SlideShare ist ein Scribd-Unternehmen logo

Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers

Als PPTX, PDF herunterladen
Lumension
Lumension

When it comes to malware we usually think of workstations and laptops because they are the systems rubbing shoulders with the unwashed masses on the Internet. They are the systems in the hands of clueless end-users (aka “losers” by some of my less reverent colleagues). They are the systems running applications that download, parse and process file formats targeted by attackers such as Office documents, PDFs and image files. Conventional wisdom says on the other hand that servers are much more isolated from the Internet. Also, servers are in the hands of security-conscious IT pros who refrain from dangerous activities like web browsing, file downloads or opening email. Even that servers don’t have dangerous applications like Office, Adobe Reader, Flash and other workstation applications installed. But conventional wisdom isn’t accurate. Download this presentation to learn the 4 reasons for why Randy Franklin Smith from UltimateWindowsSecurity says that: My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers The infamous lab system Bot herders love servers because of their high computing power, connectivity and long term availability. Attackers running APT attacks typically target workstations initially but then attempt to move horizontally through the network from one user and/or system to another until they reach their end target: usually a sensitive information cache on some a server. This is true in highly publicized attacks like the one awhile back on RSA SecurID and more recently with Adobe’s code signing server. Learn how how application control is an important defense-in-depth measure that can provide detection and prevention of late-stage APT attacks. Lumension will talk briefly how their endpoint security suite addresses these risks.

