Presentation of new endpoint security management platform from Lumension. Done by Andris Soroka in Warsaw, in headtechnology Poland event Headlight2012.
2. Lumension’s business card
• Offices Worldwide + Strong Partner Base (500+)
• More than 6000 customers in 70 countries
• More than 14 million endpoints protected
• Award-Winning Innovator
3. Lumension History
Market Share Leader: Patch Management, Enterprise Risk Management, Device Control
First cross-platform First credentialed First to introduce First Patent pending First
and application patch based vulnerability whitelisting / patented Risk Intelligence Intelligent
management solution scanner file “shadowing” Engine Whitelisting
technology
1991 2007 2009 2010
3
4. Portfolio – ANNO 1991
Endpoint Vulnerability Endpoint Data Compliance and
Operations Management Protection Protection IT Risk Management
Power Management Vulnerability Assessment AntiVirus/Malware Device Control Compliance-Control
Mapping
License Monitoring Patching and Remediation Malware Remediation Data Encryption
Continuous Monitoring
Application Deployment Security Configuration Application Control- Whole Disk Encryption
Management Intelligent White-lisiting Control Harmonization
Asset Identification and Content Filtering
Inventory X-Platform Content Application Identity & IT Risk Assessment
Support Assurance Data Discovery
Contract Management Deficiency Remediation
Mobile Devices
Management
5. Agenda
»Traditional Endpoint Security – threats, drivers
»Evolutions and shifts in Endpoint Security
Recent/Upcoming Product Releases
Bryan Fish, Dee Liebenstein, Chris Chevalier and Rich Hoffecker
»Lumension LEMSS – the innovative platform
» Device Control
» Application Control
» Antivirus
» Whole Disk Encryption
» Mobile Device Management
» Risk & Compliance
» Patch & Remediation and more
7. Today’s business environment
» IT continues taking the lead in business (ERP,
CRM, document management, digital
prototyping etc.)
» Development of e-World continues (B2B,
B2C, e-Services, e-Government, e-Health,
social networking, Web 2.0, unified
communications etc.)
» Consumerization, virtualization, clouds,
mobility and borderless enterprise is a reality
» Cyber culture grows faster than cyber security
(as well – not all countries have compliance,
directives or penalties)
13. 2011 – year of targeted attacks
Attack Type Bethesda
Software
SQL Injection
URL Tampering Northrop Italy
Grumman IMF PM
Fox News Site
Spear Phishing X-Factor
3rd Party SW Citigroup
Spanish Nat. Sega
DDoS Police
Secure ID Gmail Booz
Accounts
Epsilon PBS Allen
Hamilton
Unknown
Vanguard
Sony PBS SOCA Defense
Monsanto
Malaysian
Gov. Site Peru
HB Gary RSA Lockheed
Special
Police
Martin
Nintendo
Brazil
Gov.
L3 SK
Communications Sony BMG Communications
Size of circle estimates relative Greece Turkish
Government
Korea
impact of breach AZ Police
US Senate NATO
Feb Mar April May June July Aug
IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011
14. Security Today
General Categories
• Financially Motivated
» Bank Accts, Passwords, etc.
» Identity Theft
» Insiders
• Intellectual Property Theft
• Hacktivists
» IP / Customer data
» Denial of Service
» Reputational Damage
16. Results of threats
We end up with -
• There are Internet shops full of credit
card, bank account, privacy, business
and other confidential data
• Also there are available services to rent
a botnet, malicious code and attack
anyone
• Video trainings and eLearning available
in social media, such as YouTube
• «Black market community» (forums,
blogs, interest groups, conferences etc.)
• Lost business & reputation
17. Crybercrime works..
Final Facts
• General loss of year 2011
» 2011 – 431 billion people affected, with more
than 114 billion USD directly and another 274
billion USD related to direct loss
» (Source: Symantec, Dec 2011)
Cybercrime costs the world
significantly more than the global
black market of marijuana, cocaine
and heroin combined (~$228 billion
world wide)
20. Endpoint Security Today – most important
Reality check
• Weakest link - endpoint
» 70% of incidents are caused on
the endpoint
» >2 million unique malware
samples every day
» On average lifetime of a malware
is less than 24 hours
» Traditional defense is not enough
» At least 50 new vulnerabilities
found and reported daily
21. Endpoint Security Today
Traditional Defenses …
• Antivirus
• Patching Microsoft OS and Apps
• Firewalls
• Strong Passwords
• End-User Education Programs
… Don’t Always Work:
If They Did, We Wouldn’t Have
IT Security Breaches!
