Mobility is a fact of organizational life, and administrators have a business imperative to make their end users as productive on the go as they are in the office. But mobile productivity can't come at the expense of security. Attend this session to learn about Novell ZENworks Endpoint Security Management and its role in enabling secure mobile productivity. Keeping your network safe, your data protected and you users productive is more important than ever. Learn how you do all three with comprehensive and centralized endpoint security management solutions from Novell.

1. Mitigating Risk for the Mobile
Worker:
Novell ZENworks Endpoint Security Management Overview
® ®
Ross Chevalier
CTO Americas, President Novell Canada
Novell, Inc / rchevalier@novell.ca

2. Agenda
What is Endpoint Security Management?
How are you handling the market reality?
Use cases
What's in ZENworks Endpoint Security
®
Management today
Discussion around how to get started
2 © Novell, Inc. All rights reserved.

3. Endpoint Security Management

4. It's All About Balance
Flexibility Control
4 © Novell, Inc. All rights reserved.

5. Seeing Reality
• The workforce has become mobile
– At the enterprise level, laptops have
surpassed desktop deployments
– Wireless NICs are standard on new PCs
and wireless networks have proliferated
– Mobility increases productivity and agility
• What is the key requirement
to enable mobility?
– Remote access to data, which
can be either locally stored or
accessed via the Internet
• A polar relationship
– Increased agility and productivity requires
moving data to the endpoint or providing
remote access to the data, which increases
risks and their associated costs.
5 © Novell, Inc. All rights reserved.

6. Are Your Endpoints Secure?
of organizations said they would never
83% be able to prove if contents of a laptop
were encrypted if a data breach occurred.1
Percentage of employees who say they
copy sensitive or confidential information
onto a USB memory stick.1 69%
How much more expensive it can be to
20X fix a data breach than it is to invest in PCI
compliance from the very start.3
Cost to replace a lost laptop (e.g., cost
of data breach, lost IP, lost productivity,
and legal and regulatory expenses).1 $49,000
1 – Ponemon, “The Human Factor in Laptop Encryption”, December 2009
2 – Ponemon, “Trends in Insider Compliance with Data Security Policies”, June 2009
3 – Solidcore Systems, Emagined Security, Fortrex, “PCI Compliance Cost Analysis”, December 2007
4 – Ponemon, “The Cost of a Lost Laptop”, April 2009
6 © Novell, Inc. All rights reserved.

7. Data Breach Sources
7 © Novell, Inc. All rights reserved.

8. Endpoint Security Considerations
• Data - Information that is stored on and/or accessed by a computer
• Access - The methods and controls for an
endpoint’s communications
• Device - The settings and states of the endpoint
Data Protection + Access Control + Device Health = Endpoint Security
8 © Novell, Inc. All rights reserved.

9. The Pieces to Consider
9 © Novell, Inc. All rights reserved.

10. Mitigating Risk Case 1
• You have mobile users who use a variety of different
network services to connect back to head office
• Wireless security training is “unheard”
• You need to be able to control both connection and
in-stream security when many of these
networks are not secure
• The corporate firewalls don't exist
when people are remote
10 © Novell, Inc. All rights reserved.

11. 11 © Novell, Inc. All rights reserved.

12. 12 © Novell, Inc. All rights reserved.

13. 13 © Novell, Inc. All rights reserved.

14. 14 © Novell, Inc. All rights reserved.

15. 15 © Novell, Inc. All rights reserved.

16. Mitigating Risk Case 2
• The removable storage conundrum
• Users get access readily to all kinds of storage options
– Most are “invisible”
• Could result in data leakage or external infections
• Turning off the USB ports is a non-starter
• Need to be able to control which USB devices can be
connected and active
16 © Novell, Inc. All rights reserved. http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634

17. 17 © Novell, Inc. All rights reserved.

18. 18 © Novell, Inc. All rights reserved.

