SlideShare ist ein Scribd-Unternehmen logo

New Malware Signature Every ½ Second – Is Your AV Keeping Up?

Als PPTX, PDF herunterladen
Lumension
Lumension

So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary driver for increasing IT operating expenses, and 58% of them are experiencing more than 25 malware incidents every month. It’s time to put aside yesterday’s assumptions about malware, and prepare for modern antimalware combat. In this presentation we’ll look at current malware warfare – and how you can implement defensive strategies to protect your organization. Along the way, we’ll look at some very recent survey results from more than 900 IT professionals – 91% of whom believe AV is ‘very’ or ‘extremely’ important to protecting their network, despite seeing malware incidents continue to rise.

Technologie
1 von 37
The Real World of IT Security – Insight From a Survey of Business Aaron C. Goldberg July 2013
Interactivity Tips 1. Ask A Question 2. Download a PDF copy of today’s presentation 3. Social Networking Tools
Key Discussion Points • The IT Security landscape • Identifying the concerns • The reliance on Anti-Virus • The barriers to increased levels of IT security
About the Survey • How many • When • How was it done
Today’s IT Security Landscape • Biggest areas of IT security concern • Threat impact • Protection in use for endpoints • Protection in use for servers
Key Concerns for IT Security 0% 5% 10% 15% 20% 25% Operatingsystem layerattacks Applicationlayer attacks USBdeviceattacks Unwantedapplication installation Memory-based attacks Phishing Zero-dayattacks AdvancedPersistent Threats(i.e.using… OTHER Noneoftheabove
Impact of Threats Malware Incidents Per Month 0% 10% 20% 30% 40% 50% 60% 70% 5-10 10-20 20-30 30-40 40+
Protection In Use At Endpoints 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Applicationcontrol/ whitelistings Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrivesecurity Webfiltering Datalossprevention OTHER Noneoftheabove
Protection Installed for Servers 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Application control/whitelisting Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrive(security) Webfiltering Accesscontroltechnologies OTHER Noneoftheabove
Focusing on Anti-Virus • Most common security tool • Viruses seem to be the single most prominent threat mentioned in the general press • Developed when viruses were the vast majority of threats, but that’s no longer true • Yet reliance is still there
How Important Do You Believe Anti- Virus is to Protect Your Network 0% 10% 20% 30% 40% 50% 60% 70% Extremely important Very important Somewhat important Not very important Not important at all
The Barriers to Increased IT Security • This is one aspect of IT where the trade-off of dollars vs. risk is most apparent • The lack of a “finish line” makes it hard to know what investment is enough • Different industries have different needs
What Prevents You From Deploying Additional Security Layers 0% 10% 20% 30% 40% 50% 60% Budgetconstraints Laborconstraints Performanceimpacts (Bandwidth/hardware constraints) Ourenvironmentis adequatelyprotected withoutthem Unsure OTHER
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Antivirus: Required but not Sufficient
New Threat Landscape
New Malware in 2013 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
New Malware in 2013 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION 2012 Avg ≈ 2.8M / mo. 2013 YTD Avg ≈ 5.5M / mo.
Total Malware Growth 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Total Malware Growth 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION ~50% increase
20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION APT / Targeted Attacks Ponemon Research: 2013 State of the Endpoint ISACA Research: Advanced Persistent Threats Are Real » 93.6% feel APTs are a serious threat » 63% think it is only a matter of time » 79% feel this is the largest gap in APT prevention » 1 in 5 have experienced an APT attack 47% 36% 36% 24% 24% 22% 23% 13% Figure 4: IT security risks of most concern since 2010 More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012 Increased use of mobile platforms Advanced persistent threats Intrusion and data loss within a virtual environment 2012 2011 2010 * This choice was not available in all fiscal years *
