dell client solutions security portfolio · dell client solutions security portfolio comprehensive,...

Dell Client Solutions Security PortfolioComprehensive, easy-to-manage solutions for protecting your data wherever it goes

2 Dell - Restricted - Confidential

Ransomware 2017 Statistics

1) Now over a 1 Billion dollar a year business!

1) Consumers will be attacked every 20 seconds

2) Organizations will be attacked every 40 seconds

2) Phishing emails have become the number one delivery vehicle.

3) Ransomware variants grew 11x last year.

4) Once attacked, the majority of organizations are infected (71%).

5) Backups are often slow to restore and sometimes do not have all of the data.

6) Encryption was just the beginning

1) Threaten to release captured data.

2) Steal victim info and credentials.


City & County Ransomware Attacks

• Licking County in Ohio goes back to paper-and-pen after Ransomware attack:

– https://www.tripwire.com/state-of-security/latest-security-news/county-shut-system-following-ransomware-attack/

• City of Atlanta: Veeam Backups Attacked. https://www.wsbtv.com/news/local/atlanta/ransomware-attack-cost-city-27-million-records-show/730813530.

• CT Judicial: Court proceedings affected. http://www.courant.com/breaking-news/hc-courts-judicial-ransomware-attack-0310-story.html.

• San Francisco Public Transportation System opened all of their turnstiles for a weekend because of Ransomware:– http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#489f5a8954dd

https://www.tripwire.com/state-of-security/latest-security-news/county-shut-system-following-ransomware-attack/

https://www.wsbtv.com/news/local/atlanta/ransomware-attack-cost-city-27-million-records-show/730813530

http://www.courant.com/breaking-news/hc-courts-judicial-ransomware-attack-0310-story.html

http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#489f5a8954dd


School Ransomware Attacks

• Rhinebeck Central School District, NY took 9 hours to recover a server from a Ransomware attack.

• http://www.dailyfreeman.com/general-news/20160615/rhinebeck-school-district-computer-system-attacked-by-ransomware

• Riverdale, NJ email and website held hostage.

• http://archive.northjersey.com/news/education/ransomware-takes-school-data-hostage-1.1534163

• Big Fork, Montana unable to access student records

• http://www.washingtontimes.com/news/2016/nov/24/ransomware-attack-on-bigfork-schools-fix-in-works/

• Senator Charles Schumer asks for Federal assistance to prevent future ransomware attacks:

• https://www.schumer.senate.gov/newsroom/press-releases/schumer-reveals-russian-hackers-zeroing-in-on-upstate-ny-forcing-small-governments-to-pay-big-bills-to-remove-ransomware-that-can-breach-municipal-computer-systems-upstate-towns-and-villages-are-easy-prey-for-hack-attack-that-ends-up-costing-local-taxpayers-and-could-jeopardize-personal-info-senator-urges-feds-to-give-local-governments-the-tools-to-fight-back

http://www.dailyfreeman.com/general-news/20160615/rhinebeck-school-district-computer-system-attacked-by-ransomware

http://archive.northjersey.com/news/education/ransomware-takes-school-data-hostage-1.1534163

http://www.washingtontimes.com/news/2016/nov/24/ransomware-attack-on-bigfork-schools-fix-in-works/

Dell - Restricted - Confidential5

Endpoint Security Suite Enterprise advanced threat prevention

Commodity threats Zero-day & advanced threats

99%

0%

100%

50%

Leading Anti-Virus

Endpoint Security Suite Enterprise (powered by Cylance)

Average effectiveness against Malware

Signature-based anti-virus and anti-malware solutions are increasingly ineffective against Zero-Day threats, advanced persistent threats, targeted

attacks, and even commodity malware


How are you balancing end user expectations with the need to protect data?

