1. Lumension
and the change
in Endpoint
Protection
Matthew Walker – VP EMEA Channel Sales
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
2. IT Security Continues to be a Growing Problem
Cyber Attacks #4 Top 50 Global Risks1
The New Computing Era
» Enterprise users experience 339 malware
encounters per month2
» 11 per day- 200% increase over same
period
» 1/3 was zero day
» By 2015, more than 60% of enterprises will
have suffered material loss of sensitive
corporate data via mobile devices3
» Less than 20% of CIO’s felt that their device
security and management polices would
satisfy an auditor3
» 60% percent of virtualized servers will be less
secure than the physical servers they replace3
1) World Economic Forum 2011, 2) Cisco Threat Report 2012, 3) Gartner 2011
3. What Gartner Says
• Malware effectiveness continues to accelerate, while vendors are busy
polishing increasingly ineffective solutions and doing little to
fundamentally reduce the attack surface and protect users.
• ......Application Control holds significant promise but with a few
exceptions most vendors in this analysis do not provide flexible enough
solutions for large enterprises.
• Endpoint protection platforms continue to struggle to block typical
malware threats, and are even less effective with low-volume targeted
attacks. A few vendors have started to provide proactive tools, such as
vulnerability detection and application control, that reduce the attack
surface...(16 January 2012)
Lumension are in Visionary quadrant
3
4. Growing Application Centric Risk
What's In Your Network?
» Social networking applications are detected
in 95% of organizations **
» 78% of web 2.0 applications support file
transfer**
» 2/3 of applications in use had known
vulnerabilities**
» 28% of applications were known to
propagate malware**
Gartner projects that 50% of companies
will be deploying “default deny “ polices to
restrict application usage, by 2015.
*Ponemon-Lumension State of the Endpoint 2010,2011
** Palo Alto Networks Application Survey 2010, 2011
5. Trust Stack of the Future
Today’s Trust Stack Trust Stack of the Future
New application New application
Is this known good?
? Is this known bad?
? Is this known bad?
Is this unwanted?
Do I trust the Vendor?
What program introduced it?
Do I trust where it came from?
Do I trust the user installing it?
Am I licensed for this?
Allow / Block / Remove
Allow / Block / Restrict / Remove
5
6. Lumension’s Application Control Approach
Lumension’s approach is to deliver a dynamic trust engine that can
simultaneously accommodate change and validate trust.
People Path Process Publisher
Trust Engine
Provides manageable
rules-based exceptions
in a dynamic enterprise
environment.
Whitelisting Blacklisting
6
7. Challenges of Endpoint Management
IT Operations IT Security
Lack of integration
across technologies
is the #1 IT security
risk.*
Challenges Challenges
» Lack of Common Management Console » Need for better accuracy
» Increasing Agent Bloat » User access rights (Local Admin)
» Increasing and costly back-end Integration » Lack of Scalability
» Lack of visibility and collaboration with IT » Silos and insufficient collaboration
security between IT and business operations*
*Worldwide State of The Endpoint Report 2009
7
8. Lumension EMSS
DSS ITSEC 2012
Liam Puleo
Pre Sales Engineer (EMEA)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
9. New End Point Strategy
Emerging
Endpoint Security Stack
Traditional
Endpoint Security
Defense-N-
Blacklisting Depth
As The Core Patch &
Configuration
Mgmt.
Consumerization
Zero Day
of IT
3rd Party Malware
Application Risk As a Service
9
10. L.E.M.S.S. Core Product Offerings 2012
Anti-Virus Patch Management Application Control Device Control
• Protection against all • Automated patch • Prevents all unknown • Device visibility
known malware deployment and executables from
• File type filtering
(Blacklistng) remediation running (whitelisitng)
• Device whitelisitng
• Efficient Malware • Configuration & Power • Effective zero day
removal management malware protection • Read only access
• Effective protection • Software deployment • Flexible Trust based • Effective protection
against fast wide change management against physically
• Heterogeneous and 3rd
spreading malware policy control introduced malware
party vulnerability
content coverage • Application visibility • Reduces insider and
data loss risk
Lumension® Endpoint Management and Security Suite
Effective Reduced Endpoint Enhanced IT
Endpoint Security Complexity Operations & Productivity
Add on modules:
Lumension Disk Encryption (Powered by Sophos)
• Requires Patch management and Content Wizard
Power Management
• Requires Patch management and Content Wizard
Content Wizard
Enterprise Reporting
10
11. NEXT – Demo of LEMSS
Secure the endpoint by enforcing a known good baseline of secure
configurations and an operating system and applications that are
patched and up-to-date.
Lock down the configuration and installed applications using
application control.
Lock down the endpoint and eliminate data leakage via peripheral
devices using device control.
Use anti virus to validate what application control has blocked.
11
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
12. Think Different!
Current Approach to New Approach to
Endpoint Management Endpoint Management
Threat Centric Trust Centric
Point products and tools Integrated platform technology
Multiple consoles Single console
Multiple Agents Single agent
Ad-hoc workflows & processes Standardized workflow & processes
Reactive, signature-based Proactive, real time
Inconsistent interpretation of policy Shared understanding of policy
Ad hoc auditing Continuous monitoring
12
13. Intelligent Whitelisting from Lumension
Anti-Virus Patch Management Application Control
• Prevents all unknown
• Protection against all • Automated patch executables from
known malware deployment running
• Identification of • Vulnerability • Effective zero day
suspicious code remediation malware production
• Malware removal • Reduces malware risk • Effective application
policy support
Intelligent Whitelisting
More Effective Reduced Endpoint Enhanced IT
Endpoint Security Complexity Operations &
Productivity
13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
14. IWL is Secure
» Block known and unknown malware
without signatures
» Protect against targeted attacks and
Advanced Persistent Threats
» Ensure only trusted applications can run
» Provide enforcement and monitoring for
end-users with local-admin rights
» Reduced risk of data loss
» Eliminate application and configuration
vulnerabilities
14
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC
15. Lumension
and the change in
Endpoint Protection
Thank you
for
listening!
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION