Securing Your Endpoints Using Novell ZENworks Endpoint Security Management

Securing Your Endpoints Using Novell® ZENworks®

Endpoint Security Management

Pete GreenTechnical Specialist - ZENworksNovell, Inc./[email protected]

Scott GuscarTechnology Sales SpecialistNovell, Inc./[email protected]

© Novell, Inc. All rights reserved.2

Agenda

• Economic Effects on Security• Compliance• High Profile Breaches• DLP/ILP• “Yes. Endpoints are Outsiders.”• ZENworks® Endpoint Security Features• Demonstration• Questions and Answers

Economic Effects on IT Security2010


Economic Effects on IT Security 2010


Economic Effects on IT Security 2010(cont.)

Change

Upturn Downturn Upturn

Time

ThreatsInformation Security Budgets

Compliance2010


Compliance 2010

• PCI Focus• SAS-70• ISO 27002

– Instead of focusing on detail of PCI-DSS, adopt ISO 27002 for holistic security

• Legal picture of PCI is very bleak and very real

• Who is minding the legal risk?

• Negligence is no excuse

T.J. Hooper as precedent“Radio is new technology. We can’t be expected to have radio on our cargo ships!”There are precautions so imperative that even their universal disregard will not excuse their omission.The T.J.Hooper 60 F.2d 737 (2nd cir), cert. denied, 287 U.S. 662 (1932).

High Profile Breaches


High Profile Breaches

Source: Privacy Rights Clearinghouse

DLP/ILP


DLP 2010

• Data Leakage Prevention

• Data Loss Prevention

• Data Loss Protection

• Information Leak Prevention

• Information Loss Prevention

• Information Loss Protection

DLP Calculator - http://www.tech-404.com/calculator.html


DLP 2010(cont.)

Endpoint Network/E-mail Appps/DB FS/CMS Storage


InternalEmployee

RemoteEmployee

Partners

LAN

WAN

VPN

EnterpriseApplications

BusinessAnalytics

OutsourcedDev.

File Server

Replica

Staging

File Server

Collaboration andContent Mgmt.Systems

Disk Arrays

ProductionDatabase

Disk Arrays

Disk Arrays

Backup Tape

Backup Systems

Backup Disk


DLP 2010(cont.)



InternalEmployee

RemoteEmployee

Partners

LAN

WAN

VPN


BusinessAnalytics

OutsourcedDev.

File Server

Replica

Staging

File Server


Disk Arrays

ProductionDatabase Backup Tape

Endpointtheft/loss

IP Sent tonon trusted user

Endpoint LeakVia print/copy

Network LeakEmail-IM- HTTP-

FTP-etc.

PublicInfrastructureAccess Hack

Email leak orPackets sniffed

In transit

Priviledge UserBreach

UnintentionalDistribution

Apps. DB orEncryption Key

Hack


(Semi)Trusted User

Misuse

File Server/CMSHack

Tapes lost orstolen

Discarded diskexploited

Disk Arrays

Disk Arrays

Backup Systems

Backup Disk


DLP 2010(cont.)



InternalEmployee

RemoteEmployee

Partners

LAN

WAN

VPN


BusinessAnalytics

OutsourcedDev.

File Server

Replica

Staging

File Server


Disk Arrays

ProductionDatabase Backup Tape

Endpointtheft/loss

IP Sent tonon trusted user

Endpoint LeakVia print/copy

Network LeakEmail-IM- HTTP-

FTP-etc.

PublicInfrastructureAccess Hack

Email leak orPackets sniffed

In transit


UnintentionalDistribution

Apps. DB orEncryption Key

Hack


(Semi)Trusted User

Misuse

File Server/CMSHack

Tapes lost orstolen

Discarded diskexploited

Disk Arrays

Disk Arrays

Backup Systems

Backup Disk


DLP 2010(cont.)

Data at Rest

Data in Motion

Data in Use

-Microsoft file shares-Unix file shares-NAS/SAN storage-Windows 2000, 2003-Windows XP, Vista

-Microsoft Office Files-PDF's-PSTs-Zip Files

-SharePoint, Documentum-Lotus Notes, Exchange-Microsoft Access-Oracle, SQL, DB2-Contact Mgmt Systems

-SMTP email-Exchange, Lotus, etc.-Webmail-Text and attachments

-Yahoo IM-MSN Messenger-AOL Messenger

-FTP-HTTP-HTTPS-TCP/IP

-Local printers-Network printers-Burn ro CDs/DVDs

-External hard drives-Memory sticks-Removable media

-Copy to Network shares-Copy to external drives-Save As to external drives

File shares, Servers, Laptops 300+ File Typed Databases and Repositories

File shares, Servers, Laptops Instant Messages Web Traffic

Print and Burn USB Copy and Save As

Yes. Endpoints are Outsiders


Endpoints are Outsiders 2010

• “There used to be this thing called the ‘Network Perimeter’”.

Desktopvideo

Conferencing

CollaborationSoftware

MessagingSoftware

PDA Room Basedvideo

Phone

Laptop

Voice Mail

Fax

AudioConferencing

Mobile PhoneE-mail

Pager

ERP CRMSCMSuppliers Customers

Your Business

FrontOffice

BackOffice

Employees

Exhibit 2.The B orderless EnterpriseSource: Yankee Group, 2009


Endpoints are Outsiders 2010(cont.)

Source: ISSA Journal, June 2009 – A Forward-looking Approach to the Network Perimeter Paradigm, by Fernando Alonso


Endpoints are Outsiders 2010(cont.)

• Over 26,000 different USB products exist, 4.3 billion shipped in 2007

– Storage devices– Networking adapters– Printers, scanners, webcams– Coffee warmers, hand

massagers

• Billions and billions of USB devices have been sold to date

– Over 220 million iPods– Over 30 million iPhones – ANY form factor– Music albums now sold as USB– Their capacity keeps growing –

16GB flash drive is $20 – Virtually impossible to trace

Source: In-STAT/MDR

Inside ZENworks® Endpoint Security

ZENworks® Endpoint SecurityDemonstration

ZENworks® Endpoint SecurityQuestions and Answers


Inside ZENworks® Endpoint Security(cont.)

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Securing Your Endpoints Using Novell ZENworks Endpoint Security Management

Documents

Transcript of Securing Your Endpoints Using Novell ZENworks Endpoint Security Management