End user demands Data protection

7

THE DELL ENDPOINT DATA SECURITY & MANAGEMENT PORTFOLIO

▪ Dell Encryption

▪ Mozy Pro

▪ Mozy Enterprise

Data Threat Identity Management

▪ Dell Threat

Defense (Cylance)

▪ RSA NetWitness

Endpoint

▪ Dell Security Tools

▪ RSA SecurID

Access

▪ Dell Command

▪ AirWatch Green

▪ AirWatch Blue

▪ AirWatch Express

Dell DP | Endpoint Security Suite Enterprise

8

IN THE GARTNER ADAPTIVE SECURITY ARCHITECTURE

EPP AND EDR OCCUPY DIFFERENT QUADRANTS

NetWitness® Endpoint

Cylance PROTECT


The future of security

Past

AI

Present Future

AV SANDBOXING ISOLATION

z

HIPS / ANTI-EXPLOITATION

Endpoint Detection &

Response

Pre-ExecutionHumans Needed

Post-ExecutionPre-ExecutionNo Humans


EDR/HIPS – Find it faster


Sandboxing

12

Proactively identify threats without signatures

Algorithmic Science

• Machine Learning

• Cluster & Classify

Confidence Scoring

Threat Indicators

• Anomalies

• Collection

• Data Loss

• Deception

• Destruction

2018 SVM

99+%

security

WannaCry

-19Mo.

Petya-Like

-20Mo.

GlassRAT

-18Mo.

effectiveness

GoldenEye

-13Mo.

Remsec

-18Mo.

zCryptor

-7Mo.

Shamoon2

-17Mo.

Satan

-18Mo.


Dell ESS Advanced Threat Protection

• 99% Efficacy

• No signature file updates required– Doesn’t require Patient 0.

– Prevents malware/viruses from ever being able to run

• Works when the PC is not connected to the Internet– Protection at your most vulnerable point.

• PCI and HIPAA Certified


Detect and stop malware attacks that target the PCs BIOS

• BIOS is an extremely high impact compromise - attacking the root of trust for the PC and thus are very persistent

• Anti-malware solutions cannot scan this low-level PC function making an exploit nearly invisible at this layer

• Dell BIOS verification directly addresses the gap in other anti-malware solutions, with Dell’s latest generation of PCs and is enabled with ESS Enterprise.

• Verification is off-host, in other words verification occurs in a secure cloud location and tests the PC BIOS measurement against the point of origin – the Dell BIOS labs measurement official measurements.

• This unique to Dell protection is enabled and managed with Endpoint Security Suites Enterprise advanced threat protection policies

• BIOS verification places Dell ahead of the competition: HP Sure Start verifies on the potentially compromised PC, and does not provide reporting to the IT dept. of a potential issue. Lenovo does not have a solution

• Does not perform validation check on other Dell platforms, non Dell or custom BIOS

Presented in Endpoint Details page

Dell exclusive BIOS verification


A Better Encryption Experience.

Centralized, remote management &

compliance

Reduce deployment time with pre-installed

encryption, available when purchased on Dell

commercial PCs

Deploy 5X faster than traditional

encryption solutions, saving >3 hours per PC

Single source for simplified purchase and

support experience

Remotely manageall encryption from a

single console, even for non-Dell devices

Strong encryptionwon’t interfere with existing IT processes,

such as patch management

Save time with a single remote management console, easy deployment and seamless integration into your IT environment

Available on Dell and non-Dell platforms


File level encryption that protects data no-matter where is goes…

…and IT maintains encryption keys and control

Dell Data Protection | Encryption

A simple, comprehensive, flexible way to protect data from device to the cloud on Dell and non-Dell devices

Corporate issue PC

Personal tablet

BYOD Smartphone

USB & other removable

media

Public Cloud

Company data

File level encryption


Dell Data Protection | Encryption Portfolio

External Media Edition Encryption for SD, CD/DVD, USB & other removable media plus port controls and blocking

BitLocker ManagerEasily manage Microsoft BitLocker™ for comprehensive enterprise-wide protection, auditing and compliance

Rights ManagementEncryption follows the file wherever it goes. You control who has access to information.

