Presentation of new endpoint security management platform from Lumension. Done by Andris Soroka in Warsaw, in headtechnology Poland event Headlight2012.

1. Shift to Intelligent
Endpoint Security
Management
Andris Soroka
Warsaw, Poland
17th of May, 2012

2. Lumension’s business card
• Offices Worldwide + Strong Partner Base (500+)
• More than 6000 customers in 70 countries
• More than 14 million endpoints protected
• Award-Winning Innovator

3. Lumension History
Market Share Leader: Patch Management, Enterprise Risk Management, Device Control
First cross-platform First credentialed First to introduce First Patent pending First
and application patch based vulnerability whitelisting / patented Risk Intelligence Intelligent
management solution scanner file “shadowing” Engine Whitelisting
technology
1991 2007 2009 2010
3

4. Portfolio – ANNO 1991
Endpoint Vulnerability Endpoint Data Compliance and
Operations Management Protection Protection IT Risk Management
Power Management Vulnerability Assessment AntiVirus/Malware Device Control Compliance-Control
Mapping
License Monitoring Patching and Remediation Malware Remediation Data Encryption
Continuous Monitoring
Application Deployment Security Configuration Application Control- Whole Disk Encryption
Management Intelligent White-lisiting Control Harmonization
Asset Identification and Content Filtering
Inventory X-Platform Content Application Identity & IT Risk Assessment
Support Assurance Data Discovery
Contract Management Deficiency Remediation
Mobile Devices
Management

5. Agenda
»Traditional Endpoint Security – threats, drivers
»Evolutions and shifts in Endpoint Security
Recent/Upcoming Product Releases
Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker
»Lumension LEMSS – the innovative platform
» Device Control
» Application Control
» Antivirus
» Whole Disk Encryption
» Mobile Device Management
» Risk & Compliance
» Patch & Remediation and more

6. Business Drivers and Threats
The Endpoint Security Landscape

7. Today’s business environment
» IT continues taking the lead in business (ERP,
CRM, document management, digital
prototyping etc.)
» Development of e-World continues (B2B,
B2C, e-Services, e-Government, e-Health,
social networking, Web 2.0, unified
communications etc.)
» Consumerization, virtualization, clouds,
mobility and borderless enterprise is a reality
» Cyber culture grows faster than cyber security
(as well – not all countries have compliance,
directives or penalties)

8. Every technology is vulnerable

9. Malware continues its perfect storm

10. New king of malware - Java

11. Mac OS X malware

12. Mobile malware
Source: Juniper Mobile Threat Report

13. 2011 – year of targeted attacks
Attack Type Bethesda
Software
SQL Injection
URL Tampering Northrop Italy
Grumman IMF PM
Fox News Site
Spear Phishing X-Factor
3rd Party SW Citigroup
Spanish Nat. Sega
DDoS Police
Secure ID Gmail Booz
Accounts
Epsilon PBS Allen
Hamilton
Unknown
Vanguard
Sony PBS SOCA Defense
Monsanto
Malaysian
Gov. Site Peru
HB Gary RSA Lockheed
Special
Police
Martin
Nintendo
Brazil
Gov.
L3 SK
Communications Sony BMG Communications
Size of circle estimates relative Greece Turkish
Government
Korea
impact of breach AZ Police
US Senate NATO
Feb Mar April May June July Aug
IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011

14. Security Today
General Categories
• Financially Motivated
» Bank Accts, Passwords, etc.
» Identity Theft
» Insiders
• Intellectual Property Theft
• Hacktivists
» IP / Customer data
» Denial of Service
» Reputational Damage

15. Threats and solutions of Security Today

16. Results of threats
We end up with -
• There are Internet shops full of credit
card, bank account, privacy, business
and other confidential data
• Also there are available services to rent
a botnet, malicious code and attack
anyone
• Video trainings and eLearning available
in social media, such as YouTube
• «Black market community» (forums,
blogs, interest groups, conferences etc.)
• Lost business & reputation

