ibm endpoint manager · expensive, difficult to implement and generally possessing capabilities...
TRANSCRIPT
IBM Endpoint ManagerFrancesco Censi – WW ATG IEM consultant
© 2012 IBM Corporation
Optimizing the World’s InfrastructureMoscow, Oct 24th, 2012
1
Endpoint complexity continues to increase
Endpoint device counts,
devices and platforms
Compliance requirements to establish, prove and maintain
continuous compliance
Speed, severity and complexity of malware
attacks
Patch O/S and application vulnerabilities with hours
Rapid, agile, automated remediation is needed
Mobile/roaming endpoints
New form factors and platforms
Employee-owned devices
Establish, prove and maintain continuous
compliance
2
IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent
• Common management agent
• Unified management console
• Common infrastructure
• Single server
Endpoints
IBM Endpoint Manager
Patch Management
Lifecycle Management
Software Use Analysis
Power Management
Mobile Devices
Security and Compliance
Core Protection
Desktop / laptop / server endpoint
Mobile Purpose specific
Systems Management Security Management
3
Single Server & Console• Highly secure, highly scalable• Aggregates data, analyzes & reports• Pushes out pre-defined/custom policies
Cloud-based Content Delivery• Highly extensible• Automatic, on-demand functionality
Single Intelligent Agent• Performs multiple functions• Continuous self-assessment & policy enforcement• Minimal system impact (< 2% CPU)
Lightweight, Robust Infrastructure• Use existing systems as Relays• Built-in redundancy • Support/secure roaming endpoints
How it Works
4
Patch Management
• IBM Cloud content delivery service (operating systems and 3rd party applications)
• Patch capabilities for multiple platforms: Windows, Mac OS X, Linux and UNIX
• Intelligent agent
• Reduction in patch and update times from weeks and days to hours and minutes
• Increase first‐pass success rates from 60‐75% to 95‐99+%
• Real‐time reporting
• Automated self‐assessment, no centralised or remote scanning required
Benefits:Services:
"We compressed our patch process from 6 weeks to 4 hours" "We consolidated eight tools/infrastructures to one" "We reduced our endpoint support issues by 78%" "We freed up tens of admins to work on higher value projects"
5
Overview of Patch Management
Start with the Patch Management domain
The patches dashboard provides a real-time view on Windows patches
requirement across your environment
See any New Content here
Application vendor patches
•Adobe Acrobat•Adobe Reader•Apple iTunes•Apple QuickTime•Adobe Flash Player•Adobe Shockwave Player•Mozilla Firefox•RealPlayer•Skype•Oracle Java Runtime Environment•WinAmp•WinZip
…and operating system patches
6
Lifecycle Management
• Asset Discovery
• Patch Management
• Inventory Management
• Software Distribution
• OS Deployment
• Remote Desktop Control
• Dramatically reduced patch cycles and increased first‐pass success rates
• Closed loop validation in real‐time
• Massive scalability and support for remote and intermittently connected devices
• Detection and resolution of corrupted patches
• Multi‐platform support (Unix, Linux, Windows, Mac OS X)
Benefits:Services:
Dramatically reduced patch cycles and
increased first-pass success rates
Multi-platform support (Unix, Linux, Windows,
Mac OS X)
7
• For Windows Servers and PCs
• Software Asset Discovery
• Software Use Metering
• Software Use Reporting
• Near real time software inventory
• Near real time software usage reporting
• Search, browse, and edit the Endpoint Manager software identification catalogue, which contains over 105,000 signatures out of the box
• Periodic catalogue updates are released regularly
• Easily customize the software identification catalogue to include tracking of home‐grown and proprietary applications
Benefits:Services:
Software Usage Analysis
Software publishers
5000+
Application signatures out of the box
105,000+
8
• Providing enterprise‐wide visibility (eg. device details, apps installed, device location)
• Ensuring data security and compliance
• Device configuration
• Support devices on the Apple iOS, Google Android, Nokia Symbian, Microsoft Windows Mobile and Microsoft Windows Phone platforms
• Address business and technology issues of security, complexity and bring your own device (BYOD) in mobile environments
• Manage enterprise and personal data separately with capabilities such as selective wipe
• Leverage a single infrastructure to manage all enterprise devices—smartphones, tablets, desktops, laptops and servers
Benefits:Services:
Apple iOSGoogle Android
“IBM's MDM capability is very complementary to that of PCs, and it is one of the few vendors in this Magic Quadrant that can support PCs and mobile devices”Gartner, MQ for Mobile Device Management Software, 2012
Mobile Device Management
Nokia Symbian Windows Phone
and Windows Mobile
9
Security & Management Challenges Potential unauthorized
access (lost, stolen) Disabled encryption Insecure devices
connecting to network Corporate data leakage
9
• Mail / Calendar / Contacts• Access (VPN / WiFi)• Apps (app store)• Enterprise Apps
iCloud
iCloud Sync
iTunes Sync
Encryption not enforced
End User
VPN / WiFi Corporate Network Access
Managing Mobile Devices – The Problem
10
iCloud
iCloud Sync
iTunes Sync
End User
VPN / WiFi Corporate Network Access
• Personal Mail / Calendar• Personal Apps
Corporate Profile• Enterprise Mail / Calendar• Enterprise Access (VPN/WiFi)• Enterprise Apps (App store or
Custom)
Secured by BigFix policy
Encryption Enabled
Endpoint Manager for Mobile Devices• Enable password policies• Enable device encryption• Disable iCloud sync• Access to corporate email,
apps, VPN, WiFi contingent on policy compliance!
