250 likes | 396 Views
End-Point Security Presentation. Ed Underwood – Territory Manager. Agenda. White List vs. Black List Approach End-Point Security & HIPAA Policy Enforcement & Management Sun Healthcare Case Study Q & A. A Dichotomy Shift in Security. Different approaches same result
E N D
End-Point Security Presentation Ed Underwood – Territory Manager
Agenda • White List vs. Black List Approach • End-Point Security & HIPAA • Policy Enforcement & Management • Sun Healthcare Case Study • Q & A
A Dichotomy Shift in Security • Different approaches same result • Attempt to detect and react to suspicious behaviors • The reactive model • Seek and destroy Malware • The Blacklist approach • Block or stonewall communications ports • The Firewall, port-blocker, and epoxy methods • Use of GPO’s – can’t stop Malware • Cons of These Approach’s • Can only detect what it knows about • Constant updates required • Behavior models not exact
A Dichotomy Shift in Security • Sanctuary White List Approach • Stops Spyware Cold • No Scanning or BL Signatures • Defends Data Against Theft By Securing Network Endpoints • Only Trusted Applications Are Authorized • Only Trusted Devices Are Authorized • Everything is “Guilty Until Proven Innocent” Bottom Line • If it is not defined it will not load to memory or function as a device & becomes DEAD or DEADWARE.
Authorized • Operating Systems • Business Software user should have access to • Known • Viruses, Worms, Trojans • Hacker Intrusive Software • Unauthorized - Unwanted • Games, Shareware • Unlicensed Software • Software user should not have access to • Unauthorized - Unwanted • Games, Shareware • Unlicensed Software • Software user should not have access to • Unknown • Viruses, Worms, Trojans • Hacker Intrusive Software • Unknown • Viruses, Worms, Trojans • Hacker Intrusive Software • Unknown • Viruses, Worms, Trojans • Hacker Intrusive Software White List ApproachManage the known and allowed, deny all else… Applications Malware • Authorized • Operating Systems • Business Software user should have access to • Known • Viruses, Worms, Trojans • Hacker Intrusive Software • Unauthorized - Unwanted • Games, Shareware • Unlicensed Software • Software user should not have access to
Sanctuary Healthcare HIPAAMatching the Objective • SecureWave’s objective is to implement security mechanisms at 3 safeguards levels: Enforce the procedures and policies per user / group / machine / task related Control physical access to I/O devices to complement classical physical security Implement End-Point security solutions to prevent host intrusion and its consequences 1. Administrative 2. Physical 3. Technical
Sanctuary Matching Administrative Safeguards (164.308) * Required / Addressable
Standard Implementation Specifications R/A* How SecureWave solutions contribute Access Control Unique User Identification R Manage centrally all users access to programs and I/O devices organization wide Emergency Access Feature R Automatic Logoff A Encryption and Decryption A Audit Controls R Log all access attempts to particular programs and I/O devices that might deal with EPHI Integrity Mechanism to Authenticate Electronic A Prevent data alteration by only allowing authorized users to Protected Health Information access relevant programs Person or Entity Authentication R Transmission Security Integrity Controls A Encryption A Sanctuary Matching Technical Safeguards (164.312) • In total, SecureWave solutions contribute to the coverage of: • 55% of all Required Implementation Specifications (11/20) • 64% of all Addressable Implementation Specifications (14/22) • 60% of all Implementation Specifications together (25/42)
Need for Clear Policy • Know what executables are permissible • By whom, what version, what patch level
Need for Clear Policy • Know what actions are permissible • By whom and with which devices
Fixes your Clock? Or CLEANSyour Clock? No Signatures, No Trojans, No Spyware. EVER. Helpful Update Or Your PASSWORD on a Silver Plate? No Signatures, No Trojans, No Spyware. EVER. Malware Threat
Instant Messaging Or Instant OUTBREAK? No Signatures, No Trojans, No Spyware. EVER. Sample of Unauthorized Software
Great Gadget Or Massive Security Risk? Intelligent Device Management 2,500 songs Or Your entire customer database to go? Intelligent Device Management Legitimate or Dangerous Devices
Case Study – Sun Healthcare Sun Healthcare • Fortune 500 Organization • 60,000 employees • 104 long-term and post-acute care facilities • Approximately 10,220 beds in 13 states • Assisted living residences and hospitals in 34 states • Over 500 Pharmacies
Case Study Sun Healthcare • Opportunity Description • Initial interest was Device Control to satisfy HIPAA requirements. • Control information being sent to remote users. • Control internal assets. • Change in priorities • Sun was taken down for 3 days with an unknown Malicious Application
Case Study Sun Healthcare • Major Challenges • Sun was down for 3 days due an exploit of Active X in Feb 05. • Sun has 500 pharmacies that bill $ 100 to $ 1000 and hour • No help from MS, Symantec, CA, or Check Point • Sun averaged over 100 hot swaps of field PC’s a month • Cost $ 130,000 a month. • Sun is a Publicly Traded Company & under SOC’s they are required to account of all applications on all their PC & Server’s. • They had around 300 applications they thought they had but found out they were really had over 1200. • Threat of software updates being put on assets not owned by Sun. • Preventing data leakage and privacy issues • Thumb Drive found in parking lot with sensitive info.
Case Study Sun Healthcare • SecureWave Solution • Scanned a good known image pushed policy and stopped malwared apps from executing to memory. • Sun sent logged information to MS & Symantec • After purchasing Sanctuary & deploying to 25% of assets • Of that 25 % not one hot swap has been needed on those assets. • Hot swaps cost was reduced to $ 90k. • Sun now can enforce their software policy of all PC’s & Servers • PC performance was greatly improved • Bandwidth lost from apps like Weather Bug & Kazza retrieved. • All software updates being sent via encrypted thumb drives. • Only authorized personnel have access to removable media.
Customers • Over 1000 Customers including: • Sun Healthcare (8000 Seats) • University Heath Systems San Antonio (3800 Seats) • Blue Cross Blue Shield of AZ (3,500) • Lazard & Freres, Inc. (1,800 Seats) • Mercedes Benz, USA (3,500 Seats) • Goldman Sachs (20,000 seats) • Davis, Polk, and Wardwell, LLP (2,000 Seats) Confidential
SecureWave CorporatePositioning SecureWave®: Safeguarding Tomorrow™ Pure Security–100% focused on PC & Server security solutions Visionary – Solving tomorrow's threats. TODAY. Field Proven – ~1,000,000 licenses sold across over 1000+ enterprise customers. Leaders – Recognized by the market as an innovator and leader in the security market