17. Crybercrime works..
Final Facts
• General loss of year 2011
» 2011 – 431 billion people affected, with more
than 114 billion USD directly and another 274
billion USD related to direct loss
» (Source: Symantec, Dec 2011)
Cybercrime costs the world
significantly more than the global
black market of marijuana, cocaine
and heroin combined (~$228 billion
world wide)

18. What about technologies for protection?

19. Ponemon Institute Survey 2011 (December)

20. Endpoint Security Today – most important
Reality check
• Weakest link - endpoint
» 70% of incidents are caused on
the endpoint
» >2 million unique malware
samples every day
» On average lifetime of a malware
is less than 24 hours
» Traditional defense is not enough
» At least 50 new vulnerabilities
found and reported daily

21. Endpoint Security Today
Traditional Defenses …
• Antivirus
• Patching Microsoft OS and Apps
• Firewalls
• Strong Passwords
• End-User Education Programs
… Don’t Always Work:
If They Did, We Wouldn’t Have
IT Security Breaches!

22. Most Common Threats - N1
• Hard to dispute the fact that patching
an underlying software flaw in most
cases is the best defense
• In the current environment 72% of
vulnerabilities have a patch
available within 24 hours of
disclosure
• In the current environment 77% of
vulnerabilities have a patch
available within 30 days of
disclosure
• Microsoft data indicates that in the first
half of 2011 Zero Day attacks
amounted to less the 1% of the attack
surface
Patch or get hacked the Source http://www.zdnet.com/blog/security/report-third-
choice is yours…
party-programs-rather-than-microsoft-programs-
responsible-for-most-vulnerabilities/10383?tag=nl.e539
22

23. Most Common Threats – N2
• Vulnerable software is not just a
Microsoft problem…
• Third party software historically has
had more unpatched vulnerabilities
then Microsoft
• Java is your number one issue today
followed by Adobe – the leader for the
past couple of years
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-
programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
Bottom line is WSUS is
not going to save you !
Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-
insecure-java-versions/9541?tag=content;siu-container
23

24. Most Common Threats – N3
• Hackers are always going to take
advantage of areas that simply are not
properly handled by defenders
• Looking at the chart on the right is
there any question why Java, Adobe
and QuickTime are favored by the Bad
Guys
• In case you missed it the chart is
showing the “Most Outdated Web
Browser Plugins”
What did you really Source: http://www.zscaler.com/state-of-web-q3-2011.html
think was going to
happen?
24

25. Most Common Threats – N4
• It is important to remember that
taking advantage of a vulnerability is
not really the “End Game” for a bad
guy
• The Vulnerability only
represents a “Delivery
Mechanism”
• The “End Game” is actually to
allow them to Execute Malicious
Code in your environment
• Why are we focusing on the delivery
method not the end game
• Duh - because everyone else is
• Hackers will always beat us in the
delivery mechanism “Arms Race”
• Get ahead of the problem by
focusing on the End Game
25

26. Summary of Endpoint threats
Where Traditional Defenses Fall
Short
• Risk from Un-patched 3rd Party Apps
• Controlling Local Admins Gone Wild
• Preventing Zero-Day Attacks and
Targeted Malware
• End-User Education Isn’t Keeping Up
• Actionable Reporting and Security
Measurement

27. Changes of the traditional Endpoint Security
The Past, The Present and The Future

28. Quotes from AV vendors
Basic security protection “You can’t just rely on
is not good enough,” antivirus software – and
Rowan Trollope Senior we’re an antivirus
Vice President, Symantec company” George Kurtz,
Worldwide CTO, McAfee
[Standard] antivirus is not "[signatures are] completely
effective anymore... Raimund ineffective as the only layer [of
Genes, CTO Trend Micro Inc endpoint security]… Nikolay
Grebennikov, CTO, Kaspersky

29. Endpoint Security – vendors and scope

30. Endpoint Security Today
Point products tax IT resources with additional administration burden, custom
integration & maintenance limited user productivity across multiple
management consoles
Vulnerability Patch Systems AntiVirus Data Compliance
Assessment Management Management Malware Protection
45% of IT operations
professionals work
across 3-5 different
software consoles
while managing
security & operational
functions.*
Colleen Pat Rich
IT Ops Manager CIO IT Security Manager
*Worldwide State of The Endpoint Report 2009