• Selectively wipe corporate data if employee leaves company
• Fully wipe if lost or stolen
Managing Mobile Devices – The Solution
11
Apple iOSGoogle Android
IEM approach for Mobile Device Management
Nokia Symbian Windows Phone
and Windows Mobile
• Advanced management on iOS through Apple’s MDM APIs
• Advanced management on Android through a BigFix agent
• Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync)• iOS• Android• Windows Phone• Windows Mobile• Symbian
12
• Asset Discovery and Visibility
• Patch Management
• Security Configuration Management
• Vulnerability ManagementContinuous
enforcement of security policies,
regardless of network connection status
Host-based vulnerability
assessment withseverity scoring and a 99.9% accuracy rate
Define and assess client compliance to
securityconfiguration
baselines
SCAP certified for FDCC
Windows, UNIX, Linux, and Mac OS X
Security and Compliance
• Multi‐Vendor Endpoint Protection
• Network Self Quarantine
• Anti‐Malware & Web Reputation
13© 2011 IBM Corporation
Key SCM concepts
• It’s simple: checks, checklists, and computers.• Check = a fixlet that:
• Checks for a condition (relevant = true = fails the check (needs to be remediated))• Might allow a check parameter to be set (e.g. maximum password age)• Usually includes a remediation option (i.e. “take action”)• References an analysis property that returns the value(s) of the thing being checked.
Referred to as “measured values”• Checklist = a content site containing checks. (Aka “benchmark”, “policy”)• Computers contain check results data, analysis results, computer properties
14
Security and ComplianceClient Manager for Endpoint Protection
• Manages the “health” of a variety of endpoint protection products from McAfee, Symantec, Trend Micro, Sophos, Microsoft
• Deployment overview for endpoint protection products (service health, virus definition)
• Allows quick centralized virus definition update
15
• Prevents viruses, Trojans, worms, and other new malware
• Available for Windows and Mac
• Deep‐cleans malware with Trend Micro SysClean
• Catches and cleans spyware, rootkits and remnants completely
• Includes an enterprise client firewall for network safety
• Blocks users and applications from malicious web content
• Integrates Web Reputation and File Reputation services powered by the Trend Micro Smart Protection Network
• Add‐On: Data Loss Prevention and Advanced Device Control
Services:
Core Protection
Single Console
Cloud-basedProtection
Anti-virusAnti-malware
Personal Firewall
Data Protection
16
Data Loss Prevention
Protect privacy
Secure Intellectual
Property
Comply with regulations
• Limit removable devices by make/model/serial• Limit applications that can use devices• Control behaviour of removable media (USB drives)
• Real‐time content scanning of sensitive data • Protection of structured data• Multi‐channel monitoring and enforcement• Minimal incremental impact on client performance
Prevent Data Loss at the Endpoint
Place limits on user devices
“Best‐of‐breed content‐aware DLP solutions have a deserved reputation for being expensive, difficult to implement and generally possessing capabilities exceeding most companies‘ requirements. .. the majority of organizations (approximately 70%) may be able to deploy "good enough" DLP capabilities in evolving non‐E‐DLP solutions.”Gartner, MQ for Mobile Device Management Software, 2012
17
Multiple Methods for Protecting your Digital Assets
Patterns ‐ Regular Expressions( credit card, social insurance, account numbers)
Keywords – Lists of terms(confidential, internal, project/product names…)
File Attributes – File Name, File Size, File Type(threshold of acceptable use)
18
Data loss prevention: example
19
• For Windows and Mac OS X
• Comprehensive executive reports
• Client‐side dashboard option to create personalized reports
• Customize power consumption information to match corporate environments
• Scheduled wake‐on‐LAN to wake up endpoints
• Auto‐save open files before shutdown/restart
• Cost savings through reduction in energy usage and utility rebates where applicable
• Obtain max power savings while avoiding disruption to IT system management
• Project potential savings using “what‐if” scenario calculator
• Single tool to identify misconfiguration and automatic remediation
Benefits:Services:
Power Management
Reduce power costs
Centralize energy savings
policies
What-if scenarios
20
Power Consumption Summary Total Power Consumption for all devices is summarised on
this dashboard
Which includes your Total Current Power Usage (kWh, Cost and Green
House)
Potential savings are also identified
The breakdown of power usage for workdays and weekends is now
available
21
Summary
• IBM Endpoint Manager enables unified management of all enterprise devices – desktops, laptops, servers, smartphones, and tablets
• Real-time/proactive endpoint management: Patch management, anti-virus/malware, power management and device location information
• Continuous compliance reduces costs and risk• Power management • Management of assets
Спасибо!
23
Acknowledgements, disclaimers and trademarks© Copyright IBM Corporation 2012. All rights reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBMproducts and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services.
All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography.
IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml