11

Delivering Security with GFI MAX

Todd Haugland, Lead Sales EngineerGFI MAX US

22

Intro

Security is essential. Period

Try to lock down all levels of access

Multi layer approach for best protection

33

Why?

» Estimated cost of Cyber Crime and Cyber Espionage » $100 billion USD per year in US alone» $425 billion USD per year worldwide

» Advanced Persistent Threats (APT):» Coordinated cyber activities of criminals and state level entities» Objective of stealing information, compromising information

systems*» Criminal organizations monetise all aspects of illicit access» Foreign Intelligence Services gather Intellectual Property» APT tries to stay embedded for as long as possible» APT generally only resorts to destruction upon detection

* regular users are sometimes the most adept at this!

44

Why?

» At least 85% of the targeted cyber intrusions that Defence Signals Directorate (DSD) responds to could be prevented by following the Top 4 mitigation strategies listed in the Strategies to Mitigate Targeted Cyber Intrusions

Good News, it’s easy» Use application whitelisting to help prevent malicious

software and other unapproved programs from running» Patch applications such as PDF readers, Microsoft

Office, Java, Flash Player and web browsers» Patch operating system vulnerabilities» Minimise the number of users with administrative

privileges

55

The Good News

» “Managed Security Services Market” by Transparency Market Research

» $9 billion USD in 2012, could be worth $24 billion by 2019» Predicted market will expand at CAGR of 15.4% between 2013 and

2019

» Gartner» Security spending gets boost from mobile, social and cloud» Worldwide spending on information security will top $71 billion

USD this year• Almost 8% increase over 2013

» Data loss prevention segment recording the fastest growth at 18.9 percent

» In 2015, 10% of overall IT security capabilities will be delivered as a cloud service

» SMBs will become event more reliant on hosted security services

66

How?

Security at every level

» DEVICE (ACCESS CONTROL)

» OPERATING SYSTEM & PROGRAM – PATCHING & VULNERABILTIES

» VIRUS & MALWARE PROTECTION

» ONLINE SAFETY

» BACKUP

77

DEVICE security

88

Device Security

»Check access to machine□ Password security securing

access, strong passwords□ User awareness

> locking machines when not at desk > not having post its with passwords written

down

□ Can you account for every user?

□ Monitor failed login attempts □ User rights on PC

99

Operating System & Program Security

1010

OS & Program Security

»Close loopholes and potential code security flaws through effective installation of software patches and updates.

1111

OS & Program Security

»Critical updates for Windows Operating System and Microsoft Office□ Microsoft released 2445 bulletins in 2013 which were of low

importance or above to be considered for install on their OS or Programs

»Security patches for Internet Browsers, Internet Explorer, Google Chrome, Mozilla Firefox

»Plugins updated for Java Runtime, Adobe Flash, Adobe Acrobat Reader□ Adobe Acrobat updated from v 10.1.90 Jan 2013 to v11.0.06 Jan

2014 , 7 versions updates in 12 months in just one program

□ Java updated from v7 Update 11 to v7 Update 51 in same timeframe

1212

Virus and Malware

protection

1313

New malware over last 24 months!!

Data from AV Test institute which registers over 220,000 new malicious programs every day

1414

Virus and Malware protection

» Microsoft Security Essentials which became Windows Defender is integrated to offer some protection.

» Internet Security suite products can be bloated, slowing down machines

» Firewall inclusive products often cause more harm than good by blocking too many items, false positives

» Windows Firewall good … but not great.

» Network Firewall / UTM devices only work for LAN; sales / remote workers still able to access sites

1515

INTERNET ACCESS (ONLINE)

PROTECTION

1616

Internet Safety

» Internet Society online survey in 2012

□ Access to the Internet should be considered a basic human right.

> 83% somewhat or strongly agree> 14% somewhat or strongly disagree> 3% don't know

□ The Internet should be governed in some form to protect the community from harm.

> 82% somewhat or strongly agree> 15% somewhat or strongly disagree> 3% don't know / not applicable

□ When you are logged in to a service or application do you use privacy protections?

> 27% all the time> 36% most of the time> 29% sometimes> 9% never

1717

Multiple Layers = Multiple Problems???

1818

Multiple Layers, No problem!!!

1919

GFI MAX

Asset Tracking

Monitoring of devices / Failed login check

Patch Management

Managed AntiVirus

Web Protection

Managed Online Backup

Protect mail out in front!

2020

Asset Tracking

2121

Asset Tracking

» View Software details per device

» Run Modification Report to check on installed software since initial build

» Create Software License groups to blacklist known bad programs

2222

Pro-active Monitoring

2323

Monitoring Checks

»Failed Login Check

□ #1 customer request on ideas.gfi.com

□ More informative: Event IDs, failure reason, IP address, username

□ Respond quickly and decisively to security concerns

2424

Monitoring Checks

Event Log Checks Find the most prevalent issues automatically complete with research tool-access built in.

2525

Active Directory Users Report

2626

Pro-active Monitoring

2727

Automation

2828

Automated Maintenance and Tasks

» Integrated into the dashboard

»Deploy any type of script and execute

»Automated error and failure handling

2929

Automated Maintenance and Tasks

3030

Automated Maintenance and Tasks

3131

Patch Management

3232

Patch Management

• Replace other patch services • Uses GFI LANGuard 2012 Agent• Vulnerability Check runs daily• Lists missing patches and discovered vulnerabilities

• Alert or Report mode• Included in all Client Reports• Monthly lists all installed

• Set & Forget orManually approve and install

• Patch Overview Report for missing / installed patches

3333

Schedule ad-hoc installation of approved patches

» Implement patches immediately or schedule for 2 weeks down the road.