31. Endpoint Security requirements
» Antivirus / Anti-malware
» HIPS / File Integrity monitoring
» Firewall / VPN
» Encryption (whole disk, devices)
» Device Control
» Application Control / System Lockdown
» Vulnerability management, patch and
update management
» Configuration management
» NAC / Visibility
» Mobile Device Management

32. Lumension Endpoint Management Security
Suite 2012
Introducing: Application Intelligent Whitelisting
Single
Agile n-tier pluggable Single Promotable
Console
architecture Agent

33. LEMSS 2012 – one agent platform
L.E.M.S.S.: Patch and Remediation & Config
L.E.M.S.S.: Mobile Device Management
L.E.M.S.S.: Wake on LAN & Power Mgmt.
L.E.M.S.S.: Whole Disk Encryption
L.E.M.S.S.: Device Control
L.E.M.S.S.: App Control & Antivirus
L.E.M.S.S.: Risk & Compliance Management

34. Lumension Intelligent Application Whitelisting
Unifies workflows and technologies to deliver enhanced capabilities in the
management of endpoint operations, security and compliance
Endpoint Operations Intelligent Endpoint Security
Whitelisting
Asset Patch
Device Control
Management Management
Application Control
Software Configuration Trusted
DLP
Management Management Change
AntiVirus/Spyware
Power Compliance/
Content Wizard
Management Firewall Risk Mgt.
Management
Whole Disk
Reporting / Alerting / Logging Mobile Device Encryption
Management
» Remove whitelisting market
adoption barriers

35. LEMSS – principle of work

36. Clean IT
» Role of AntiVirus » Features of AntiVirus
» Remove malware prior to lockdown » Sandbox
» Scan for malware not identified at » Antispyware / Antivirus
time of lockdown
» DNA matching
» Scan when making changes
» Exploit detection
• Defense in depth
» AntiVirus no longer the primary
defence mechanism
» Less of a reactionary role
L.E.M.S.S.: Antivirus

37. LEMSS: AV Key Features
Highlights Complete Listing
• Antivirus
» AV Signatures and Scan Engine • Antispyware
Updates • DNA Matching (partial signature matching)
» Policy Scans • SandBox (behavorial analysis)
• Recurring Scan Policy • Exploit Detection (hidden malware)
• AV Signature and Scan Engine Downloads
• Real Time Monitoring
(LAN and Internet)
• Scan Now • Recurring Scan Policy
» Alerts & Notifications • Real-time Monitoring Policy
• Centralized Alerts Page • Scan Now
• Dashboard Widgets • Alerts (Status)
• Email Notification
• Email Notifications
• Dashboard Widets
• Reports
• Reports
» Agent Control Panel • LEMSS Integration (single agent)
• Agent Control Panel
37
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

38. Lock IT
» Role of Application Control » Features of Application Control
» Fast and easy policy definition » Kernel level solution
» Unique whitelist for every endpoint » ~ 10 years in development
» No disruption to productivity » Exploit detection
» Stops any executable after locking it
» Granularity of control
» Integration with Patch & Remediation
module for automated and first in
market - “Intelligent Application
Whitelisting”
L.E.M.S.S.: Application Control

39. How Application Control Security Works
AntiVirus Application Control
Malware Signatures Hash of Approved Application
30 Million and growing @ 2 Million / Month As defined by IT Security
DLoader.AMHZW Exploit_Gen.HOW Word.exe Excel.exe Winnet.dll Mozilla.exe
Hacktool.KDY INF/AutoRun.HK JS/BomOrkut.A
JS/Exploit.GX JS/FakeCodec.B JS/Iframe.BZ
JS/Redirector.AH KillAV.MPK LNK/CplLnk.K
Run as a Service Run in the Kernel
CPU Usage: CPU Usage: Low
Intensive
Proactive
Reactive
Effective for:
Ineffective on: Zero day,
Zero Day, Polymorphic
Polymorphic
95% 13%

