Downloaded 28 times
Uploaded byLumension
It's Time to Rethink Your Endpoint Strategy
The document discusses the need to rethink traditional endpoint security strategies. It notes that the threat landscape has evolved, with intellectual property and sophisticated attacks becoming bigger risks. Traditional antivirus and threat-centric approaches are no longer sufficient. The document recommends implementing a trust-centric, defense-in-depth strategy with integrated technologies to reduce complexity. It emphasizes taking a holistic people, policy and technology approach to endpoint security.
More Related Content
Similar to It's Time to Rethink Your Endpoint Strategy
![Governance, Deployment & Methodologies for Agentic Automation [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day2-251112135038-a386476d-thumbnail.jpg?width=640&height=640&fit=bounds)
It's Time to Rethink Your Endpoint Strategy
- 1. RETHINKINGYour Endpoint SecurityStrategyPaul Henry | Security and Forensics Analyst
- 2. The Threat Landscapehas Evolved…
- 3. Shift in Informationthat is TargetedMarket for stolen data is saturatedThen - Stolen personally identifiable information sold on the black market for up to $15 per recordNow - Credit card data has dropped to about 20 cents per recordNew, more valuable target is now intellectual property (IP)Revenue-generating informationMuch larger impact and value – organization versus individuals3
- 4. Data Breaches ImpactYour Bottom Line4
- 5. No Longer aMicrosoft WorldThen-Priority on patching servers and Windows O/S
- 6. Now-PC and 3rdparty apps are the biggest source of enterprise risk5
- 7. Continued Increase ofCyber CrimeRise in malicious attacksRoot cause of 31% of the data breaches studied (up from 24% YoY)*Cyber attacks impact business97% of respondents consider cyber attacks as the most severe threat to their ability to carry out their missionsHarder to detect and more difficult to contain and remediateFinancially motivated cyber criminals* Ponemon Institute, Annual Cost of Data Breach 20116
- 8. Rising Cyber Terrorism…Impact of WikiLeaks7
- 9. The Reality ofAdvanced Persistent ThreatsMore Sophisticated Threats Leveraging Multiple Attack VectorsZero-day and third party application vulnerabilities
- 10. Physical access throughdata ports
- 11. Web-based attacks throughthe browserThe Rise of APTs… Highly targeted, constantly evolving, custom-developed malware
- 12.
- 13.
- 14.
- 15.
- 16. Trusted Insiders Openthe Door to RiskNegligence remains the most common threat - and an increasingly expensive oneNegligence is root cause of 41% of the data breaches studied – the #1 cause*
- 17. Social media opensthe door to even more risk of social engineering
- 18. The applications weuse for productivity open networks and information to risk
- 19. Removable devices provideeasy access, data mobility and… risk if not managed* Ponemon Institute, Annual Cost of Data Breach 201110
- 20. Security Status Quois No Longer Effective
- 21. The New EndpointRealitySecurity Best Practices Still Not Universally FollowedPatch and configuration management
- 22.
- 23. User rights managementIneffectivenessof Anti-VirusIncreasing malware sophistication
- 24. Only19% of newmalware is detected on first day
- 25. 50% of ITprofessionals point to malware as the leading cause of rising endpoint TCO12
- 26. Traditional Endpoint SecurityStrategyTraditional “Threat Centric” Endpoint SecurityIs No Longer Relevant “Basic security protection is not good enough.” Rowan Trollope SVPBlacklistingAs The Core Endpoint ProtectionVolume of Malware“You can’t just rely on antivirus software – and we’re an antivirus company.” George Kurtz Worldwide CTOZero DayMalwareAs a Service3rd Party Application Risk13
- 27. Challenges of EndpointManagementIT OperationsIT SecurityLack of integration across technologies is the#1 IT security risk*ChallengesChallengesLack of common management console
- 28.
- 29. Increasing and costlyback-end Integration
- 30. Lack of visibilityand collaboration with IT security
- 31. Need for betteraccuracy
- 32. User access rights(Local Admin)
- 33.
- 34. Silos and insufficientcollaboration between IT and business operations* *Worldwide State of The Endpoint Report 200914
- 35. What’s the Impactto Your Business?
- 36. Complex IT Environmentis Costly to ManageMultiple Consoles3-6 different consoles on averageAgent BloatIncreasing malware sophisticationLack of Control54% of IT security pros cite managing security complexity as #1 challenge
- 37. Decreasing visibility –disparate data
- 38. Ad-hoc monitoring ofsecurity postureIncreasing TCO of Point TechnologiesIntegration and maintenanceLumension Global State of The Worldwide Endpoint 200916
- 39. Lack of Enterprise-WideVisibilityManagement and visibility in silos hurts effectiveness and efficiencyWhat endpoints are online/offline?
- 40. What apps arebeing used?
- 41. What devices arebeing used?
- 42. What user actionsare concerning?
- 43. How is databeing used?17
- 44. Increased Complexity &Risk. Increasing CostMalware SignaturesIncreasing MalwareFractured VisibilityComplex TechnologyEndpoint TCOCurrent Endpoint Security Effectiveness2007: 250K MonthlyMalware Signatures Identified2011: 2M Monthly Malware Signatures Identified18
- 45.
