Transcript Slide 1

Lumension: Because Hope is no Strategy
Andreas Müller
Regional Sales Manager D/A/CH
Press Highlights
Conficker hits Kärnten Government!
3000 Clients down!
Datatheft at German Telekom: 17.000.000 Data of
Customers lost!
About 1.000.000 version of new Malware in 2008!
Cybercrime cost $1 Trillion in 2008
1
Endpoints are the Weakest Link
Skript-Kiddies changed to business man
2
Endpoints are the Weakest Link
3
What Sources of Endpoint Risk do Threats Target?
Attacks Exploit
Risks at the Core
5% Zero-day
30%
Missing Patches
65% MisConfigurations
Source: John Pescatore Vice President, Gartner Fellow
4
The CORE / Sources of Risk
Traditional, Reactive Security Approaches
Security Add-on Solutions
Desktop
Firewall
Anti-Virus
Spyware
IPS
Heuristics
The CORE / Sources of Risk
Application
Blacklist
X
EXTERNAL THREATS
X
X
X
X
X
5
Endpoints are the Weakest Link
The weakest Point in IT:
The
6
User
Proactive, Operational Approach
Internal Threats: Enforce Application & Device Use Policies
Authorize Software Use
Eliminate Data Leakage
7
Endpoints are the Weakest Link
How has the Security Landscape Changed and What is the Impact?
• Increasing number of vulnerabilities for all platforms and applications
• Endpoints are targeted by internal and external threats
• Attacks from “well funded adversaries” target endpoints
• Data protection is a major challenge and cost
• Traditional and reactive security approaches are ineffective
• Evolving regulations create strict compliance and reporting standards
8
What We Deliver
Lumension delivers best-of-breed, policy-based solutions that address
the entire security management lifecycle.
 Assess, prioritize and remediate vulnerabilities for
continuous validation and compliance reporting
 Proactively discover and assess risks
and threats within the IT environment
for comprehensive view of risk profile
9
 Dynamically enforce application/device policies
to prevent security threats at the endpoint
Lumension More Effectively Secures the
Endpoint
Endpoint Security must address internal and external threats
Platform Security
 VA and Remediation
External Threats
 Application Control
Vulnerability Management / Patch
Solution
Endpoint Security Solution
User Security
 Application Control
 Device Control
Data Security
 Device Control
 Data-at-Rest
 Content Filtering
10
Internal Threats
Endpoint Security Solution
Internal and
External Threats
Data Security Solution
Effective Endpoint Security is a Continuous Process
Discover Assets
Audit
Develop Policy
Centralized
Management
& Reporting
Enforce Policy
Compliance
11
Assess & Remediate
Threats
Who is responsible for this?
YOU!
12
Patchlink Scan
1
Comprehensive Reporting
• Out-of-the-box reports provide high-level or detailed information on
vulnerabilities found
• Compare security posture to common industry tracking mechanisms
14
PatchLink Scan™ Value
• Quickly Discover All Network Assets and Vulnerabilities
• Accurate Network-based Assessments
• Actionable Information Delivered to Make Intelligent Policy Decisions
• Comprehensive Vulnerability Coverage
• Highly Scalable Architecture
• Common Criteria EAL2 Certified
15
Patchlink Update
PatchLink Update™ Value
• Stay Ahead of Threats with Automated and Accurate Enterprise-Wide
Patch Management
»
»
»
»
Most accurate patch applicability and assessment
Deploy patches within hours of release from vendor
Capabilities and context to effectively act on information - Role and Task Based
Redundant vulnerability assessment
• Broad Support of Content via Open Architecture
» Leverages content directly from OS/Application vendors
» Broad English and international content support
» Security and operational patches
• Protect Heterogeneous Environments with One Solution
» All major Operating System platforms
» All major third party applications
17
Rapid, Accurate Network-based Scans
Thorough and
accurate discovery of
all network devices
Detailed assessment
checks on
configurations, AV,
worms, Trojans,
missing patches, open
ports, services and
more
Deep inspection of
target systems
18
PatchLink Security Configuration
Management™
1
PatchLink SCM™ Workflow
Policy Management
• Upload a Security Configuration
Specification
• Customize Security
Specifications
Policy Assessment
• Apply a Security Configuration
Specification
• Perform a Manual Assessment
Policy Compliance
Reporting
• View Group Policy Compliance
Details
• View Device Security
Configuration
20
20
Open, Standards-Based Approach to Policy Compliance
• Comprehensive Policies
» Security Content Automation Protocol (SCAP)
» Hundreds of pre-defined checks
• Easy-to-edit XML Format
» New policy checklists can be added/created
• Based on Industry Standards
» OVAL, XCCDF, CVE, CME, CPE
» Ensure compliance with specific regulations (i.e. FDCC, PCI, etc.)
» Improved operational efficiencies due to security best practices
21
21
How Policies get into PatchLink SCM™
Policy




