2015 Endpoint and Mobile Security Buyers Guide
-
Upload
lumension -
Category
Technology
-
view
263 -
download
4
description
Transcript of 2015 Endpoint and Mobile Security Buyers Guide
Presents
2015 Endpoint and Mobile Security Buyer’s Guide
Mike Rothman, President
Twitter: @securityincite
About Securosis
• Independent analysts with backgrounds on both
the user and vendor side.
• Focused on deep technical and industry
expertise.
• We like pragmatic.
• We are security guys - that’s all we do.
Advanced Malware is Advanced
• Attacks > Defenses
• Advanced Attackers > You
• Yet you can track the
indicators and follow their trail.
• But first you need to
understand the kill chain.
http://flic.kr/p/4UPRJ7
The Kill Chain
http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#
Defining Endpoint Security
Anti-Malware: Protecting Endpoints from Attack
The Negative Security Modelhttp://www.despair.com/tradition.html
How customers view Endpoint Protection
• Compliance is the main driver
for endpoint protection
• Whether it works or not is not
the issue.
• And to be clear, traditional
anti-malware technology
doesn’t work anymore.
http://flic.kr/p/9kC2Q1
Adversaries: Better and Better
Advanced Malware
Polymorphism
Sophisticated targeting
Professional Processes
http://www.flickr.com/photos/dzingeek/4587871752/
You don’t know what malware is going to look like...
But you DO know what software should and should not do.
Advanced Protection Techniques• Better Heuristics
• Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook)
• “Application HIPS”
• Better Isolation (Sandboxes)• Browser Isolation• O/S Isolation (virtualization)
• White Listing (endpoints user experience impact, good for servers)
• Endpoint Activity Monitoring• Device Forensics• Retrospective Alerting
Endpoint Hygiene: Reducing Attack Surface
Endpoint Hygiene
Patch Management Process
http://www.flickr.com/photos/smallritual/6964911694/
Patch Management Technology Considerations
• Coverage (OS and
apps)
• Library of patches
• Intelligence/Research
• Discovery
• Patch deployment and
software removal
• Agent vs. agentless
• Handling remote
devices
• Deployment/scalability
architecture
• Scheduling flexibility
Configuration Management Process
http://www.flickr.com/photos/smallritual/6964911694/
Configuration Management Technology Considerations
• Coverage (OS and
apps)
• Discovery
• Supported standards
and benchmarks
• Agent vs. agentless
• Handling remote
devices
• Integration with
operational processes
• Policy exceptions
• Who has the “special
machines?”
Device Control Use Cases
• Data Leakage
• Data Privacy (Encryption)
• Malware Proliferation
(Sneakernet)
http://www.flickr.com/photos/rave2npg/2667464740/
Device Control Process
Device Control Technology Considerations
• Device support
• Policy granularity
• Encryption algorithm
support
• Agent (small
footprint)
• Hardware keylogger
protection
• Offline support
• Forensics
• Grace periods/User
override
Blurring lines between technologies
• Periodic Controls
(Patch/Config) with
Vulnerability Management & IT
Ops
• Device Control with Endpoint
DLP
• Who wants the hot potato?
• Accountability and
organizational complexities
http://www.flickr.com/photos/zen/253267347/
Managing Mobile Endpoint Security
Mobile Device Security
• Enrollment
• Asset Management
• OS Configuration
• Patching
• Connectivity
• Identity
• Group roles and policies
http://www.flickr.com/photos/becw/2404120929/
Managing Applications
• Authorized applications
• Application controls
• Built-in apps & 3rd party
• Privacy
• Regional variations
• Balance individual needs
with corporate
requirements
https://flic.kr/p/eEcxny
Mobile Data Protection
• Remote Wipe
• Data Protection
• Encryption at rest
• Containers
https://flic.kr/p/cJUp9j
Employee-owned devices
• Not just mobile devices
• Selective enforcement/granularity of
policies
• Require Anti-malware?
• Manage Hygiene?
http://www.flickr.com/photos/jennip/8465930151/
http
://www.fl
ickr.c
om/p
hoto
s/je
nnip
/846
5930
151/
Management Leverage
• Starts as stand-alone,
eventually bundled in• Single user experience to
manage hygiene• Single point to aggregate
endpoint logs• Cloud or on-prem
management?
https://flic.kr/p/5LVn8X
Endpoint Security Platform
Brings it all together
into a well oiled
machine...
http://www.flickr.com/photos/andrewl04/3163980834/
Buying Considerations
Endpoint Security Platform Buying Considerations• Dashboard
• Discovery
• Asset Repository
Integration
• Alert Management
• Alert queue
• Navigation/workflow
• Agent Management
• Policy Creation and
Management
• Baselines/Templates
for customization
• Alert only policies
• System Administration
• Reporting
To Cloud or Not to Cloud
• No server management• Uptime• Multi-tenancy: Data
segregation and protection• User experience
http://www.flickr.com/photos/52859023@N00/644335254
Buying Process/Vendor Selection
• Buying Process: Define
Requirements, Short list,
Test/PoC, Test support,
Negotiate
• Confirm with peer group
• Big vs. small vendor
• Platform vs. pricing leverage
• Research & Intelligence
http://www.flickr.com/photos/jeffanddayna/4081090389/
Summary
• Don’t forget about the security
of endpoint security
• Exploitable agents
• Weak platform security
• Cloud app vulnerabilities
• Malware protection remains a
cat/mouse game
• BYOD/Mobility adds another set
of issues to protecting endpointshttp://www.flickr.com/photos/74571262@N08/6710953053/
Read our stuff• Blog
• http://securosis.com/blog
• Research
• http://securosis.com/research
• We publish (almost) everything for free
• Contribute. Make it better.
Mike RothmanSecurosis LLC
http://securosis.com/blog
Twitter: @securityincite