- 46. Shift to aNew Endpoint Security Approach
- 47. Key Strategies…to improveendpoint security and reduce complexityRethink Endpoint Security from the Outside InShift from “Threat-Centric” to “Trust-Centric” ApproachImplement Defense-in-Depth StrategyReduce Complexity through Integration and StandardizationPeople, Policy and Technology Must All Play a Role in Your Strategy21
- 48. Strategy 1: RethinkEndpoint SecurityData has effectively moved away from the data- center to a borderless endpoint Cloud-based ComputingRemote Offices & SubsidiariesMobile EndpointsWANInternetStart to view your IT security requirements from the outside-in and not the inside-outCorporate HQData Center22
- 49. Strategy 2: Shiftto Trust-Centric SecurityTHREATCENTRICTRUSTCENTRIC
- 50. Strategy 3: ImplementDefense-in-Depth24Traditional Endpoint SecurityDefense-in-DepthAntiVirusDevice ControlDevice ControlApplication ControlApplication ControlBlacklistingAs The CorePatch & ConfigurationMgmt.Volume of MalwareZero Day3rd Party Application RiskMalwareAs a Service
- 51. Strategy 4: ReduceEndpoint ComplexityEffective but not EfficientEffective AND EfficientMany ConsolesIT ControlMade SimpleAgile platform architecture
- 52. Reduced integration andmaintenance costs
- 53.
- 54. Holistic endpoint visibilitySingleConsoleAgile architectureDisparate ArchitectureSingle Promotable AgentManyAgents25
- 55. All three aredependent on each other for effective and operational endpoint security.Strategy 5: People, Policy and Technology26policytechnologypeople
- 56.
- 57. Shift to NewEndpoint Management Approach28Threat centric Point products Multiple consolesMultiple agentsAd hoc processesReactive signaturesAd hoc auditingComplianceTrust centric
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64. IT Risk managementLumension:Leading the IT Security ShiftMarket LeaderAgile Platform ArchitectureBest-of-Breed FunctionalityGlobal FootprintStrong Customer and Partner EcosystemDeloitte 500 & Inc. Magazine 500 Fast Growth Leader29
- 65. Q&AFor more informationcome visit us at Booth #19 during these show hours:Tuesday, June 2111:45 a.m. – 1:45 p.m.Wednesday, June 22 12:00 p.m. – 1:30 p.m.
- 66. Global Headquarters8660 EastHartford DriveSuite 300Scottsdale, AZ [email protected]
Editor's Notes
- #5 $7.2 million per breach$214 per record
- #6 Vulnerabilities affecting a typical end-user PC from 2007-2009 almost doubled from 220 to 420 and its expected to double again in 2010 (Secunia Half Year Report 2010)A PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. (Secunia Half Year Report 2010)Discover: Gain complete visibility of all IT assets, both managed and unmanaged.Assess: Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.Prioritize: Focus on your most critical security risks first.Remediate: Automatically deploy patches to an entire network per defined policy to support all OS’s and applications.Report: Provide operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
- #13 Stuxnet changed the risk landscapeMulti vector attack routesPhysical entry via USB port4 zero day vulnerabilities exploitedFrom espionage to sabotage50% of IT professionals cite endpoint complexity as #1 risk factor3-5 Consoles used in the day to day management of IT Operations and Security workflows, and 3-6 agents per endpointMalware has increased by 500% and major AV firms are falling behind on documenting known signatures.11M malware signatures identified monthlyNearly 90% of vulnerabilities could be exploited remotely 2.19 new vulnerabilities are released per day. 3Average cost of a data breach $6.75M. 470% of all serious data incidents sparked by an insider. 5
- #14 Core security defense is still blacklistingPatch is someone else’s issue (IT ops)
- #15 49% of endpoint TCO is associated with security and operational management** Complex system managementDecreased endpoint performance and lack of scalability-Agent BloatCostly integration, and maintenance Limited visibility and collaboration
- #19 The First 6 months of 2010 was the most active malware creation in history: Over 10Million samplesMore than 1.5M malware samples are identified each month.57,000 new malware websites are created every weekObfuscationVirus Trojan-USB MediaDedicated WebsiteSemi Legitimate Web PagesTargeted-Intellectual PropertyOn average AV vendors detect less than 19% of malware attacks*
- #22 Key strategies to improve endpoint security and reduce complexity in the new threat environment.1. Rethink Endpoint Security – to address from the outside in as opposed to inside out. What does this mean? Instead of focusing solely on the datacenter, endpoints, mobile devices, third party apps and users have become the vulnerability points to get at sensitive information.2. Shift from threat based approach to one based on trust. Balances the old axiom of more security equals less productivity to “who do I need to empower and at what level of trust?”3. Depth in defense – no holy grail. No single one technology can address risk.4. Reduce complexity through integration and standardization – that’s the value of the LEMSS platform.5. People, policy and technology all must play into your security strategy. Policy without technology is useless. People without process is chaos. Technology that doesn’t support people is not operational/functional.
- #24 On top of defense-in-depth, time to shift from threat-centric approach to one based on trust….
- #25 Defense in Depth StrategyAddress the core IT Risk with Patch & Configuration ManagementStop unwanted / untrusted change with Application ControlProtect against insider risk Device ControlDeploy a broad defensive perimeter with AntiVirusReduce endpoint complexity with an Endpoint Management and Security Suite
- #30 I have given you sense of the shifts taking place in the endpoint environmenthow we need to change our approach to endpoint management and security what Lumension vision is and the steps we are already taking