22. Most Common Threats - N1
• Hard to dispute the fact that patching
an underlying software flaw in most
cases is the best defense
• In the current environment 72% of
vulnerabilities have a patch
available within 24 hours of
disclosure
• In the current environment 77% of
vulnerabilities have a patch
available within 30 days of
disclosure
• Microsoft data indicates that in the first
half of 2011 Zero Day attacks
amounted to less the 1% of the attack
surface
Patch or get hacked the Source http://www.zdnet.com/blog/security/report-third-
choice is yours…
party-programs-rather-than-microsoft-programs-
responsible-for-most-vulnerabilities/10383?tag=nl.e539
22
23. Most Common Threats – N2
• Vulnerable software is not just a
Microsoft problem…
• Third party software historically has
had more unpatched vulnerabilities
then Microsoft
• Java is your number one issue today
followed by Adobe – the leader for the
past couple of years
Source http://www.zdnet.com/blog/security/report-third-party-programs-rather-than-microsoft-
programs-responsible-for-most-vulnerabilities/10383?tag=nl.e539
Bottom line is WSUS is
not going to save you !
Source: http://www.zdnet.com/blog/security/37-percent-of-users-browsing-the-web-with-
insecure-java-versions/9541?tag=content;siu-container
23
24. Most Common Threats – N3
• Hackers are always going to take
advantage of areas that simply are not
properly handled by defenders
• Looking at the chart on the right is
there any question why Java, Adobe
and QuickTime are favored by the Bad
Guys
• In case you missed it the chart is
showing the “Most Outdated Web
Browser Plugins”
What did you really Source: http://www.zscaler.com/state-of-web-q3-2011.html
think was going to
happen?
24
25. Most Common Threats – N4
• It is important to remember that
taking advantage of a vulnerability is
not really the “End Game” for a bad
guy
• The Vulnerability only
represents a “Delivery
Mechanism”
• The “End Game” is actually to
allow them to Execute Malicious
Code in your environment
• Why are we focusing on the delivery
method not the end game
• Duh - because everyone else is
• Hackers will always beat us in the
delivery mechanism “Arms Race”
• Get ahead of the problem by
focusing on the End Game
25
26. Summary of Endpoint threats
Where Traditional Defenses Fall
Short
• Risk from Un-patched 3rd Party Apps
• Controlling Local Admins Gone Wild
• Preventing Zero-Day Attacks and
Targeted Malware
• End-User Education Isn’t Keeping Up
• Actionable Reporting and Security
Measurement
27. Changes of the traditional Endpoint Security
The Past, The Present and The Future
28. Quotes from AV vendors
Basic security protection “You can’t just rely on
is not good enough,” antivirus software – and
Rowan Trollope Senior we’re an antivirus
Vice President, Symantec company” George Kurtz,
Worldwide CTO, McAfee
[Standard] antivirus is not "[signatures are] completely
effective anymore... Raimund ineffective as the only layer [of
Genes, CTO Trend Micro Inc endpoint security]… Nikolay
Grebennikov, CTO, Kaspersky
30. Endpoint Security Today
Point products tax IT resources with additional administration burden, custom
integration & maintenance limited user productivity across multiple
management consoles
Vulnerability Patch Systems AntiVirus Data Compliance
Assessment Management Management Malware Protection
45% of IT operations
professionals work
across 3-5 different
software consoles
while managing
security & operational
functions.*
Colleen Pat Rich
IT Ops Manager CIO IT Security Manager
*Worldwide State of The Endpoint Report 2009
31. Endpoint Security requirements
» Antivirus / Anti-malware
» HIPS / File Integrity monitoring
» Firewall / VPN
» Encryption (whole disk, devices)
» Device Control
» Application Control / System Lockdown
» Vulnerability management, patch and
update management
» Configuration management
» NAC / Visibility
» Mobile Device Management
32. Lumension Endpoint Management Security
Suite 2012
Introducing: Application Intelligent Whitelisting
Single
Agile n-tier pluggable Single Promotable
Console
architecture Agent
33. LEMSS 2012 – one agent platform
L.E.M.S.S.: Patch and Remediation & Config
L.E.M.S.S.: Mobile Device Management
L.E.M.S.S.: Wake on LAN & Power Mgmt.
L.E.M.S.S.: Whole Disk Encryption
L.E.M.S.S.: Device Control
L.E.M.S.S.: App Control & Antivirus
L.E.M.S.S.: Risk & Compliance Management
34. Lumension Intelligent Application Whitelisting
Unifies workflows and technologies to deliver enhanced capabilities in the
management of endpoint operations, security and compliance
Endpoint Operations Intelligent Endpoint Security
Whitelisting
Asset Patch
Device Control
Management Management
Application Control
Software Configuration Trusted
DLP
Management Management Change
AntiVirus/Spyware
Power Compliance/
Content Wizard
Management Firewall Risk Mgt.
Management
Whole Disk
Reporting / Alerting / Logging Mobile Device Encryption
Management
» Remove whitelisting market
adoption barriers
36. Clean IT
» Role of AntiVirus » Features of AntiVirus
» Remove malware prior to lockdown » Sandbox
» Scan for malware not identified at » Antispyware / Antivirus
time of lockdown
» DNA matching
» Scan when making changes
» Exploit detection
• Defense in depth
» AntiVirus no longer the primary
defence mechanism
» Less of a reactionary role
L.E.M.S.S.: Antivirus
37. LEMSS: AV Key Features
Highlights Complete Listing
• Antivirus
» AV Signatures and Scan Engine • Antispyware
Updates • DNA Matching (partial signature matching)
» Policy Scans • SandBox (behavorial analysis)
• Recurring Scan Policy • Exploit Detection (hidden malware)
• AV Signature and Scan Engine Downloads
• Real Time Monitoring
(LAN and Internet)
• Scan Now • Recurring Scan Policy
» Alerts & Notifications • Real-time Monitoring Policy
• Centralized Alerts Page • Scan Now
• Dashboard Widgets • Alerts (Status)
• Email Notification
• Email Notifications
• Dashboard Widets
• Reports
• Reports
» Agent Control Panel • LEMSS Integration (single agent)
• Agent Control Panel
37
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
38. Lock IT
» Role of Application Control » Features of Application Control
» Fast and easy policy definition » Kernel level solution
» Unique whitelist for every endpoint » ~ 10 years in development
» No disruption to productivity » Exploit detection
» Stops any executable after locking it
» Granularity of control
» Integration with Patch & Remediation
module for automated and first in
market - “Intelligent Application
Whitelisting”
L.E.M.S.S.: Application Control
39. How Application Control Security Works
AntiVirus Application Control
Malware Signatures Hash of Approved Application
30 Million and growing @ 2 Million / Month As defined by IT Security
DLoader.AMHZW Exploit_Gen.HOW Word.exe Excel.exe Winnet.dll Mozilla.exe
Hacktool.KDY INF/AutoRun.HK JS/BomOrkut.A
JS/Exploit.GX JS/FakeCodec.B JS/Iframe.BZ
JS/Redirector.AH KillAV.MPK LNK/CplLnk.K
Run as a Service Run in the Kernel
CPU Usage: CPU Usage: Low
Intensive
Proactive
Reactive
Effective for:
Ineffective on: Zero day,
Zero Day, Polymorphic
Polymorphic
95% 13%
40. Trust IT
» Role of Patch & Remediation » Features of Patch & Remediation
» Software and Patch » 20 years market leadership
deployment systems
» Patented patch fingerprint
» Automated discovery and technology
assessment of assets
» Largest coverage of OS’s and Apps
» Trusted change manager
» Automatically update of local
whitelist
» No disruption to productivity
» Single solution for
heterogeneous environment
L.E.M.S.S.: Patch And Remediation
41. Lumension Application Support Updates
• Apple (128) Adobe Reader
» QuickTime Adobe Shockwave Player
» iTunes
Adobe Flash Player
» Safari
» iLife Suite Adobe Acrobat Pro
Adobe Photoshop
• Mozilla Firefox Content (818) Adobe InDesign
» Firefox
Adobe Air
• RealNetworks (10)
» RealPlayer
More than any
• Sun Microsystems (486)
» Java JRE other patch
vendor!
• WinZip (2)
