Post on 03-Oct-2021
www.matrix42.com
AUTOMATED ENDPOINT SECURITY
THE FUTURE OF ENDPOINT SECURITY3 strategies to protect endpoints without compromising user productivity
1
www.matrix42.com
THE FUTURE OF ENDPOINT SECURITY- TODAY’S SPEAKER -
CEO CEO CEO
Oliver Bendig Sergej Schlotthauer Roy Katmor
www.matrix42.com
How do you currently protect and secure your endpoints?
CURRENT STATE OF ENDPOINT SECURITY
www.matrix42.com
THE CHALLENGE:DIGITAL TRANSFORMATION IS EVOLVING FASTER THAN SECURITY KNOW-HOW
www.matrix42.com
DIGITAL TRANSFORMATION IS EVOLVING FASTERTHAN SECURITY KNOW-HOW
Risk Gap
Technical Evolution Know How
2.631.684 GBP
The Great Train Robbery, 1963
$ 951.000.000
Bangladesh Bank/ Swift Heist 2016
DIGITAL TRANSFORMATION
• Every Business is now a digital business
• Automation
• Device complexity (PC‘s, Laptop, Mobile Devices, Cloud, IoT)
• AI / Machine Learning
• Agility
CYBER RISK 4.0
• Every Business is now under attack
• Automated Attacks
• AI & Machine Learning
• Attackers are agile
• Infrastructure complexity increases attack vector
• Vulnerability can’t almost be avoided
CYBER RISK = BUSINESS RISK
www.matrix42.com
THE WORLD IS CONSTANTLY CHANGING AND
MORE AND MORE DEVICES FLOOD ENTERPRISES
Chances
• Increased productivity and employee motivation
• New business opportunities
Risks
• Constant increase of new gateways for data to be exfiltrated or malware to be infiltrated
www.matrix42.com
SUMMARY OF RECENT CYBER SECURITY ATTACKSA FEW EXAMPLES…
TRENDnet Webcam Hack
• 1.5 million connected cameras hacked
Mirai botnet
• Botnet from ~ 500.000 IoT products
Toy-Hacking
• Hacker controls Furbiesand uses Barbie puppets for spying
Jeep SUV Hack
• Scientists have taken over controll of a Jeep SUV byhacking the CAN bus
WannaCry
• Crypto Worm infects > 300.000 Enterprises and public services organizations
IoTroop
• Evolution of Mirai• Botnet with > 2 Million
infected systems
• Amor Gummiwaren• Device remote access• Access to > 100.000 Customer data
Vibratissimo
www.matrix42.com
70% of all malware outbreak originate at endpoint- IDC
Source: IDC Infographic for Rapid7, Dec. 2015 https://www.rapid7.com/resources/rapid7-efficient-incident-detection-investigation-saves-money/
www.matrix42.com
ENDPOINT SECURITY IN DIGITAL TRANSFORMATIONBUSINESS ENABLER AND BUSINESS INNOVATOR
WHY DO WE NEED BREAKS? WHY DO WE NEED ABS, ESP, EBD?
BUSINESS ENABLER BUSINESS INNOVATOR
• Endpoint Security is not only costs and risks
• Endpoint Security is more than a must
• Endpoint Security increases efficiency and productivity
• Endpoint Security supports company goals
• Endpoint Security needs business oriented change
• Endpoint Security can be more than just Business Enabler
• Enables adoption of new technologies and devices
• Example: Flexible Workstyle
www.matrix42.com
THE FUTURE OF ENDPOINT SECURITYIS A MULTI-LAYERED APPROACH
AI/ MACHINE LEARNING
AUTOMATION & REMEDIATION
DEVICE MANAGEMENT
USER BEHAVIOURANALYTICS
www.matrix42.com
“Highly automated attacks need highly automated protection and prevention”
www.matrix42.com
www.matrix42.com
3 STRATEGIES TO PROTECT ENDPOINTS WITHOUT COMPROMISING USER PRODUCTIVITY
MALWARE PROTECTION
1
• NextGenAV• EDR• Post Infection Protection• Automated Incident Response
DATA LOSS PREVENTION
2
• Application Control• Device Control• Encryption
DATA PRIVACY/GDPR
3
• Audit, Monitor, Analytics• Encryption• User Access
AUTOMATION
www.matrix42.com
Where do you see the biggest risk on the endpoint?