Technologie
1 von 31
Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers © 2012 Monterey Technology Group Inc.
Brought to you by www.lumension.com Speaker  Chris Merritt –
Preview of Key Points Malware isn’t just a workstation problem The facts Protecting servers with defense-in-depth © 2012 Monterey Technology Group Inc.
Malware isn’t just a Workstation Problem My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers © 2012 Monterey Technology Group Inc.
My own findings in recent IT audit engagements  Finding servers with “workstation” software  Acrobat  Flash  Adobe Air  Office  Babylon © 2012 Monterey Technology Group Inc.
My own findings in recent IT audit engagements  Finding servers with “workstation” software  Lab systems  Development environments  Un-firewalled systems on internal network © 2012 Monterey Technology Group Inc.
A recent study about DNSChanger Krebs on security http://tinyurl.com/d45q9hj “More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and … at nearly 50 percent of all federal government agencies, new research shows.” This included servers © 2012 Monterey Technology Group Inc.
An underground service that sells RDP access to Fortune 500 computers Service Sells Access to Fortune 500 Firms by Brian Krebs (http://krebsonsecurity.com/2012/10/service- sells-access-to-fortune-500-firms/) Russians selling access to private company servers in just $4 by Mohit Kumar (http://thehackernews.com/2012/10/russians- selling-access-to-private.html) © 2012 Monterey Technology Group Inc.
Fact Malware isn’t just a workstation problem Additional layers of defense are needed beyond just AV © 2012 Monterey Technology Group Inc.
Protecting Servers with Defense-in-Depth © 2012 Monterey Technology Group Inc.
Written policy Acceptable reasons to logon interactively Prohibited activities Browsing internet Downloading files Opening files from Internet except software vetted for that server Installing any software except necessary for server’s role © 2012 Monterey Technology Group Inc.
Use of jump boxes Reduce # of systems that anyone logs onto interactively Set up “jump boxes” Terminal Services All MMC snap-ins Restrict “Logon via remote desktop” user right Firewall Alert on interactive logons • Event ID 4624 with Logon type 10 or 2 © 2012 Monterey Technology Group Inc.
Monitoring New service Event IDs 4697 New process Event IDs 4688 Take into account maintenance windows © 2012 Monterey Technology Group Inc.
Attack surface Vulnerability scan Any unnecessary features installed/activated? Unnecessary apps Firewall rules © 2012 Monterey Technology Group Inc.
Centralized patch management 2 high profile software vendors automatic update infrastructures compromised Microsoft Adobe Don’t allow any systems, especially servers to automatically install software that appears to have come from vendor Control what goes on your systems © 2012 Monterey Technology Group Inc.
Application inventory Find out what is running on your servers Lumension free application scanner Query security log for new process events and normalize logparser "select distinct EXTRACT_TOKEN(Strings, 5, '|') into progs.txt from security where EventID=4688" -i evt -o tsv Important part of attack surface reduction © 2012 Monterey Technology Group Inc.
Application control Take centralized control of what runs on your servers Application whitelisting is the single most direct and effective way to keep unwanted software off trusted systems Especially effective against lateral movement End user workstation -> admin -> server Even more so on systems where preceedings cannot be fully implemented © 2012 Monterey Technology Group Inc.
Application control AppLocker only appropriate for large fleets of 100% identical systems Most workstations don’t fit that profile Definitely not servers Intelligent whitelisting much different than traditional whitelisting like AppLocker © 2012 Monterey Technology Group Inc.
Brought to you by www.lumension.com Speaker  Chris Merritt –
Defense-in-Depth Security Keeps Bot Herders Off Your Servers Chris Merritt Director of Solution Marketing Lumension source: http://commons.wikimedia.org/wiki/File:Botnet.svg
Defense-in-Depth Against Server Threats Known Unknown Unwanted, Application Config. Physical Malware Malware Unlicensed, Vulns Vulns Infiltration Unsupported Applications AntiVirus X X Application Control X X X Patch & Remediation X X Security Configuration X Management Device Control X
Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
Lumension® Endpoint Management and Security Suite Total Endpoint Protection for Servers Server Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Server Operations Server Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations  Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types (Windows, *nix, Apple), native applications, and Lumension® Configuration Mgmt. 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation
Lumension® Content Wizard Cost-Effectively Streamline Endpoint Management Endpoint Operations  Simple, wizard-based policy creation and baseline enforcement – without add’l tools: Endpoint Operations Lumension® Patch and Remediation • Patch Creation Lumension® Content Wizard • Software Installs and Uninstalls Lumension® Configuration Mgmt. • Windows Security Policies Lumension® Power Management • Power Management Policies • NEW! Windows Firewall Policies
Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations  Ensure that endpoint operating systems and applications are securely configured and in compliance Endpoint Operations Lumension® Patch and Remediation with industry best practices and regulatory standards: Lumension® Content Wizard • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Configuration Mgmt. • NIST Validated Solution Lumension® Power Management • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting
Lumension® AntiVirus Multilayered Protection Against Malware  Based on proven technology from industry Endpoint Security leader providing complete protection against known and unknown malware Lumension® AntiVirus Endpoint Security including viruses, worms, Trojans, spyware, Lumension® Application Control adware and more Lumension® Device Control  Includes a breadth of analysis techniques from traditional signature matching to Lumension® Disk Encryption behavioral analysis to effectively protect against zero-day and evolving threats: • Antivirus (AV) protection (full signature matching) • DNA Matching (partial signature matching) • SandBox (behavioral analysis in an emulated environment) • Exploit Detection (find hidden/embedded malware)  VB100 certified by VirusBulletin 2
Lumension® Application Contro Proactive Protection Against Malware and More  Effective Endpoint Security: Block known Endpoint Security and unknown malware without signatures, and prevent exploitation of Lumension® AntiVirus Endpoint Security application / configuration vulnerabilities Lumension® Application Control  Control the Unwanted: Real-time view of Lumension® Device Control all application inventory, ensuring only approved software is allowed to run, and Lumension® Disk Encryption denying / removing all unwanted applications  Control the Unknown: Enforce, log and audit all endpoint application change while controlling end-users with Local Admin rights  Flexible and Easy-To-Use: Unified solution workflow via single console with flexible trusted change management policy
Lumension® Device Control Policy-Based Data Protection and Encryption  Protect Data from Loss or Theft: Endpoint Security Centrally enforce usage policies of all endpoint ports and for all removable Lumension® AntiVirus Endpoint Security devices / media. Lumension® Application Control  Increase Data Security: Define forced Lumension® Device Control encryption policy for data flows onto removable devices / media. Flexible Lumension® Disk Encryption exception management.  Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.  Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.
Next Steps Free Tools  http://www.lumension.com/Resources/Premium-Security-Tools.aspx  Application Scanner – see what applications are running on your servers  Device Scanner – see what removable devices are being used  Vulnerability Scanner – see what your OS / application risks are Whitepapers  Endpoint Management and Security Buyers Guide • http://www.lumension.com/Resources/WhitePapers/ Endpoint-Management-and-Security-Buyers-Guide.aspx Free Evaluation  http://www.lumension.com/ endpoint-management-security-suite/free-trial.aspx 30
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com

