Presents

2015 Endpoint and Mobile Security Buyer’s Guide

Mike Rothman, President

mrothman@securosis.com

Twitter: @securityincite

About Securosis

• Independent analysts with backgrounds on both

the user and vendor side.

• Focused on deep technical and industry

expertise.

• We like pragmatic.

• We are security guys - that’s all we do.

Advanced Malware is Advanced

• Attacks > Defenses

• Advanced Attackers > You

• Yet you can track the

indicators and follow their trail.

• But first you need to

understand the kill chain.

http://flic.kr/p/4UPRJ7

The Kill Chain

http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain#

Defining Endpoint Security

Anti-Malware: Protecting Endpoints from Attack

The Negative Security Modelhttp://www.despair.com/tradition.html

How customers view Endpoint Protection

• Compliance is the main driver

for endpoint protection

• Whether it works or not is not

the issue.

• And to be clear, traditional

anti-malware technology

doesn’t work anymore.

http://flic.kr/p/9kC2Q1

Adversaries: Better and Better

Advanced Malware

Polymorphism

Sophisticated targeting

Professional Processes

http://www.flickr.com/photos/dzingeek/4587871752/

You don’t know what malware is going to look like...

But you DO know what software should and should not do.

Advanced Protection Techniques• Better Heuristics

• Profile the “Big 7” (browsers, Java, Adobe, Word, Excel, PPT, Outlook)

• “Application HIPS”

• Better Isolation (Sandboxes)• Browser Isolation• O/S Isolation (virtualization)

• White Listing (endpoints user experience impact, good for servers)

• Endpoint Activity Monitoring• Device Forensics• Retrospective Alerting

Endpoint Hygiene: Reducing Attack Surface

Endpoint Hygiene

Patch Management Process

http://www.flickr.com/photos/smallritual/6964911694/

Patch Management Technology Considerations

• Coverage (OS and

apps)

• Library of patches

• Intelligence/Research

• Discovery

• Patch deployment and

software removal

• Agent vs. agentless

• Handling remote

devices

• Deployment/scalability

architecture

• Scheduling flexibility

Configuration Management Process

http://www.flickr.com/photos/smallritual/6964911694/

Configuration Management Technology Considerations

• Coverage (OS and

apps)

• Discovery

• Supported standards

and benchmarks

• Agent vs. agentless

• Handling remote

devices

• Integration with

operational processes

• Policy exceptions

• Who has the “special

machines?”

Device Control Use Cases

• Data Leakage

• Data Privacy (Encryption)

• Malware Proliferation

(Sneakernet)

http://www.flickr.com/photos/rave2npg/2667464740/

Device Control Process

Device Control Technology Considerations

• Device support

• Policy granularity

• Encryption algorithm

support

• Agent (small

footprint)

• Hardware keylogger

protection

• Offline support

• Forensics

• Grace periods/User

override

Blurring lines between technologies

• Periodic Controls

(Patch/Config) with

Vulnerability Management & IT

Ops

• Device Control with Endpoint

DLP

• Who wants the hot potato?

• Accountability and

organizational complexities

http://www.flickr.com/photos/zen/253267347/

Managing Mobile Endpoint Security

Mobile Device Security

• Enrollment

• Asset Management

• OS Configuration

• Patching

• Connectivity

• Identity

• Group roles and policies

http://www.flickr.com/photos/becw/2404120929/

Managing Applications

• Authorized applications

• Application controls

• Built-in apps & 3rd party

• Privacy

• Regional variations

• Balance individual needs

with corporate

requirements

https://flic.kr/p/eEcxny

Mobile Data Protection

• Remote Wipe

• Data Protection

• Encryption at rest

• Containers

https://flic.kr/p/cJUp9j

Employee-owned devices

• Not just mobile devices

• Selective enforcement/granularity of

policies

• Require Anti-malware?

• Manage Hygiene?

http://www.flickr.com/photos/jennip/8465930151/

http

://www.fl

ickr.c

om/p

hoto

s/je

nnip

/846

5930

151/

Management Leverage

• Starts as stand-alone,

eventually bundled in• Single user experience to

manage hygiene• Single point to aggregate

endpoint logs• Cloud or on-prem

management?

https://flic.kr/p/5LVn8X

Endpoint Security Platform

Brings it all together

into a well oiled

machine...

http://www.flickr.com/photos/andrewl04/3163980834/

Buying Considerations

Endpoint Security Platform Buying Considerations• Dashboard

• Discovery

• Asset Repository

Integration

• Alert Management

• Alert queue

• Navigation/workflow

• Agent Management

• Policy Creation and

Management

• Baselines/Templates

for customization

• Alert only policies

• System Administration

• Reporting

To Cloud or Not to Cloud

• No server management• Uptime• Multi-tenancy: Data

segregation and protection• User experience

http://www.flickr.com/photos/52859023@N00/644335254

Buying Process/Vendor Selection

• Buying Process: Define

Requirements, Short list,

Test/PoC, Test support,

Negotiate

• Confirm with peer group

• Big vs. small vendor

• Platform vs. pricing leverage

• Research & Intelligence

http://www.flickr.com/photos/jeffanddayna/4081090389/

Summary

• Don’t forget about the security

of endpoint security

• Exploitable agents

• Weak platform security

• Cloud app vulnerabilities

• Malware protection remains a

cat/mouse game

• BYOD/Mobility adds another set

of issues to protecting endpointshttp://www.flickr.com/photos/74571262@N08/6710953053/

Read our stuff• Blog

• http://securosis.com/blog

• Research

• http://securosis.com/research

• We publish (almost) everything for free

• Contribute. Make it better.

Mike RothmanSecurosis LLC

mrothman@securosis.com

http://securosis.com/blog

Twitter: @securityincite