Developing Best Practices for Application Whitelisting

An In-Depth Technical Webcast

Today’s Agenda

Introduction

Augment Your Defenses to Mitigate Zero-Days,with Lessons Learned from the Field• Laying the Groundwork• Creating Policies• Protecting Endpoints• Managing the Environment

Q & A

Today’s Panelists

3

David MurraySr. Product ManagerLumension

Douglas WallsChief Information OfficerEMSolutions, Inc.

4

Why Application Whitelisting Is Important

AVDevice Control

Application Control

Patch & Configuration Management

5%

Zero-Days30%

Missing Patches

65%

Misconfigurations

Sources of Endpoint RiskToday’s Endpoint Security Stack

AVERAGE detection rate after 30 days = 62%

5

Benefits of a Solid Whitelisting Process

Malware Costs Money Controlled Change is Good

© Creative Commons / Kevin Dooley

6

Application Whitelisting Best Practices

Laying the Groundwork

ProtectingEndpoints

CreatingPolicies

Managing the Environment

ApplicationWhitelisting

Process

Laying the Groundwork

Clean

8

Groundwork | Policies | Lockdown | Management

Avoid End User Disruption• No need to reimage

• Off-hours, thorough scan to remove known malware

Scan

9

Groundwork | Policies | Lockdown | Management

Organize

10

Groundwork | Policies | Lockdown | Management

Denied Apps

11

Groundwork | Policies | Lockdown | Management

Eliminate unknown or unwanted applications on your endpoints

Prevent applications from executing even while endpoints are in monitor mode only

Admin Console View

User Endpoint View

Creating Policies

Trusted Updater

13

Groundwork | Policies | Lockdown | Management

Automated whitelist maintenance reduces workload

Trusted Publisher

14

Groundwork | Policies | Lockdown | Management

Automated whitelist maintenance reduces workload

Trusted Path

15

Groundwork | Policies | Lockdown | Management

Automated whitelist maintenance reduces workload

Monitor

16

Groundwork | Policies | Lockdown | Management

Stabilize Whitelist Maintenance• Full visibility into unaccounted for

changes (good and bad)

• Accommodate variations

• Reduce maintenance workload

Local Authorization

17

Groundwork | Policies | Lockdown | Management

Admin Console View

User Endpoint View

Effectively Balance Security and Productivity• End user flexibility

• “Third Way” between Monitor and Lockdown

Protecting Endpoints

Enforce

19

Groundwork | Policies | Lockdown | Management

Easy Transition• Minimize disruption

• Provide flexibility

• Minimize workload

Fine-Tune

20

Groundwork | Policies | Lockdown | Management

Think Globally, Act Locally

• Harmonize where appropriate

• Anticipate future needs

Managing the Environment

Control

22

Groundwork | Policies | Lockdown | Management

Is this aKnown Good?

Should my users have this?

Is this Unwanted?

Who wrote this?

Is this aKnown Bad?

Where did this come from?

What is trying to install this?

Adapt

23

Groundwork | Policies | Lockdown | Management

© Creative Commons / Bruce Tuten

Develop processes• Changes in environment• Changes in end user needs• Changes in business needs

Create flexibility to balance security with productivity across entire organization

Q & A

More Information

• Free Security Scanner Tools» Application Scanner – discover all the apps

being used in your network» Vulnerability Scanner – discover all OS and

application vulnerabilities on your network » Device Scanner – discover all the devices

being used in your network

http://www.lumension.com/Resources/Security-Tools.aspx

• Lumension® Intelligent Whitelisting™» Online Demo Video:

http://www.lumension.com/Resources/Demo-Center/Endpoint-Security.aspx

» Free Trial (virtual or download):http://www.lumension.com/intelligent-whitelisting/free-trial.aspx

• Get a Quote (and more)http://www.lumension.com/intelligent-whitelisting/buy-now.aspx#7

25

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com

http://blog.lumension.com