1 / 27

Webinar Endpoint Security Beyond The Blacklist

Webinar Endpoint Security Beyond The Blacklist. Chenxi Wang, Ph.D., Vice President, Principal Analyst Chris Sherman, Researcher. July 18, 2012. Call in at 12:55 p.m. Eastern time. 2011 notable attacks.

mewald
Download Presentation

Webinar Endpoint Security Beyond The Blacklist

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WebinarEndpoint Security Beyond The Blacklist Chenxi Wang, Ph.D., Vice President, Principal AnalystChris Sherman, Researcher July 18, 2012. Call in at 12:55 p.m. Eastern time

  2. 2011 notable attacks Source: November 1, 2011, “Updated Q4 2011: The New Threat Landscape — Proceed With Caution” Forrester report

  3. Compromise a vulnerable endpoint. Use compromised endpoint to attack other machines behind the firewall. Compromise the domain controller. Masquerade as a privileged user to access source code management servers. Exfiltrate core IP. Attacks targeting your crown jewels . . . 1 5 4 2 3 Domain controller

  4. Business innovation doesn’t slow down because of attacks.

  5. BYOD is gaining momentum 56% • Already said yes to BYOD Base: 1,009 mobile technologies and services decision-makers at North American and European companies Source: Forrsights Workforce Employee Survey, Q4 2011

  6. This is the extended enterprise Endpoint security

  7. Endpoints are moving targets Employee-owned and unmanaged Company-owned and managed Partially managed

  8. This much is clear: managed and unmanaged devices will coexist for some time to come.

  9. Your challenges are twofold Managed endpoints Do a better job of endpoint protection. Unmanaged endpoints Protect your data and operations without owning the assets!

  10. Get your house in order (managed endpoints). Focus on data (unmanaged). Zero trust (unmanaged) Think thin, think cloud (unmanaged). Eye in the sky (combined) Five design principles

  11. Principle No. 1: Get your house in order Why a blacklist approach is not scalable 1.1 million new malware variants/day! Try taming that with a blacklist . . .

  12. For all the talk on APT . . . Principle No. 1: Get your house in order (cont.) 2% to 3% This is what you need to worry about. Zeus, SpyEye, etc.

  13. Every year, mass malware targets approximately . . . 15 vulnerabilities. Flash, Java, Adobe Reader, IE, Firefox, QuickTime, Opera

  14. Exercise application control. “Flash, Java, Adobe Reader, IE, Firefox, QuickTime, Opera” Limit Firefox, Opera, and QuickTime (use Chrome if you can). Enable data execution prevention whenever possible. Disable Java in web browsers. Deploy the Enhanced Mitigation Experience Toolkit. http://support.microsoft.com/kb/2458544 While you are at it: Eliminate superfluous applications from your environment. Get your house in order — reduce attack surface This completes 75% of the work.

  15. You need an intelligent patch management system. If you see a patch for Flash, Java, or Reader: Patch it, patch it as fast as you can. IE is a bit more complex. Consider this strategy: Browse the Net with Chrome. Keep IE for internal applications. Endpoint security products that sandbox code within browser is a plus! Get your house in order — manage your vulnerabilities

  16. Start with managing vulnerabilities. Understand which vulnerability matters. Patch it well, and patch it early. Reduce attack surface. Figure out which risky applications you don’t need, and eliminate them. Build a functional white list, and govern additions to this set. Build a good exception-handling workflow. Augment with antimalware. The focus should be on zero-days. Principle No. 1: Get your house in order (cont.) An effective endpoint security strategy must:

  17. Meanwhile: in the unmanaged world . . .

  18. Decouple data and threat protection from the infrastructure. Build security capabilities into the application. E.g., encryption in the application E.g., threat detection in the application Malware Fraud Jailbreak Principle No. 2: Focus on the data, not infrastructure Fortifying this Data Application

  19. Example: Build protection into the application (a large financial institution) Separate login (PIN code access) Geofencing App-level VPN Encryption Data containment

  20. Authorization to access service is always evaluated dynamically. Trust is never assumed. Authentication is always contextual. Location, environment, and malware detection . . . all factor into authentication/authorization. Trust is derived and verified, never assumed. Principle No. 3: zero trust

  21. If possible: Thin client Thin device Process centrally, present locally. Leverage on cloud delivery and scaling. Requires connection Server-side operational load Principle No. 4: Think thin, think cloud

  22. Monitors and controls data flows across logical security boundaries Requires data classification Increases situational awareness Provides intelligence to focus on the right things Principle No. 5: eye in the sky Unmanaged devices, infrastructure Managed devices

  23. The vendor landscape

  24. Vendor solutions are converging Symantec Lumension Sophos Trend Micro IBM/BigFix LANDesk F-Secure McAfee Kaspersky Security Management Asset mgmt. URL filtering DLP Power mgmt. Encryption

  25. Figure out your housecleaning strategy. Implement meaningful application control. Run a targeted patch program. Deploy recommended practices (DEP, EMET). Keep your eye on the data. Recommendations Short term

  26. Shift focus to unmanaged or lightly managed endpoints. Decouple protection from device and infrastructure. Toss your trust assumptions. Think thin, think cloud. Recommendations Long term

  27. Chenxi Wang, Ph.D.cwang@forrester.comTwitter: @chenxiwang Chris Sherman csherman@forrester.comTwitter: @ChrisShermanFR www.forrester.com Thank you Engage beyond the Webinar Community — http://forr.com/CommunitySR Blog — http://forr.com/BlogSR

More Related