CURRENT STATE OF ENDPOINT SECURITY
www.matrix42.com
1. MALWARE PROTECTIONAUTOMATED ENDPOINT PROTECTION & RESPONSE
www.matrix42.com
STOP THE BREACH
. REAL TIME AUTOMATED ENDPOINT SECURITY.
“2017 Data Breaches Up 23% Year Over Year to 975 Incidents”
Source: Gemalto 2017 Data Breach Report, Wall-Street Journal datto
COMPROMISE IS INEVITABLE – DATA CONSEQUENCES
THE STRATEGY:
STOP THE BREACH*HUNT ON YOUR SPARE TIME
enSilo.com
WannaCryETERNALBLUE
NotPetya
BadRabbit
ETER
NA
LRO
MA
NC
E
SPEC
TRE
MEL
TDO
WN
t(0)REAL-TIME
t(+99 Days) t(+6 Days)
Logging and Manual Threat Hunting
Manual
Time
CO
ST
Filtering Known Bad
CHALLENGES WITH ENDPOINT SECURITY
Incident Response
Post-Infection
Pre-Infection
v
STEP 1:The enSilo Collector filters threats using its built-in NGAV
STEP 2:The enSilo Collector on the computing device collects OS metadata
STEP 3:Upon connection establishment or file modification request, the Collector sends a snapshot of the request to enSilo Core, enriched with its respective OS metadata
STEP 4:Using enSilo’s technology, the Core analyses OS metadata along with the request and enforces using the relevant policies*
STEP 5:Only legitimate connections or file modifications are allowed*
On connection establishment
On file modificationenSilo Collector
PRE-INFECTION
PREVENTIONPOST-INFECTION PROTECTION & AUTOMATED INCIDENT RESPONSE
Pre-execution filtering Recording Triggers The enSilo Core
Collectors:< 1% CPU utilization40 MB memory20 MB disk space
* Can be performed by the Collector in offline mode
HOW ENSILO WORKS – REAL TIME PROTECTION
Pre-canned incident response recipesenabling customizedautomated Course OfAction
enSilo.com
AUTOMATED REAL-TIME PROTECTION AT FIXED COST
t(0)REAL-TIME
t(0) REAL-TIME
Real-Time protection even when
compromised
Customized and Automated with
Complete Forensics
Machine Learning Based, Certified
NGAV
t(0)REAL-TIME
Time
CO
ST
Incident Response
Post-Infection
Pre-Infection
COMPANY CONFIDENTIAL
Where else?
Search DEVICE-X activityHow?
Search HASH
5A49D729oEE..87
Malicious Activity prevented in RT
HASH 5A49D729oEE..87
DEVICE-X
Pre-canned customized IR
Pre-canned customized IR
REAL-TIME AUTOMATED ENDPOINT SECURITY
HOW ENSILO WORKS
COMPANY CONFIDENTIAL
Malicious Activity prevented in RT
DEVICE-X
Remediate device
Where?
Search DEVICE-XHow?
Search HASH
Automated Incident Response
Verdicts:
Notify users
Open ticket
Isolate device
Quarantine file
AIR Playbooks:
enSilo Cloud Services
BIG
DA
TA
Cross environment
Enterprise Scale
Multitenancy
REAL-TIME AUTOMATED ENDPOINT SECURITY
THE PLATFORM
COMPANY CONFIDENTIAL
EFFICACY – PUBLIC TESTING
COMPANY CONFIDENTIAL
FLEXIBLITY IN SCALE
MANAGEMENT
COST
Post and pre-infection protection stops the breach
Eliminate post breach operational expenses and breach damage to the organization
Single integrative console that inherently eliminates alert clutter
Protect a broad range of operating systems environment, even when offline in large scale
PCI, HIPPA, GDPR
COMPLIANCE
REAL-TIME PROTECTION
ENSILO – AUTOMATED ENDPOINT SECURITY REALIZED
www.matrix42.comcontact@enSilo.com www.enSilo.com company/enSilo @enSiloSec
REAL TIME AUTOMATED ENDPOINT SECURITY.
www.matrix42.com
2. DATA LOSS PREVENTIONDevice Control, Application Control, Encryption
www.matrix42.com
THE BIGGEST PROBLEM FOR DATA LOSS/ LEAKAGE
www.matrix42.com
THE BIGGEST PROBLEM FOR DATA LOSS/ LEAKAGE
www.matrix42.com
THE BIGGEST PROBLEM FOR DATA LOSS/ LEAKAGE
www.matrix42.com
WHAT THE CUSTOMER NEEDS…
A PRODUCT-NEUTRAL APPROACH TO EFFECTIVE DATA SECURITY!