New Threat Landscape The Endpoint is the New Attack Vector 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Browser, Apps and OS all have known vulnerabilities • 2/3 of all apps have known vulnerabilities • Time-to-Patch with change control is long, resulting in a lack of security and visibility Rogue USB • Transport method for injecting malware (e.g., Conficker, Stuxnet) • Easiest and most common means of data loss / theft Virus / Malware • Best capture rate for day one with AV is 33%. After 30 days it is 93% • 70,000 pieces of malware a month remain undetected
Safeguarding Your Environment
Defense-in-Depth Strategy PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Successful risk mitigation requires a layered defensive strategy which includes: » Patch Management » Configuration Control » Application Whitelisting » Memory Protection » Data Encryption » Port / Device Control » Antivirus Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 23
Defense-in-Depth – AV PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Stops “background noise” malware » May detect reused or “hidden “code » Will eventually clean payloads after they are discovered – prevents spreading to less protected machines Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 24
Defense-in-Depth – Port / Device Control PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Can prevent unauthorized devices from delivering payloads » Can stop specific file types from being copied to host machines » Stops common delivery vector for evading extensive physical and technical security controls Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 25
Defense-in-Depth – Encryption PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Protects data; stops leakage; etc. » Makes lateral data acquisition more difficult for APTs / targeted attacks » Required by almost all regulations Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 26
Defense-in-Depth – App Whitelisting PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Extremely effective against zero-day attacks » Stops unknown, targeted malware payloads » Low performance impact on endpoints » Prevents sophisticated memory injection attacks which bypass file system Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 27
Defense-in-Depth – Patch / Config Mgmt PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Eliminates the attackable surface area that hackers can target, including OS and 3rd party apps across multiple platforms » Centralizes configuration and enforcement of native desktop firewalls and other security settings Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 28
Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Many Consoles Disparate Architecture Many Agents 29
Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Solution • Single, Extensible Platform » Reduce the number of endpoint agents, servers, consoles in use » Improve visibility and control over endpoints » Reduce learning curve, free up network resources and improve IT productivity / resources » Leverage existing organizational structures across solutions and reduce data silos Single Console Agile n-Tier Pluggable Architecture Single Promotable Agent 30
Overcoming Barriers
Tolly Study: Clients 32 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Tolly Study: Servers 33 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
True Cost of Malware • Acquisition Costs » Licensing (license cost, maintenance, support) » Installation (HW / SW, roll-out, other) • Operational Costs » System Managemenet » Incident Management (help desk, escalation, re-imaging) » Lost Productivity • Does not include extraordinary costs, such as a data breach Operational (60~80%) Acquistion (20~40%) 34 http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
More Information • Free Security Scanner Tools » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx • Think Before You Renew Your AV http://www.lumension.com/rethink-av 35
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com
37 • Download a copy of today’s slides • Provide your feedback! Please complete our survey. • A recorded version of this seminar will be available at www.eSeminarsLive.com • View a calendar of our Upcoming Events Attendee Services

