+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
OSB180: Learn More About Ivanti Endpoint Security
1.
2. OSB180 – Learn More about Ivanti Endpoint Security
David Murray, Product Manager, Ivanti
Guest Speaker: Scott Beauchamp, Bell Canada
3. Ivanti Endpoint Security supports an
Endpoint Defense-in-depth strategy
Blacklisting
as the core
Zero dayZero day
3rd-party
application
risk
3rd-party
application
risk
Malware
as a
service
Malware
as a
service
Consumerization
of IT
Consumerization
of IT
Defense in depth
Traditional
endpoint security
PATCH &
CONFIGURATION
MGMT.
Emerging
endpoint security stack
4. Ivanti Endpoint Security: Defense in depth
AV
Control the bad
Device control
Control the flow
HD and media encryption
Control the data
Application control
Control the gray
Patch and configuration management
Control the vulnerability landscape
5. Ivanti Endpoint Security: Defense in depth
AV
Control the bad
Device control
Control the flow
HD and media encryption
Control the data
Application control
Control the gray
Patch and configuration management
Control the vulnerability landscape
• Eliminates the attackable
surface area that
hackers can target
6. Ivanti Endpoint Security: Defense in depth
AV
Control the bad
Device control
Control the flow
HD and media encryption
Control the data
Application control
Control the gray
Patch and configuration management
Control the vulnerability landscape
• Extremely effective
against zero-day attacks
7. Defending against memory injections
Memory injections are typically a blind spot for application control.
Focus on the file system
Advanced Memory Protection
Detect malicious memory injection
Remediate by terminating compromised process
8. Ivanti Endpoint Security: Defense in depth
AV
Control the bad
Device control
Control the flow
HD and media encryption
Control the data
Application control
Control the Gray
Patch and configuration management
Control the vulnerability landscape
• Protects data in cases of
theft or accidental loss
9. Ivanti Endpoint Security: Defense in depth
AV
Control the Bad
Device Control
Control the Flow
HD and Media Encryption
Control the Data
Application Control
Control the Gray
Patch and Configuration Management
Control the Vulnerability Landscape
• Can prevent unauthorized
devices from
delivering payloads
10. Ivanti Endpoint Security – Defense in Depth
AV
Control the bad
Device control
Control the flow
HD and media encryption
Control the data
Application control
Control the gray
Patch and configuration management
Control the vulnerability landscape
• Stops “background noise”
malware.
11. Core capabilities of Ivanti Endpoint Security platform
o Single, modular, extensible architecture
o Single workflow-based console
o Asset discovery and agent deployment
o Installation manager
o AD integration and synchronization
o Role-based access control
o Reporting and notification
12. Patch at a glance
Key capabilities
o Microsoft & 3rd-party app and OS patching
o Agentless discovery
o Agent-based vulnerability assessment
o Hardware/software inventory
o Granular deployment options
o Software packaging and deployment
o Baseline enforcement
Effective defense in depth starts with proactive security.
13. Application control at a glance
Key capabilities
o Easy audit
o Learning mode
o Trust engine
o Denied applications
o Trusted updater
o Trusted publisher
o Trusted path
o Trusted user (Local authorization)
o Easy lockdown
o Verification rating
o Advanced Memory Protection
Trust Centric vs Threat Centric
14. Trust engine
Is this a
known good?
Should my
users have this?
Is this
unwanted?
Who wrote
this?
Is this a
known bad?
Where did this
come from?
What is trying
to install this?
15. Device control at a glance
Key capabilities
o See who is connecting what, where, and when
o See what data is coming into/out of your organization
o Force encryption on data leaving the organization
o Set policy to control:
o Which devices can be connected
o Level of access provided
o When devices can be connected
o Who can connect
o Copy limits & file filtering
o Keylogger detection
USB removable media pose the largest area of data leakage risk.
16. AntiVirus at a glance
Key capabilities
o Detect & remove known viruses/malware/spyware
o Behavioral and partial-signature detection
o Detect & remove potentially unwanted apps
o Smart-scan technology
o Centralized quarantine management
o Multiple scan options
o Scheduled
o On-demand
o Real time
Best-in-class detection & performance with Bitdefender engine.
20. Biggest Security Challenges
o Maintaining
security posture
with changing
business models
and attack vectors
o Continuously
protecting across
a dynamic threat
landscape
o Reducing
complexity and
fragmentation of
security solutions
21. The Security Ecosystem
The technology used to power your business also opens your company to
the outside world.
As technologies are introduced, attackers find ways to compromise them,
just as security professionals find new ways to protect their company data.
Security is a complex system of technologies, processes, and services that
secure your network, systems, and data.
Understanding the complete security ecosystem and how to balance its
many components is a critical part of keeping your confidential data secure.
22. Layers of Endpoint Protection
Application
control
Reduce risk from
unauthorized
applications.
Advanced
malware
detection
Provide protection and
remediation from
malware.
Mobile device
management
Remotely manage and
secure all of your
mobile devices.
Encryption
Protect data at rest
from lost or stolen
devices.
Host intrusion
protection
Protect devices from
unauthorized network
connections.
Endpoint Security Controls
23. Prevent, Detect and Remediate
Vulnerability Management
Security Patching Asset Inventory Vulnerability Scanning
Endpoint Protection
Application Control Malware Detection
Mobile Device
Mgmt
Disk Encryption HIPS
24. Application Control
UNSUPPORTED OS CRITICAL APPS
2
4
WHERE:
Deployed to unsupported Microsoft OS
(XP and Windows 2003)
BENEFITS
• Allow a longer replacement lifecycle
to support legacy apps
• Provide added layer of endpoint control
beyond AV and HIPS
• Avoid cost of additional support from Microsoft
WHERE:
Deployed on critical systems like our retail
Point-of-Sale systems
BENEFITS
• Enforce whitelist of approved apps to lock down
POS systems.
• Provide an added layer of protection.
• Enforce IT policy easily
• Enhance protection against APT threats
• Memory protection
25. Application Control
Endpoint Security Controls
Protective
Policies
ProtectionDetection
Intelligence
The goal is to protect endpoints by reducing risk from unauthorized applications
26. Vulnerability Management
1. Discover the assets within your organization.
2. Assess to understand the importance of a patch
within the context of your environment.
3. Prioritize as you often can't deploy all patches.
4. Remediate.
5. Report on assessment and remediation—you
can’t manage what you do not measure.
It is the process of detecting, removing, and controlling risk of vulnerabilities.
27. Vulnerability Management
Cost Avoidance – Ability to patch 50K+ endpoints
with a small operational team and streamlined
infrastructure.
Automation - Push out an average 400K security
patches with 99% success.
Compliance - Provide the controls for PCI, SOX,
and internal security policies
Trust - The simplified process with limited errors
delivers ‘set it’ and ‘forget it’ trust.
Zero Day Coverage – Ability to deliver patches an
to over 90% of servers within 24 hrs of disclosure.
PATCHPATCH
SCANSCANRESCANRESCAN
RESULTSRESULTS
Patch management life cycle
ACCESSREMEDIATE
DISCOVERVERIFY
28. Summary
New threats and the complexity of attacks continue to put your information at risk.
Freedom of data flow poses additional challenges to confidentiality, availability,
and integrity.
The foundation of any robust security posture is multiple layers of protection.
Ivanti Endpoint Security’s solutions at each layer minimize risk and provide immediate
return on investment.