19. Mitigating Risk Case 3
• Mobile user may install or “get installed” applications
that you don't want to gain access to the system or
applications you don't want to run at all
• User must retain some level of administrative authority,
because it's Windows and too many things break when
administrative authority is removed
• User may “help” by disabling or uninstalling critical
software required by the company
19 © Novell, Inc. All rights reserved.

20. 20 © Novell, Inc. All rights reserved.

21. 21 © Novell, Inc. All rights reserved.

22. 22 © Novell, Inc. All rights reserved.

23. 23 © Novell, Inc. All rights reserved.

24. 24 © Novell, Inc. All rights reserved.

25. Looking at ZENworks®
Endpoint Security Management

26. ZENworks Endpoint Security Management:
®
Unparalleled Security
AD // eDirectory Integrated Central Control and Reporting
™
Application Connectivity Storage/Copy Integrity Control Advanced
Control Control Control Firewall Control
Deny: Control: Allow / deny use Ensure anti- NDIS-layer
of thumb drives, virus, anti- Firewall
–Undesired –All hw ports etc. spyware, etc.
apps –Wi-fi access Stateful with
Allow only Enforce any
–Network ACL support
Enforce VPN approved custom VB or
access for thumbdrives Java Script No end-user
specific apps Encrypt input req’d
Quarantine via
thumbdrive firewall block
and/or disk
folder
Location-Aware, Self-Defending, Online/Offline Client
26 © Novell, Inc. All rights reserved.

27. Certifications
• The only endpoint security enforcement solution with
both patented technology and key U.S. government
and industry certifications:
– FIPS 140-2 Certified Cryptomodule
– AES Encryption
– Common Criteria EAL 4+ Certification (strongest in the space)
– IPv6 Compliant
– Microsoft WHQL Certified
> Windows Hardware Quality Labs
27 © Novell, Inc. All rights reserved.

28. Summary of Benefits
• Increase agility and productivity while managing associated
risk
• Protect data on the endpoint and accessed by the device
• Protect system health–increase user up time
and productivity
• Decrease overhead
– single console for configuration, management,
reporting/alerts
– single agent for security enforcement
• Targeted enforcement to address specific issues
• Centralize security decisions
• Enforcement can not be circumvented
28 © Novell, Inc. All rights reserved.

29. The Other Piece of the Puzzle
Network Access Control

30. Also For Consideration:
ZENworks Network Access Control
®
• Purpose-built network access control engine
– Fast endpoint testing; minimal impact on network
• Tests all categories of end users
– Internal, visitors, contractors, home and mobile users, range of
OSs and versions
• Multiple endpoint testing options
– Agent-less (via RPC), ActiveX, Persistent agent
• Multiple enforcement options
– 802.1x, DHCP, Endpoint-based, Inline, Cisco NAC
• Testing depth: hundreds of off-the-shelf tests
• Enterprise scalable
– Hundreds of thousands of endpoints
30 © Novell, Inc. All rights reserved.

31. Network Access Control:
Internal, Pre-connect Security is The Priority
• The majority of security incidents are the result of internal actions
• For the majority of respondents, pre-connect NAC is a priority
over post-connect NAC
Security Incidents High Priority NAC
100% 100%
90% 90%
80% 80%
70% 70%
60% 60%
50% 50%
40% 40% 80%
30% 61% 30%
Pre-Connect
20%
Internal
39% 20%
10%
Perimeter 10% 20%
0% 0%
Post-Connect
Source: PricewaterhouseCoopers Source: Gartner
31 © Novell, Inc. All rights reserved.

32. Flexible Testing + Flexible Enforcement
= Full Coverage
Testing and Enforcement Options for Coverage of all Endpoints
Your Network
LAN Connected Branch Office Remote-VPN, RAS Wireless Visitor/Contractor
Novell NAC
®
Testing Options Enforcement Options
Enforcement
Agent-less ActiveX Agent Inline Endpoint 802.1x DCHP
Through Cisco's
NAC architecture
Control (VPN) Based
32 © Novell, Inc. All rights reserved.

33. Where to Start?

34. Questions and Answers

36. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.