As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary – but not sufficient – layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term. View these slides to learn the recommended steps to check unknown executables on your endpoints as we dive into a technical discussion of what the critical items to address:
* Prepare – properly laying the groundwork for implementing application whitelisting is crucial to ultimate success.
* Lockdown – preventing unwanted or dangerous changes while providing necessary flexibility to support business needs.
* Manage – maintaining the environment as application, end user and business needs develop.
2. Today’s Agenda
Introduction
Augment Your Defenses to Mitigate Zero-Days,
with Lessons Learned from the Field
• Laying the Groundwork
• Creating Policies
• Protecting Endpoints
• Managing the Environment
Q&A
3. Today’s Panelists
Douglas Walls David Murray
Chief Information Officer Sr. Product Manager
EMSolutions, Inc. Lumension
3
4. Why Application Whitelisting Is Important
AVERAGE detection rate after 30 days = 62%
Today’s Endpoint Security Stack Sources of Endpoint Risk
AV 5%
Zero-Days
Device
Control 30%
Application Missing Patches
Control
65%
Patch & Configuration
Management Misconfigurations
4
6. Application Whitelisting Best Practices
Laying the
Groundwork
Application
Managing the Creating
Whitelisting
Environment Policies
Process
Protecting
Endpoints
6
8. Groundwork | Policies | Lockdown | Management
Clean
Avoid End User Disruption
• No need to reimage
• Off-hours, thorough scan to
remove known malware
8
11. Groundwork | Policies | Lockdown | Management
Denied Apps
Eliminate unknown or
unwanted applications on
your endpoints
User Endpoint View
Admin Console View
Prevent applications from executing
even while endpoints are in monitor
mode only
11
16. Groundwork | Policies | Lockdown | Management
Monitor
Stabilize Whitelist Maintenance
• Full visibility into unaccounted for
changes (good and bad)
• Accommodate variations
• Reduce maintenance workload
16
17. Groundwork | Policies | Lockdown | Management
Local Authorization
Effectively Balance Security
and Productivity
• End user flexibility
• “Third Way” between Monitor
and Lockdown
Admin Console View
User Endpoint View
17
22. Groundwork | Policies | Lockdown | Management
Control Is this a
Known Bad?
Should my Is this a
users have this? Known Good?
What is trying
to install this?
Is this
Unwanted?
Who wrote
this?
Where did this
come from?
22
25. More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Application Scanner – discover all the apps http://www.lumension.com/
being used in your network intelligent-whitelisting/buy-now.aspx#7
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Intelligent Whitelisting™
» Online Demo Video:
http://www.lumension.com/Resources/
Demo-Center/Endpoint-Security.aspx
» Free Trial (virtual or download):
http://www.lumension.com/
intelligent-whitelisting/free-trial.aspx
25
26. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com