The I.C.A.F.E.- Principle
CONTROL
AUDIT
FILTER
ENCRYPTION
INTELLACT
www.matrix42.com
I.C.A.F.E. ON ALL DATA PATHS
www.matrix42.com
EGOSECURE PROTECTS YOUR DATA
A COMPLETE SOLUTION BY ONE VENDOR
www.matrix42.com
3. DATA PRIVACY / GDPRAudit, Monitoring, Analytics
www.matrix42.com
Article 30 and 33 of GDPR Audit data and monitoring
GDPR REGULATIONS
Article 32 of GDPR Prevent attacks by data encryption
Article 32 and 25 GDPR Privileged user access control
Article 34 of GDPR Monitoring of data breach without encryption
www.matrix42.com
SEE – UNDERSTAND – PROTECT
FIRST UNDERSTAND THE PROBLEM, THEN ACT!
www.matrix42.com
FIRST UNDERSTAND
Example: Use of USB devices
Will devices be used forprivate purposes?
Do we know how much data leaves the company and
how much of that is sensitive data?
Do we know how much data is brought into the company and
what could pose a threat?
Do we know how many USB devices are being used and
what kind of devices they are?
Are those only corporate devices or private ones?
ASK THE RIGHT QUESTIONS FIRST!!
www.matrix42.com
INSIGHT PROVIDES THE ANSWERS CLEARLY!
www.matrix42.com
GOAL: ENDPOINT SECURITY WITHOUT COMPROMISING USER PRODUCTIVITY
www.matrix42.com
3 STRATEGIES TO PROTECT ENDPOINTS WITHOUT COMPROMISING USER PRODUCTIVITY
MALWARE PROTECTION
DATA LOSS PREVENTION
DATA PRIVACY/GDPR
1 2 3
• NextGenAV• EDR• Post Infection Protection• Automated Incident Response
• Application Control• Device Control• Encryption
• Audit, Monitor, Analytics• Encryption• User Access
AUTOMATION
www.matrix42.com
AUTOMATIONService Management, Unified Endpoint Management
www.matrix42.com
CYBERSECURITY AND IT OPERATIONS GO HAND-IN-HAND
AUTOMATED ENDPOINT SECURITY
Cybersecurity
Service Management and IT Operations
www.matrix42.com
„ONLY A MANAGED ENDPOINT IS A SECURE ENDPOINT“
Device Management (CLM, EMM)
Post-Infection Protection (EDR)
Identity & Access Management (SSO, User behaviour)
SERVICE & ASSETMANAGEMENT(ITSM, CMDB, Analytics, WF)
Pre-Infection Protection (AV, NextGenAV)
App & Data Management (MAM, DLP)
Patch Management (OS, Apps)
Dev
ices
Technology Process
PR
OTEC
TION
PR
EVEN
TION
Ap
ps/
Dat
aU
sers
Behaviour
www.matrix42.com
▪ Security Incident Management
▪ Security-Workflow-Automation
▪ Thread-Level-Dashboard
▪ Security-Trend-Analysis
▪ Rootcause and Problem
management
THE DIGITAL WORKSPACE SECURITY SUITE
www.matrix42.com
How do you currently protect and secure your endpoints?
Where do you see the biggest risk on the endpoint?
CURRENT STATE OF ENDPOINT SECURITY
www.matrix42.com
The Future of Endpoint Security isDIGITAL WORKSPACE SECURITY
Automation and Transparency
For IT
High security at your endpoints
for IT
Assured Productivity
for IT + Users
www.matrix42.com
www.matrix42.com
www.matrix42.com
Signup for a free trialNOW!
www.matrix42.com