40. Trust IT
» Role of Patch & Remediation » Features of Patch & Remediation
» Software and Patch » 20 years market leadership
deployment systems
» Patented patch fingerprint
» Automated discovery and technology
assessment of assets
» Largest coverage of OS’s and Apps
» Trusted change manager
» Automatically update of local
whitelist
» No disruption to productivity
» Single solution for
heterogeneous environment
L.E.M.S.S.: Patch And Remediation

41. Lumension Application Support Updates
• Apple (128) Adobe Reader
» QuickTime Adobe Shockwave Player
» iTunes
Adobe Flash Player
» Safari
» iLife Suite Adobe Acrobat Pro
Adobe Photoshop
• Mozilla Firefox Content (818) Adobe InDesign
» Firefox
Adobe Air
• RealNetworks (10)
» RealPlayer
More than any
• Sun Microsystems (486)
» Java JRE other patch
vendor!
• WinZip (2)
» WinZip
41
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

42. More than just Windows patching….
• Microsoft Windows
• Apple Mac OS X, v.10.3–10.6, x86
(Intel)/PowerPC
• HP-UX, v. 11.11–11.31, 64 bit PA-RISC
• IBM AIX, v. 5.1–5.3, PowerPC
• Sun Solaris, v. 9–10, SPARC, x86/x86_64
• Linux Platforms:
» Red Hat Enterprise Linux
• RHEL 3, 4, and 5, x86 and x86_64
» CentOS
• CentOS 4 and 5, x86 and x86_64
» Oracle Enterprise Linux
• Oracle Enterprise Linux 4 and 5, x86 and x86_64
» SUSE Linux Enterprise
• SLES/SLED 9, 10, and 11, x86 and x86_64
42
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

43. And more than just patching…
Systems Management:
» Inventory:
» Software
» Hardware
» Services
» Software Distribution
» Remote Desktop
» Power Management
» Policy Setting / Enforcement
» Wake on LAN
» Report on Savings ($$)
» Configuration setting /
enforcement
» Disable 3rd party vendor auto
update, Adobe, Java
» Compliance Controls
43
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

44. Lumension Endpoint Integrity Service
Software
Vendors
Lumension Endpoint Integrity Service
Lumension Certified Application
(Sha-256 Hash Application Identification)
Customized Whitelist
Customer downloads Lumension certified
application data to build unique whitelist.
Whitelist Updated
Lumension dynamically updates customer
whitelist with latest vulnerability information.
Customer
44
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

45. Lumension Device Control
Supported Device Types:
• Biometric devices
• COM / Serial Ports
L.E.M.S.S.: Device Control • DVD/CD drives
• Floppy disk drives
• Imaging Devices / Scanners
• LPT / Parallel Ports
• Modems / Secondary Network Access
Devices
• Palm Handheld Devices
• Portable (Plug and Play) Devices
• Printers (USB/Bluetooth)
• PS/2 Ports
• Removable Storage Devices
• RIM BlackBerry Handhelds
• Smart Card Readers
• Tape Drives
• User Defined Devices
• Windows CE Handheld Devices
• Wireless Network Interface Cards (NICs)

46. Lumension Mobile Device Management

47. Improving Endpoint Security with LEMSS
(Lumension Endpoint Management Security Suite)

48. Minimize Your True Endpoint Risk
Augment existing defense-in-depth tools
» Comprehensive Patch and »Device Control
Configuration Management
»Encryption
» Application Control / Whitelisting
Traditional
Endpoint Security
Blacklisting
As The Core
Zero Day Volume of
Malware
3rd Party Malware
Application As a
Risk Service

49. Minimize Your True Endpoint Risk
Rapid Patch and Configuration Areas of Risk
at the Endpoint
Management 5%
Zero-Day
• Analyze and deploy patches across all OS’s
and apps (incl. 3rd party)
30%
• Ensure all endpoints on the network are Missing Patches
managed
• Benchmark and continuously enforce patch and
configuration management processes
65%
• Don’t forget about the browser! Misconfigurations
» Un-patched browsers represent the highest risk for
web-borne malware.
Source: John Pescatore Vice
President, Gartner Fellow

