitepapers
Endpoint Management and Security Buyers Guide
• http://www.lumension.com/Resources/WhitePapers/
Endpoint-Management-and-Security-Buyers-Guide.aspx
Free Evaluation
http://www.lumension.com/
endpoint-management-security-suite/free-trial.aspx
30