Empfohlen

Ejemplos de Posteos
Ejemplos de PosteosEjemplos de Posteos
Ejemplos de PosteosSandra Gonzalez
 
Scrum Overview
Scrum OverviewScrum Overview
Scrum OverviewConstantine Mars
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 

Empfohlen

Ejemplos de Posteos
Ejemplos de PosteosEjemplos de Posteos
Ejemplos de PosteosSandra Gonzalez
 
Scrum Overview
Scrum OverviewScrum Overview
Scrum OverviewConstantine Mars
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Lumension
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityLumension
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Weitere ähnliche Inhalte

Mehr von Lumension

Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Lumension
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityLumension
 

Mehr von Lumension (20)

Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You.
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
 

Kürzlich hochgeladen

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Kürzlich hochgeladen (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers

  • 1. Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers © 2012 Monterey Technology Group Inc.
  • 2. Brought to you by www.lumension.com Speaker  Chris Merritt –
  • 3. Preview of Key Points Malware isn’t just a workstation problem The facts Protecting servers with defense-in-depth © 2012 Monterey Technology Group Inc.
  • 4. Malware isn’t just a Workstation Problem My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers © 2012 Monterey Technology Group Inc.
  • 5. My own findings in recent IT audit engagements  Finding servers with “workstation” software  Acrobat  Flash  Adobe Air  Office  Babylon © 2012 Monterey Technology Group Inc.
  • 6. My own findings in recent IT audit engagements  Finding servers with “workstation” software  Lab systems  Development environments  Un-firewalled systems on internal network © 2012 Monterey Technology Group Inc.
  • 7. A recent study about DNSChanger Krebs on security http://tinyurl.com/d45q9hj “More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and … at nearly 50 percent of all federal government agencies, new research shows.” This included servers © 2012 Monterey Technology Group Inc.
  • 8. An underground service that sells RDP access to Fortune 500 computers Service Sells Access to Fortune 500 Firms by Brian Krebs (http://krebsonsecurity.com/2012/10/service- sells-access-to-fortune-500-firms/) Russians selling access to private company servers in just $4 by Mohit Kumar (http://thehackernews.com/2012/10/russians- selling-access-to-private.html) © 2012 Monterey Technology Group Inc.
  • 9. Fact Malware isn’t just a workstation problem Additional layers of defense are needed beyond just AV © 2012 Monterey Technology Group Inc.
  • 10. Protecting Servers with Defense-in-Depth © 2012 Monterey Technology Group Inc.
  • 11. Written policy Acceptable reasons to logon interactively Prohibited activities Browsing internet Downloading files Opening files from Internet except software vetted for that server Installing any software except necessary for server’s role © 2012 Monterey Technology Group Inc.
  • 12. Use of jump boxes Reduce # of systems that anyone logs onto interactively Set up “jump boxes” Terminal Services All MMC snap-ins Restrict “Logon via remote desktop” user right Firewall Alert on interactive logons • Event ID 4624 with Logon type 10 or 2 © 2012 Monterey Technology Group Inc.
  • 13. Monitoring New service Event IDs 4697 New process Event IDs 4688 Take into account maintenance windows © 2012 Monterey Technology Group Inc.
  • 14. Attack surface Vulnerability scan Any unnecessary features installed/activated? Unnecessary apps Firewall rules © 2012 Monterey Technology Group Inc.
  • 15. Centralized patch management 2 high profile software vendors automatic update infrastructures compromised Microsoft Adobe Don’t allow any systems, especially servers to automatically install software that appears to have come from vendor Control what goes on your systems © 2012 Monterey Technology Group Inc.
  • 16. Application inventory Find out what is running on your servers Lumension free application scanner Query security log for new process events and normalize logparser "select distinct EXTRACT_TOKEN(Strings, 5, '|') into progs.txt from security where EventID=4688" -i evt -o tsv Important part of attack surface reduction © 2012 Monterey Technology Group Inc.
  • 17. Application control Take centralized control of what runs on your servers Application whitelisting is the single most direct and effective way to keep unwanted software off trusted systems Especially effective against lateral movement End user workstation -> admin -> server Even more so on systems where preceedings cannot be fully implemented © 2012 Monterey Technology Group Inc.
  • 18. Application control AppLocker only appropriate for large fleets of 100% identical systems Most workstations don’t fit that profile Definitely not servers Intelligent whitelisting much different than traditional whitelisting like AppLocker © 2012 Monterey Technology Group Inc.