Hardware- and software-based encryption

Protect data wherever it goes

Centralized management & compliance for heterogeneous environments

Personal Edition Locally managed software encryption for all local drives and External Media

Enterprise Edition Centrally managed software encryption for all local drives and External Media

Advanced ThreatProtection99% EfficacyNo signature files

Self-Encrypting Drive (SED)Fully integrated compliance & management of SEDs with your other encryption

End User Computing Product Group

Protected Endpoint DevicesEnterprise Server

Active Directory

SQL Database

Existing Infrastructure

Internet

DELL Data Protection deployed

+ Leverages existing infrastructure for seamless integration

+ Device detection and enforced provisioning across all connections

Protected Endpoint Devices

Central Admin Console

INTERNAL NETWORK DMZ

FIR

EWA

LL

Policy Proxy

REMOTE NETWORK

FIR

EWA

LL


+ Local policy enforcement ensures data protection travels with the device at all times

+ Scalable, single point of management and control for all platforms

20© Copyright 2016 EMC Corporation. All rights reserved.

Persistence, Device Discovery, Geofencing

Dell Data Guardian

Endpoint Backup & Recovery

Multi-Factor Authentication & Endpoint Detect & Response

Endpoint Advanced Threat & Malware Prevention

Data Protection Encryption

ESSE Suite

Dell EMC’s “Security Onion”“We make the bad guys cry with our multi-layered security portfolio!”

• $2.2M patient records resulting from stolen laptop


Lost or Stolen Laptops


What Data is on the Laptop?

- Is it sensitive information?

- PII

- PCI

- PHI

- Company IP

- Is it Encrypted?

- Is it Backed Up?

- Did the user save it to a network share?

- How quickly can you re-provision the laptop?


Is it Sensitive Data?

• Absolute DDS

– 1) Remote Wipe/Asset Recovery

– BIOS level

– Geo-locate the device

– Brick the device

– Work with local law enforcement to recover

– 2) Data Discovery

– Identify PCI, PHI, PII and other sensitive data.

– Alert the organization to the risks of losing the data and the potential costs

– 3) Self-Healing

– Define critical applications that need to be on the device

– SCCM agent, Antivirus, Encryption, etc.


ENDPOINT RECOVERY SOLUTIONSMOZY PROVIDES BACKUP TO A NON EXECUTABLE ENVIRONMENT, ISOLATED OFF-PREMISE WITH POINT IN TIME RECOVERY OPTIONS

Non Executable Data Store

Data Stores are:

Non readable

Non Executable

Immutable Copy

Roll back to a point in time

User & Admin Based restore options

Point in Time

Isolated

Backups are not accessible without authentication

No Third Party Access

Protect

Isolated Off-Premise


Enhanced Licenses Options

ENTERPRISE

• Base Functionality +

• For Large, Diverse User

Base (15 Replicas)

• SSO Portal Use for Saas

and Web Integrations

• Hardware, Software,

On-Demand & Risk

Based Authenticators

Perpetual Licenses + Tokens

PREMIUM

• Hybrid Deployment (On

Prem + Cloud)

• Secure Legacy, Web

and Saas Applications

• Provide Context Driven

Policies for Identity

Assurance

• All Authentication

Methods

Subscription Model


HU

ND

RED

S O

F A

PP

LIC

ATIO

NS

ON

-PR

EM

AN

D IN

TH

E C

LOU

D

Access Manager

Cloud

On-Premises

Who can access?

What can they access?

Where can they access?

SEC

UR

E A

CC

ESS C

ON

TR

OL W

ITH

CO

NV

EN

IEN

T S

ING

LE S

IGN

-ON

Convenient Single Sign-On

Secure Access Control

SAML / WS-FED

Password

Vaulting

Reverse Proxy

IWA

Any User, Anywhere, Any Device


A Hybrid Approach

• A secure approach to

supporting all

applications

• Sensitive user & org

information remains

on-premises

• Active Directory

passwords are

NEVER sent to cloud

• Dedicated runtime

not shared with

other tenants

Identity Router

SecurID Access


Identity Assurance

RoleNetwork

Session

Device

App

Desktop or Mobile

(Web Browser)