» Override the schedule or use as the schedule

• Replace other patch services • Windows and Third party

patches/updates• As manual or as automatic

as you want• Approve as needed• Schedule deployment for

later

3434

Update Release Cycle

» We aim to support Microsoft updates within hours of Patch Tuesday

» Out of band patches (Microsoft and non-Microsoft) within one working day

» LANGuard checks for updates between 1am and 5am GMT and around DSC

» Incremental differences for non-Microsoft update databases

» Download Microsoft update database direct from microsoft.com

» Patches are downloaded directly from vendors’ web-sites

» Patches are downloaded when they need to be installed

» Use Site Concentrator to cache patches once per site

» Switch off Windows Updates?

3535

Patch Approval Lifecycle

» ALL patches must be approved before they can be scheduled for installation□ Approval can be manual or automatic based on severity

» We only report updates as missing if they are required» We report all updates installed, even if we didn’t install them

□ If there is no install date/time listed, it was not installed by us

3636

More information

»Supported Microsoft Products□ http://www.gfi.com/lannetscan/msappfullreport.htm

»Supported Microsoft Patches□ http://www.gfi.com/lannetscan/msfullreport.htm

»Supported non-Microsoft Products□ http://kb.gfi.com/articles/SkyNet_Article/KBID003469

»Supported non-Microsoft Patches□ http://www.gfi.com/lannetscan/3pfullreport.htm

3737

Managed AntiVirus

3838

Managed AntiVirus

3939

Managed AntiVirus

» Deployed directly through Dashboard

» Automatically install if no A/V present

» Automatically remove other products

» Complete management with protection of end point device

» Policy based approach that can be applied from one to many devices

» Automatic Signature update if/when Daily Safety Check detects old defs

4040

Manage Quarantine

» Reports menu, Managed Antivirus, Quarantine Report

4141

Web protection

4242

Web Protect

» Web Security» Stop users from visiting malicious sites

» Web Filtering» Web browsing policies for the workplace

» Bandwidth Monitoring» Be alerted about excessive bandwidth

activity» Policy configuration» Reporting

4343

Web Security

• Divided by categories • Known sites that have the

potential to do actual harm to a computer> Malware> Spam URLs> Phishing> Etc.

4444

Web Filtering

Website access can be controlled based on the URLs categorisation

4545

» All websites are categorized. If in multiple categories, most restrictive wins

» Use schedules to allow access to social media etc. out of office hours

Web Filtering

4646

Web Protect

So how do the priorities work together?

Does Security trumpFiltering?White list

OverBlack?

4747

Web Protect

So how do the priorities work together?

Does Security trumpFiltering?White list

OverBlack?

4848

Bandwidth Monitoring

» Receive an alert when downloads exceed threshold

4949

Overview Report

» Weekly overview of Web Security, Filtering, and Bandwidth at client» Ratio of allowed to blocked requests» Top blocked categories» Top visited sites» Noisiest devices

» Monitor trends and spot exceptions

5050

Report Builder

» If overview report shows an increase in blocked requests to category or site» Show me requests to specific category or site from all devices at client

» If irregular activity is suspected» Show me all requests from specific device

5151

Web Protect

» Employing an internet usage policy for customers will need them to ensure they have made their employees aware.

» http://www.gfi.com/pages/sample-internet-usage-policy

» Data we do hold is kept securely, 2FA and dashboard logins only.

» Citizens Advice - Your employer can legally monitor your use of the phone, internet, e-mail or fax in the workplace if:

> the monitoring relates to the business> the equipment being monitored is provided partly or wholly for

work> your employer has made all reasonable efforts to inform you that

your communications will be monitored.

As long as your employer sticks to these rules, they don't need to get your consent before they monitor your

electronic communications

5252

Additional Protection

5353

Backup

• Software solution for backing up to Cloud

• Stand-alone distribution with central console

• Multi-platform

• RM flavor: Managed Online Backup

5454

Managed Online Backup

Managed Online Backup allows you to easily backup customers data

• Disk to Disk (via LocalSpeedVault) to Cloud (D2D2C)• True Delta technology ensures only changed file blocks are backed-up• All data encrypted with 128 bit AES encryption before sending

With Cryptolocker, it is likely that the only way to recover data is from a backup

5555

Mobile Device Management

Protect against business critical data being compromised via loss or theft of company or employee owned mobile device

• Set Passcode• Locate device• Lock device• Remote Wipe

5656

MailProtection

» BUILT-IN CONTINUITY» Ease of deployment and ease of use» Reliability via redundant systems in multiple

datacenters» Scalability» Little or no ongoing maintenance» No capital investment and no risk of

obsolescence» Immediate, no-risk trial» Integration –security, continuity, and archive » High margins for partners with built-in recurring

revenues

Email Security Email Continuity

5757

MailArchive

» BUILT-IN CONTINUITY» Ease of deployment and ease of use» Affordability – no startup costs; low price

point; per-mailbox activation» Immediate, no-risk trial» Flexible retention policies with archive» Locally-based technical support» Integrated solution encompasses

security, continuity, and archive -- all through a single interface

Email ContinuityEmail Archive

5858

Dashboard considerations

» Ensure all dashboard users have specific logon» Do not use the Primary Access Key to access Dashboard

» Restrict access via IP Address

» Two Factor Authentication

5959

are the last line of defense

or me!!

Remember

YOU

6060

Conferences.gfimax.com/app

Questions? Please come to the Sales Engineer Table!