  • 19. Brought to you by www.lumension.com Speaker  Chris Merritt –
  • 20. Defense-in-Depth Security Keeps Bot Herders Off Your Servers Chris Merritt Director of Solution Marketing Lumension source: http://commons.wikimedia.org/wiki/File:Botnet.svg
  • 21. Defense-in-Depth Against Server Threats Known Unknown Unwanted, Application Config. Physical Malware Malware Unlicensed, Vulns Vulns Infiltration Unsupported Applications AntiVirus X X Application Control X X X Patch & Remediation X X Security Configuration X Management Device Control X
  • 22. Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
  • 23. Lumension® Endpoint Management and Security Suite Total Endpoint Protection for Servers Server Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Server Operations Server Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
  • 24. Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations  Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types (Windows, *nix, Apple), native applications, and Lumension® Configuration Mgmt. 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation
  • 25. Lumension® Content Wizard Cost-Effectively Streamline Endpoint Management Endpoint Operations  Simple, wizard-based policy creation and baseline enforcement – without add’l tools: Endpoint Operations Lumension® Patch and Remediation • Patch Creation Lumension® Content Wizard • Software Installs and Uninstalls Lumension® Configuration Mgmt. • Windows Security Policies Lumension® Power Management • Power Management Policies • NEW! Windows Firewall Policies
  • 26. Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations  Ensure that endpoint operating systems and applications are securely configured and in compliance Endpoint Operations Lumension® Patch and Remediation with industry best practices and regulatory standards: Lumension® Content Wizard • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Configuration Mgmt. • NIST Validated Solution Lumension® Power Management • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting
  • 27. Lumension® AntiVirus Multilayered Protection Against Malware  Based on proven technology from industry Endpoint Security leader providing complete protection against known and unknown malware Lumension® AntiVirus Endpoint Security including viruses, worms, Trojans, spyware, Lumension® Application Control adware and more Lumension® Device Control  Includes a breadth of analysis techniques from traditional signature matching to Lumension® Disk Encryption behavioral analysis to effectively protect against zero-day and evolving threats: • Antivirus (AV) protection (full signature matching) • DNA Matching (partial signature matching) • SandBox (behavioral analysis in an emulated environment) • Exploit Detection (find hidden/embedded malware)  VB100 certified by VirusBulletin 2
  • 28. Lumension® Application Contro Proactive Protection Against Malware and More  Effective Endpoint Security: Block known Endpoint Security and unknown malware without signatures, and prevent exploitation of Lumension® AntiVirus Endpoint Security application / configuration vulnerabilities Lumension® Application Control  Control the Unwanted: Real-time view of Lumension® Device Control all application inventory, ensuring only approved software is allowed to run, and Lumension® Disk Encryption denying / removing all unwanted applications  Control the Unknown: Enforce, log and audit all endpoint application change while controlling end-users with Local Admin rights  Flexible and Easy-To-Use: Unified solution workflow via single console with flexible trusted change management policy
  • 29. Lumension® Device Control Policy-Based Data Protection and Encryption  Protect Data from Loss or Theft: Endpoint Security Centrally enforce usage policies of all endpoint ports and for all removable Lumension® AntiVirus Endpoint Security devices / media. Lumension® Application Control  Increase Data Security: Define forced Lumension® Device Control encryption policy for data flows onto removable devices / media. Flexible Lumension® Disk Encryption exception management.  Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.  Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.
  • 30. Next Steps Free Tools  http://www.lumension.com/Resources/Premium-Security-Tools.aspx  Application Scanner – see what applications are running on your servers  Device Scanner – see what removable devices are being used  Vulnerability Scanner – see what your OS / application risks are Whitepapers  Endpoint Management and Security Buyers Guide • http://www.lumension.com/Resources/WhitePapers/ Endpoint-Management-and-Security-Buyers-Guide.aspx Free Evaluation  http://www.lumension.com/ endpoint-management-security-suite/free-trial.aspx 30
  • 31. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com