» WinZip
41
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
42. More than just Windows patching….
• Microsoft Windows
• Apple Mac OS X, v.10.3–10.6, x86
(Intel)/PowerPC
• HP-UX, v. 11.11–11.31, 64 bit PA-RISC
• IBM AIX, v. 5.1–5.3, PowerPC
• Sun Solaris, v. 9–10, SPARC, x86/x86_64
• Linux Platforms:
» Red Hat Enterprise Linux
• RHEL 3, 4, and 5, x86 and x86_64
» CentOS
• CentOS 4 and 5, x86 and x86_64
» Oracle Enterprise Linux
• Oracle Enterprise Linux 4 and 5, x86 and x86_64
» SUSE Linux Enterprise
• SLES/SLED 9, 10, and 11, x86 and x86_64
42
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
43. And more than just patching…
Systems Management:
» Inventory:
» Software
» Hardware
» Services
» Software Distribution
» Remote Desktop
» Power Management
» Policy Setting / Enforcement
» Wake on LAN
» Report on Savings ($$)
» Configuration setting /
enforcement
» Disable 3rd party vendor auto
update, Adobe, Java
» Compliance Controls
43
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
44. Lumension Endpoint Integrity Service
Software
Vendors
Lumension Endpoint Integrity Service
Lumension Certified Application
(Sha-256 Hash Application Identification)
Customized Whitelist
Customer downloads Lumension certified
application data to build unique whitelist.
Whitelist Updated
Lumension dynamically updates customer
whitelist with latest vulnerability information.
Customer
44
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
45. Lumension Device Control
Supported Device Types:
• Biometric devices
• COM / Serial Ports
L.E.M.S.S.: Device Control • DVD/CD drives
• Floppy disk drives
• Imaging Devices / Scanners
• LPT / Parallel Ports
• Modems / Secondary Network Access
Devices
• Palm Handheld Devices
• Portable (Plug and Play) Devices
• Printers (USB/Bluetooth)
• PS/2 Ports
• Removable Storage Devices
• RIM BlackBerry Handhelds
• Smart Card Readers
• Tape Drives
• User Defined Devices
• Windows CE Handheld Devices
• Wireless Network Interface Cards (NICs)
48. Minimize Your True Endpoint Risk
Augment existing defense-in-depth tools
» Comprehensive Patch and »Device Control
Configuration Management
»Encryption
» Application Control / Whitelisting
Traditional
Endpoint Security
Blacklisting
As The Core
Zero Day Volume of
Malware
3rd Party Malware
Application As a
Risk Service
49. Minimize Your True Endpoint Risk
Rapid Patch and Configuration Areas of Risk
at the Endpoint
Management 5%
Zero-Day
• Analyze and deploy patches across all OS’s
and apps (incl. 3rd party)
30%
• Ensure all endpoints on the network are Missing Patches
managed
• Benchmark and continuously enforce patch and
configuration management processes
65%
• Don’t forget about the browser! Misconfigurations
» Un-patched browsers represent the highest risk for
web-borne malware.
Source: John Pescatore Vice
President, Gartner Fellow
50. Stop Malware Payloads with App Whitelisting
Antivirus
Apps Malware
• Use for malware clean-up
and removal
Authorized Known
• Operating Systems • Viruses
• Business Software • Worms
Application control • Trojans
• Much better defense to
prevent unknown or Un-Trusted
unwanted apps from Unknown
Unauthorized • Viruses
running • Games • Worms
• iTunes • Trojans
• Shareware • Keyloggers
• Spyware
• Unlicensed S/W
51. Encryption
Endpoints (Whole Disk) Removable Devices
• Secure all data on endpoint • Secure all data on removable
• Enforce secure pre-boot devices (e.g., USB flash drives)
authentication w/ single sign-on and/or media (e.g. CDs / DVDs)
• Recover forgotten passwords and • Centralized limits, enforcement,
data quickly and visibility
• Automated deployment
Lost UFDs (Ponemon 2011)
Laptop Thefts (IDC 2010)
52. Back in 2009 / 2010
Patch & Application
SCM
Remediation Control
Device Content
AV
Control Wizard
Risk
Scan PM
Manager
52
53. Lumension Endpoint Management Platform
Single Integrated Console / Single Agent
» Unified workflow
» Consolidated data
» Increased visibility
» Operational & Strategic
2009 Integration
Reporting
» Modular, extensible design
Endpoint Operations
» Power of granularity
Endpoint Security
» Improved productivity and
Compliance
lower TCO
53
54. Massive ongoing U.I. Integration
2010
2011
2012 LPR LRS LCW AC DC AV PM SCM Scan LRM
*2010 – each color represents a different product with a different user interface
*2011 – Migration to a consolidated user interface. SCAN and LRM are also sold as separate stand alone products
54
55. Lumension Platform Advantage
• Fully integrated UI across
ALL technologies
Many • Unified Policy Framework
to automatically enforce
Products and eliminate
configuration drift
Single UI
Many
Consoles
Single
Console
• N-Tier Design
• Full Integration for all
technologies
One Partner
One Platform
Many Solutions
Disparate N Tier Agile n-tier pluggable
Architecture architecture
• Cross Platform
• Single Communication
Vector
• One agent-all
technologies
Many SingleSingle Promotable
Agent
Agents Agent
55
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
56. Lumension Endpoint Management and Security Suite: Dashboard
56
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