50. Stop Malware Payloads with App Whitelisting
Antivirus
Apps Malware
• Use for malware clean-up
and removal
Authorized Known
• Operating Systems • Viruses
• Business Software • Worms
Application control • Trojans
• Much better defense to
prevent unknown or Un-Trusted
unwanted apps from Unknown
Unauthorized • Viruses
running • Games • Worms
• iTunes • Trojans
• Shareware • Keyloggers
• Spyware
• Unlicensed S/W

51. Encryption
Endpoints (Whole Disk) Removable Devices
• Secure all data on endpoint • Secure all data on removable
• Enforce secure pre-boot devices (e.g., USB flash drives)
authentication w/ single sign-on and/or media (e.g. CDs / DVDs)
• Recover forgotten passwords and • Centralized limits, enforcement,
data quickly and visibility
• Automated deployment
Lost UFDs (Ponemon 2011)
Laptop Thefts (IDC 2010)

52. Back in 2009 / 2010
Patch & Application
SCM
Remediation Control
Device Content
AV
Control Wizard
Risk
Scan PM
Manager
52

53. Lumension Endpoint Management Platform
Single Integrated Console / Single Agent
» Unified workflow
» Consolidated data
» Increased visibility
» Operational & Strategic
2009 Integration
Reporting
» Modular, extensible design
Endpoint Operations
» Power of granularity
Endpoint Security
» Improved productivity and
Compliance
lower TCO
53

54. Massive ongoing U.I. Integration
2010
2011
2012 LPR LRS LCW AC DC AV PM SCM Scan LRM
*2010 – each color represents a different product with a different user interface
*2011 – Migration to a consolidated user interface. SCAN and LRM are also sold as separate stand alone products
54

55. Lumension Platform Advantage
• Fully integrated UI across
ALL technologies
Many • Unified Policy Framework
to automatically enforce
Products and eliminate
configuration drift
Single UI
Many
Consoles
Single
Console
• N-Tier Design
• Full Integration for all
technologies
One Partner
One Platform
Many Solutions
Disparate N Tier Agile n-tier pluggable
Architecture architecture
• Cross Platform
• Single Communication
Vector
• One agent-all
technologies
Many SingleSingle Promotable
Agent
Agents Agent
55
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

56. Lumension Endpoint Management and Security Suite: Dashboard
56
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

57. Lumension® Risk Manager

58. Real time risk & compliance manager
Regulation Authority Documents
GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…
Business Interests Corporate Policies
Business Processes
Revenue Streams
Trade Secrets IT Assets
Profile Risk Attributes
Open to the Internet
Contains Credit Card
Information
Contains Customer Data
Applicable Controls Pass/Fail Regulation Assessment
Password Length
Data Encryption
Power Save
HIPAA SOX PCI NERC
100% 65% 65% 30%

59. Security Posture Index
Contextual
» High-level security
posture objectives
are captured in LRM
» Combined KPI’s
form a security
posture report
» Drill down on
different sections of
the SPI report for
detailed assessment
scores
59 59
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

60. More Information
SMB Security Series SMB Market Survey
» Resource Center:
http://www.lumension.com/smb-budget www.lumension.com/smb-survey
» Webcast Part 2:
http://www.lumension.com/Resources/Webinars
/How-to-Reduce-Endpoint-Complexity-and-
Costs.aspx
E is for Endpoint Webcast and
Quantify Your IT Risk with Free Whitepaper Series
Scanners
http://www.lumension.com/E-is-for-Endpoint.aspx
» http://www.lumension.com/special-
offer/PREMIUM-SECURITY-TOOLS.ASPX
Lumension® Endpoint Management
and Security Suite
» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx

61. Please consider next steps
• Lumension® Intelligent Whitelisting™
» Overview
• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
» Free Demo
• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx
» Free Application Scanner
• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx
• Whitepaper and Videos
» Think Your Anti-Virus is Working? Think Again.
• www.lumension.com/special-offer/App-Whitelisting-V2.aspx
» Using Defense-in-Depth to Combat Endpoint Malware
• l.lumension.com/puavad
» Reducing Local Admin Access
• www.lumension.com/special-offer/us-local-admin.aspx

62. Global Headquarters
15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260