Empfohlen

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 

Empfohlen

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Weitere ähnliche Inhalte

Mehr von Lumension

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 

Mehr von Lumension (20)

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 

Kürzlich hochgeladen

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

New Malware Signature Every ½ Second – Is Your AV Keeping Up?

  • 1. The Real World of IT Security – Insight From a Survey of Business Aaron C. Goldberg July 2013
  • 2. Interactivity Tips 1. Ask A Question 2. Download a PDF copy of today’s presentation 3. Social Networking Tools
  • 3. Key Discussion Points • The IT Security landscape • Identifying the concerns • The reliance on Anti-Virus • The barriers to increased levels of IT security
  • 4. About the Survey • How many • When • How was it done
  • 5. Today’s IT Security Landscape • Biggest areas of IT security concern • Threat impact • Protection in use for endpoints • Protection in use for servers
  • 6. Key Concerns for IT Security 0% 5% 10% 15% 20% 25% Operatingsystem layerattacks Applicationlayer attacks USBdeviceattacks Unwantedapplication installation Memory-based attacks Phishing Zero-dayattacks AdvancedPersistent Threats(i.e.using… OTHER Noneoftheabove
  • 7. Impact of Threats Malware Incidents Per Month 0% 10% 20% 30% 40% 50% 60% 70% 5-10 10-20 20-30 30-40 40+
  • 8. Protection In Use At Endpoints 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Applicationcontrol/ whitelistings Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrivesecurity Webfiltering Datalossprevention OTHER Noneoftheabove
  • 9. Protection Installed for Servers 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Application control/whitelisting Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrive(security) Webfiltering Accesscontroltechnologies OTHER Noneoftheabove
  • 10. Focusing on Anti-Virus • Most common security tool • Viruses seem to be the single most prominent threat mentioned in the general press • Developed when viruses were the vast majority of threats, but that’s no longer true • Yet reliance is still there
  • 11. How Important Do You Believe Anti- Virus is to Protect Your Network 0% 10% 20% 30% 40% 50% 60% 70% Extremely important Very important Somewhat important Not very important Not important at all
  • 12. The Barriers to Increased IT Security • This is one aspect of IT where the trade-off of dollars vs. risk is most apparent • The lack of a “finish line” makes it hard to know what investment is enough • Different industries have different needs
  • 13. What Prevents You From Deploying Additional Security Layers 0% 10% 20% 30% 40% 50% 60% Budgetconstraints Laborconstraints Performanceimpacts (Bandwidth/hardware constraints) Ourenvironmentis adequatelyprotected withoutthem Unsure OTHER
  • 14. PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Antivirus: Required but not Sufficient
  • 16. New Malware in 2013 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 17. New Malware in 2013 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION 2012 Avg ≈ 2.8M / mo. 2013 YTD Avg ≈ 5.5M / mo.
  • 18. Total Malware Growth 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 19. Total Malware Growth 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION ~50% increase
  • 20. 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION APT / Targeted Attacks Ponemon Research: 2013 State of the Endpoint ISACA Research: Advanced Persistent Threats Are Real » 93.6% feel APTs are a serious threat » 63% think it is only a matter of time » 79% feel this is the largest gap in APT prevention » 1 in 5 have experienced an APT attack 47% 36% 36% 24% 24% 22% 23% 13% Figure 4: IT security risks of most concern since 2010 More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012 Increased use of mobile platforms Advanced persistent threats Intrusion and data loss within a virtual environment 2012 2011 2010 * This choice was not available in all fiscal years *
  • 21. New Threat Landscape The Endpoint is the New Attack Vector 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Browser, Apps and OS all have known vulnerabilities • 2/3 of all apps have known vulnerabilities • Time-to-Patch with change control is long, resulting in a lack of security and visibility Rogue USB • Transport method for injecting malware (e.g., Conficker, Stuxnet) • Easiest and most common means of data loss / theft Virus / Malware • Best capture rate for day one with AV is 33%. After 30 days it is 93% • 70,000 pieces of malware a month remain undetected
  • 23. Defense-in-Depth Strategy PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Successful risk mitigation requires a layered defensive strategy which includes: » Patch Management » Configuration Control » Application Whitelisting » Memory Protection » Data Encryption » Port / Device Control » Antivirus Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 23
  • 24. Defense-in-Depth – AV PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Stops “background noise” malware » May detect reused or “hidden “code » Will eventually clean payloads after they are discovered – prevents spreading to less protected machines Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 24
  • 25. Defense-in-Depth – Port / Device Control PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Can prevent unauthorized devices from delivering payloads » Can stop specific file types from being copied to host machines » Stops common delivery vector for evading extensive physical and technical security controls Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 25
  • 26. Defense-in-Depth – Encryption PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Protects data; stops leakage; etc. » Makes lateral data acquisition more difficult for APTs / targeted attacks » Required by almost all regulations Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 26
  • 27. Defense-in-Depth – App Whitelisting PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Extremely effective against zero-day attacks » Stops unknown, targeted malware payloads » Low performance impact on endpoints » Prevents sophisticated memory injection attacks which bypass file system Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 27
  • 28. Defense-in-Depth – Patch / Config Mgmt PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Eliminates the attackable surface area that hackers can target, including OS and 3rd party apps across multiple platforms » Centralizes configuration and enforcement of native desktop firewalls and other security settings Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 28
  • 29. Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Many Consoles Disparate Architecture Many Agents 29
  • 30. Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Solution • Single, Extensible Platform » Reduce the number of endpoint agents, servers, consoles in use » Improve visibility and control over endpoints » Reduce learning curve, free up network resources and improve IT productivity / resources » Leverage existing organizational structures across solutions and reduce data silos Single Console Agile n-Tier Pluggable Architecture Single Promotable Agent 30
  • 32. Tolly Study: Clients 32 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 33. Tolly Study: Servers 33 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 34. True Cost of Malware • Acquisition Costs » Licensing (license cost, maintenance, support) » Installation (HW / SW, roll-out, other) • Operational Costs » System Managemenet » Incident Management (help desk, escalation, re-imaging) » Lost Productivity • Does not include extraordinary costs, such as a data breach Operational (60~80%) Acquistion (20~40%) 34 http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
  • 35. More Information • Free Security Scanner Tools » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx • Think Before You Renew Your AV http://www.lumension.com/rethink-av 35
  • 36. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com
  • 37. 37 • Download a copy of today’s slides • Provide your feedback! Please complete our survey. • A recorded version of this seminar will be available at www.eSeminarsLive.com • View a calendar of our Upcoming Events Attendee Services