how to improve endpoint security on a smb budget
TRANSCRIPT
Effective and Efficient Security on a SMB Budget
Part I – How to Improve SMB Endpoint Security
Today’s Speakers
Chris MerrittDirector of Solution MarketingLumension
Roger A. GrimesSecurity Consultant, Author and Columnist
2
Today’s Agenda
Today’s Threats
Defenses – and What Does & Does Not Work
Improving SMB Security
Q&A
Today’s Threats
Today’s Threats
General Categories
• Financially Motivated
» Bank Accts, Passwords, etc.
» Identity Theft
» Insiders
• Intellectual Property Theft
• Hacktivists
» IP / Customer data
» Denial of Service
» Reputational Damage
5
Today’s Threats
Financially Motivated Examples
• Fraudulent Payroll / Accounting Transfers
• Bank Info Stealing Trojans
• Fake Invoices
• Malicious Long Distance Service
• Extortion
6
Today’s Threats
IP Theft Examples
• Corporate Espionage
• Future Product Plans
• Trade Secrets
• Customer Lists
• Lawyer Case Files(sold to opposing counsel)
• RSA Attack
7
Today’s Threats
Hacktivist Examples
• Wikileaks
• Retaliation
• Distributed Denial of Service (DDOS) as a Protest
8
Typical SMB Defenses
Defense-in-Depth
Traditional Defenses …
• Antivirus
• Patching Microsoft OS and Apps
• Firewalls
• Strong Passwords
• End-User Education Programs
… Don’t Always Work:If They Did, We Wouldn’t HaveIT Security Breaches!
10
Defenses – What Does Not Work
Defenses
Where Traditional Defenses Fall Short
• Risk from Un-patched 3rd Party Apps
• Controlling Local Admins Gone Wild
• Preventing Zero-Day Attacks and Targeted Malware
• End-User Education Isn’t Keeping Up
• Actionable Reporting and Security Measurement
12
Why Antivirus Doesn’t Work
Swamped by the Deluge
• Can’t keep up with rising daily volume of malware
• Can’t defend against zero-day threats(on average, only 19% of new malware signatures are detected on day 1)
• Severely impacts endpoint performance
• 36% of SMBs rely on free AV
13
Hidden Costs of Antivirus
• Acquisition Costs» Licensing
(license cost, maintenance, support)» Installation
(HW / SW, roll-out, other)
• Operational Costs» System Managemenet» Incident Management
(help desk, escalation, re-imaging)» Lost Productivity
• Extraordinary Costs» Data Breach
Operational(60~80%)
Acquistion(20~40%)
14
Why Patching Microsoft Alone Doesn’t Work
Missing the Target
• Relying on “free” tools
• Go beyond Microsoft
» Most organizations take at least twice as long to patch 3rd party application vulnerabilities than they do to patch OS vulnerabilities
» 60% of users are running un-patched versions of Adobe
15
Hidden Costs of Free Patching
Why “Free” Can Cost You More
• Speed and Accuracy
» Time to deploy non-MSFT or custom application patches
» No CVE information
• Visibility and Compliance
» Lack of hardware and software inventory
» Limited reporting
16
Defenses
What Else Doesn’t Work
• Buying advanced tools, such as IDS, PKI, black-box solutions, while ignoring the basics
• Preventing attack methods instead of shoring up IT risk sources and focusing on preventing malware execution
17
Defenses
Better End-User Education
• Do your users know the company security policies and do they understand their importance?
• Do you show your users what your “real” AV detection screen looks like?
• Do they know that they are most likely to be infected from legitimate web sites, social media, USB keys, etc.?
18
Defenses – What Does Work
Defenses
What Does Work
• Focusing on the Basics
• Prioritize and Implement
» Using past history to determinethis year’s priorities
» Make a ranked list and begin
» Go for low hanging fruit first
• Using Strong Data to Convince Management
20
Focus on the Operational Basics
Assess Prioritize Remediate Repeat• Identify all IT assets (including platforms, operating systems, applications, network services)
• Monitor external sources for vulnerabilities, threats and intelligence regarding remediation
• Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations
• Maintain an inventory of IT assets
• Maintain a database of remediation intelligence
• Prioritize the order of remediation as a function of risk, compliance, audit and business value
• Model / stage / test remediation before deployment
• Deploy remediation (automated, or manually)
• Train administrators and end-users in vulnerability management best practices
• Scan to verify success of previous remediation
• Report for audit and compliance
• Continue to assess, prioritize and remediate
Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010
21
Defenses – What Does Work
Augment existing defense-in-depth tools
» Comprehensive Patch andConfiguration Management
» Application Control / Whitelisting
» Device Control
» Encryption
BlacklistingAs The Core
Zero Day
3rd Party Application
Risk
MalwareAs a
Service
Volume of Malware
Traditional Endpoint Security
22
Improving SMB Security
Minimize Your True Endpoint Risk
Source: John Pescatore Vice President, Gartner Fellow
30% Missing Patches
Areas of Risk at the Endpoint
65% Misconfigurations
5% Zero-Day
Rapid Patch and Configuration Management
•Analyze and deploy patches across all OS’s and apps (incl. 3rd party)
•Ensure all endpoints on the network are managed
•Benchmark and continuously enforce patch and configuration management processes
•Don’t forget about the browser!
» Un-patched browsers represent the highest risk for web-borne malware.
24
Known• Viruses• Worms• Trojans
Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware
Antivirus
• Use for malware clean-up and removal
Application control
• Much better defense to prevent unknown or unwanted apps from running
Stop Malware Payloads with App Whitelisting
Malware
Authorized•Operating Systems•Business Software
Unauthorized•Games•iTunes•Shareware•Unlicensed S/W
Apps
Un
-Tru
sted
25
Stop Unwanted Applications
Immediate and simple risk mitigation
Denied Application Policy prevents unwanted applications even if they are already installed
Easily remove unwanted applications
26
Reduce Local Administrator Risk
Monitor / Control Local Admin Usage
•Local Admins can do ANYTHING on their systems
» Install unwanted and unauthorized software
» Install malware
» Remove patches
» Bypass security measures
» Change configurations
27
Manage those Devices
28
Encryption
Endpoints (Whole Disk)•Secure all data on endpoint•Enforce secure pre-boot authentication w/ single sign-on
•Recover forgotten passwords and data quickly
•Automated deployment
Removable Devices•Secure all data on removable devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs)
•Centralized limits, enforcement, and visibility
Laptop Thefts (IDC 2010)Lost UFDs (Ponemon 2011)
29
Improving SMB Security
Problems
• Defense-In-Depth is not easy
• Hard to manage it all
• Different solutions don’t always work well together
• The more consoles you have to monitor, the less you’ll do it
• Unreviewed logs are useless
• It’s NOT compliance vs. security … both are necessary
30
Improving SMB Security
Solution – Security Suites
• Single Server / Management Console
• Single Agent
• Modular, Extensible Design
• Organization-wide Reporting
• Lower Total Cost of Ownership (TCO)
Single Console
Agile architecture
Single Promotable Agent
31
More Information
SMB Security Series» Resource Center:
http://www.lumension.com/smb-budget» Webcast Part 2:
http://www.lumension.com/Resources/Webinars/How-to-Reduce-Endpoint-Complexity-and-Costs.aspx
Quantify Your IT Risk with Free Scanners» http://www.lumension.com/special-offer/
PREMIUM-SECURITY-TOOLS.ASPX
Lumension® Endpoint Management and Security Suite» Demo:
http://www.lumension.com/endpoint-management-security-suite/demo.aspx
» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
SMB Market Survey
www.lumension.com/smb-survey
32
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com