PASS


Identity Assurance Workflow

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiwofC0ocfTAhUB8IMKHe1FCHEQjRwIBw&url=http://complytec.com/products/rsa-securid-access/&psig=AFQjCNGR2RUA4ig6sHfEhM7ck0_dl-cHPA&ust=1493472531047742


https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjAwYi618TTAhVL1oMKHVeJACIQjRwIBw&url=https://itunes.apple.com/us/app/rsa-securid-authenticate/id986524970?mt%3D8&psig=AFQjCNGp6-dIKnOYrVVM2JV69wLW594YvQ&ust=1493384094358988


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjb3Z35oMfTAhUJ6YMKHcaAAqsQjRwIBw&url=http://www.rsaapj.com/via-access/&psig=AFQjCNGR2RUA4ig6sHfEhM7ck0_dl-cHPA&ust=1493472531047742


• Schedule a Dell Security Consultation– Discuss your current environment

– Identify potential gaps

– Create a plan to address

TAKING THE NEXT STEP


Protected Endpoint DevicesEnterprise Server

Active Directory

SQL Database

Existing Infrastructure

Internet

DELL Data Protection deployed

+ Leverages existing infrastructure for seamless integration

+ Device detection and enforced provisioning across all connections


Central Admin Console

INTERNAL NETWORK DMZ

FIR

EWA

LL

Policy Proxy

REMOTE NETWORK

FIR

EWA

LL


+ Local policy enforcement ensures data protection travels with the device at all times

+ Scalable, single point of management and control for all platforms


Security Coverage

Confidential36 6/11/2018

99% 1%Prevention Detection


% w

here

“d

ays

or

less

”

Time to Discovery

Time to Compromise

Breaches Still Occur. What’s Happening?

Time to compromise is

decreasing• Majority of attacks

(>92%) succeed within

minutes

• Data exfiltration occurs

within days (>98%)

Source: 2016 Verizon Data Breach Investigation Report

• Time to detect attacks is

improving

• But not nearly enough

to keep pace with

attackers’ time to

compromise


Why RSA NetWitness Endpoint?

Detect by threat behavior

rather than by signature

Rapid Response Enabled

by Full Scope Visibility

Intelligent Risk-Level

Scoring System

More rapidly expose

new, unknown, and

non-malware threats on

endpoints

Eliminate white noise;

prioritize threats more

efficiently & accurately

Provide all data needed

to confirm threats and

quickly take action

73RISK

!

!

!

!

!!

!

!

! !

!

!


Accelerating Detection, Analysis, and Response

On Corporate

Network

Off Corporate

Network

DETECTIONLightweight kernel-level

agent for continuous

endpoint monitoring

• Live Memory Analysis

• Non-Malware Attacks &

PowerShell Attacks

• Suspicious Events

• Process Inventory & Tracking

• Machine Network Data

• Machine Physical Data

• Machine Security

Configuration, OS & Status

• Registry and MFT

ANALYSISPowerful server-side

multilayered analysis for

real-time threat detection

• Behavioral analysis detects

threat behavior & user-initiated

suspicious events

• Ingests threat intel from RSA

Experts, NW Endpoint

Community, and 3rd parties

• Reputation: Whitelisting &

Blacklisting

• Customizable YARA Engine

• Easily scalable, with up to 50K

agents per server

87Risk

RESPONSEQuickly understand root cause

& full scope to better respond

• Immediate Threat Blocking and

Quarantining

• Isolate with Machine Containment

• Send hash to Sandboxing, Google,

VirusTotal, and other resources

• Pivot to RSA NetWitness® Logs &

Packets

• Integrate with RSA NetWitness®

SecOps Manager and other systems


Rapidly and Accurately Analyze ALL Threats

IP/Domain Information & Geo

Threat Intelligence + RSA Community

YARA Rules Engine

Blacklisting (Multi-A / V )

File / App Whitelisting & Reputation

“Gold Image” Baselining

Certificate Validation

Live Memory Analysis

Direct Physical Disk Inspection

User-Initiated Suspicious Behavior

Endpoint/Module Behavior Analytics

73

85

99

21

87

RSA NetWitness Endpoint combines multiple detection methodologies to

detect both KNOWN and UNKNOWN threats faster and more accurately.

dell client solutions security portfolio · dell client solutions security portfolio comprehensive,...

Documents