58. Real time risk & compliance manager
Regulation Authority Documents
GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…
Business Interests Corporate Policies
Business Processes
Revenue Streams
Trade Secrets IT Assets
Profile Risk Attributes
Open to the Internet
Contains Credit Card
Information
Contains Customer Data
Applicable Controls Pass/Fail Regulation Assessment
Password Length
Data Encryption
Power Save
HIPAA SOX PCI NERC
100% 65% 65% 30%
59. Security Posture Index
Contextual
» High-level security
posture objectives
are captured in LRM
» Combined KPI’s
form a security
posture report
» Drill down on
different sections of
the SPI report for
detailed assessment
scores
59 59
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
60. More Information
SMB Security Series SMB Market Survey
» Resource Center:
http://www.lumension.com/smb-budget www.lumension.com/smb-survey
» Webcast Part 2:
http://www.lumension.com/Resources/Webinars
/How-to-Reduce-Endpoint-Complexity-and-
Costs.aspx
E is for Endpoint Webcast and
Quantify Your IT Risk with Free Whitepaper Series
Scanners
http://www.lumension.com/E-is-for-Endpoint.aspx
» http://www.lumension.com/special-
offer/PREMIUM-SECURITY-TOOLS.ASPX
Lumension® Endpoint Management
and Security Suite
» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
61. Please consider next steps
• Lumension® Intelligent Whitelisting™
» Overview
• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
» Free Demo
• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx
» Free Application Scanner
• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx
• Whitepaper and Videos
» Think Your Anti-Virus is Working? Think Again.
• www.lumension.com/special-offer/App-Whitelisting-V2.aspx
» Using Defense-in-Depth to Combat Endpoint Malware
• l.lumension.com/puavad
» Reducing Local Admin Access
• www.lumension.com/special-offer/us-local-admin.aspx
Welcome and greetings. Thank You for coming. This will be the story about changes in endpoint security. From traditional to innovative. From AV or other blacklist vendors to Lumension Security. Introducing in 2011 the Intelligent Application Whitelisting and new Lumension Endpoint Management & Security Suite. L.E.M.S.S.
Brief introduction of company.
Started in 1991, received leadership as Patchlink, merged with Securewave and Stat, later Securityworks. Now a global leader in Endpoint security, operations, data protection and risk management.
Brief introduction of Agenda.
Security is becoming more important than ever and bigger and bigger challenge to manage. . Technologies are developing with the speed of light.
Professionals and not kids any more. Targeted and sophisticated and not by incident. Every day, more and more we hear it, see it, experience it.
There is no single company that starts from zero. Everyone has security solutions. Unfortunately they don’t work.
Your environment also has all sorts of risk added everyday and in different waysSoftware and OS lifecycle assumes new bugs; design flaws will be discovered as technology is adopted and deployed.On average, 15 new vulnerabilities are released per dayAnd over 90% of vulnerabilities could be exploited remotely. Software vulnerabilities grow daily. Understanding these risks is critical in your ability to address risk efficiently.
Your environment also has all sorts of risk added everyday and in different waysSoftware and OS lifecycle assumes new bugs; design flaws will be discovered as technology is adopted and deployed.On average, 15 new vulnerabilities are released per dayAnd over 90% of vulnerabilities could be exploited remotely. Software vulnerabilities grow daily. Understanding these risks is critical in your ability to address risk efficiently.
Most overflows result in a system crashOccasionally, a vulnerability is discovered that allows the “overflowed” code to be executedThat execution typically escapes any established security controlsBecause buffers are small and these attacks are difficult, many overflows attacks will try to download a more substantial payload
On average, the companies lost 12,000 customer, consumer, and employee records on missing USB sticks, the study explained. At an average cost of $214 a record, that amounts to losses that could go north of $2.5 million for the companies in the survey.
Most organizations wind up dealing several hundred controls that must be measured against hundreds or thousands of assets. This can produce individual assessment scores measuring in the hundreds of thousands.To help you see a roll-up of this information in a simple view, LRM includes Key Performance Indicators, or KPI's. These KPI's capture the high-level security posture objectives that matter to your organization. Most organizations will typically have 10-20 KPI's at this high level that summarize their high-level security posture objectives.These KPIs combine to form a high-level security posture report card that gives a quick glance into your enterprise-wide security posture. You can drill down to any of these to get to the detailed assessment scores that produced your high-level grade.