Government (OMB Mandate)
Industry (PCI, SOX, HIPAA)
US or other Regulations
Corp. Specific best practices
XCCDF Policy Instance
 Mapping policies and other sets
of requirements to high-level
technical checks
OVAL Archive
 Mapping technical checks to the
low-level details of executing
those checks
PatchLink SCM
Automation
(monitoring/reporting)
SCAP Checklist
22
22
How Policies get into PatchLink SCM™:
Example
NIST SP 800-53
Policy




Government (OMB Mandate)
Industry (PCI, SOX, HIPAA)
US or other Regulations
Corp. Specific best practices
XCCDF Policy Instance
 Mapping policies and other sets
of requirements to high-level
technical checks
OVAL Archive
 Mapping technical checks to the
low-level details of executing
those checks
Authentication
Management Policy:
System’s minimum
password length is at
least 8 characters
XCCDF Mapping:
Map specific requirement
for system’s minimum
password length is at
least 8 characters
OVAL Check Mapping:
Check to be performed
(E.g.) on all Windows XP
based computers
SCAP Checklist
23
23
PatchLink SCM™ Value
Ensures that security configurations are standardized
throughout the enterprise
Ensures continuous policy compliance
Improves operational efficiency
Consolidates vulnerability and mis-configuration
monitoring and reporting
24
24
PatchLink Developers Kit™
2
Develop Custom Patches
• Create and deliver patches and updates for commercial or proprietary
software
• Patch legacy applications and niche products
• Open and modify any packages available via PatchLink Update
26
PatchLink PDK™ – How it Works
27
Lumension VMS
2
Comprehensive Vulnerability Assessment and Remediation
Discover, Assess and Remediate Vulnerabilities for Policy Compliance
Rapid identification of
unprotected endpoints
Vulnerability Assessment and Remediation
for Configuration Issues & Patches
PatchLink Security Configuration Management™
(Add-On Module) – FDCC and PCI
Automated remediation of
configuration and software
vulnerabilities
PatchLink
Scan™
PatchLink
Update™
PatchLink
Developers Kit™
(Network Based)
(Agent Based)
(Add-On Module)
Advanced vulnerability, configuration and policy compliance reporting
Flexible, open support for all major platforms, applications and
vulnerability and configuration content
Purpose-built to support compliance with regulatory policies and
industry standards
29
Sanctuary® Application Control
3
Sanctuary® Application Control Value
• Protects against both known and unknown threats
• Safeguards against zero-day threats and targeted attacks
• Controls proliferation of unwanted applications from burdening network
bandwidth
• Maximizes benefits of new technologies and minimizes risk of network
disruption
• Stabilizes desktop and Windows server configurations
• Enables adherence with software license agreements
31
Sanctuary® Device Control
3
Sanctuary® Device Control
Enforcement of Peripheral Device Use Policies
• Automates discovery of peripheral devices
• Provides granular device control permission
settings
• Offers flexible encryption options
Endpoint Policy
Enforcement
Sanctuary®
Sanctuary®
PatchLink
Developers
Kit™
Application
Device
Control
Control
(Agent Based)
Delivers detailed audit capabilities
 Patented bi-directional “Shadowing” of data written to/from a device
 All device access attempts
 All administrator actions
33
Sanctuary® Device Control Value
• Minimizes risk of data theft / data leakage via any removable device
»
»
»
»
»
Granular Device Control Policies
Forced Encryption
File Type Filtering
Detailed Audit Capabilities
Blocks USB Keyloggers
• Prevents malware introduction via unauthorized removable media
• Assures compliance with privacy and confidentiality regulations and
policies
34
Overall
3
Lumension Product Portfolio
Enterprise Policy Management
PatchLink Security Management Console ™
Vulnerability Management
for Configuration Issues & Patches
PatchLink Security Configuration Management™
(Add-On Module) – FDCC and PCI
PatchLink
Scan™
PatchLink
Update™
PatchLink
Developers Kit™
(Network Based)
(Agent Based)
(Add-On Module)
Enterprise-Wide Compliance Reporting
PatchLink Enterprise Reporting ™
36
Endpoint Policy
Enforcement
Sanctuary®
Application
Control
Sanctuary®
Device
Control
(Agent Based)
Who we are?
3
Who We Are
Leading global security management company, providing unified
protection and control of all enterprise endpoints.
 Ranked #14 on Inc. 500
list of fast growing companies
 Ranked #1 for
Patch and Remediation
for third consecutive year
 Ranked #1 Application
and Device Control
 Over 5,100 customers and 14 million nodes deployed worldwide
Award-Winning, Industry Recognized and Certified
38
Worldwide Customer Deployments
Education
Financial
Government/
Military
Health Care
Manufacturing
Miscellaneous
Services
Transportation/Utilities
Dolphin Drilling
Media
Legal
Charities
Bishop’s Stortford
College
39
Industry-Leading Partnerships
40
Distribution partner Baltics
41
Thank you.