8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
1/20
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
2/20
Agenda
Challenges for Endpoint Security& Compliance
Endpoint-specific RequirementsAcross The Regulations
Endpoint Mgmt Architectures: Compared Continuous Compliance Recommendations Summary / Q&A
2
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
3/20
First the Disclaimer
Security doesnt always equal compliance. Compliance doesnt always mean youre secure. However, both goals are equally important and can be
achieved in parallel, with the right strategy, technology, and
process in place.
And, compliance projects usually get the funding, right?!
33
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
4/20
Challenges for Endpoint Security and Compliance
Historical Approaches No Longer Work Perimeter protection still needed but must be tailored to todays environment
The Endpoint Explosion Multiple device types/platforms (laptops, smart phones, POS, tablet PCs, etc) Roaming on steroids (endpoints connected anytime, anywhere, to any network)
Multiple Attack Vectors Malware IM / Social Networks Phishing Blended Threats
Disparate, disconnected security tools Vulnerability assessment doesnt talk to
the tool that actually fixes the vulnerability!
Constantly evolving compliance requirements and audit procedures
4
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
5/20
The Regulatory Tornado
5
www.unifiedcompliance.com
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
6/20
The Tornado . . . Organized
6
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
7/20
Endpoint Security Requirements A Sample
Requirement PCI ISO27001
CobIT NIST800-53
Implement anti-malware and keependpoints current
5.1, 5.2 A12.6 DS5.9 SI-3
Define, implement, and enforce securityconfiguration baselines
2.1,2.2, 6.2
A12.1,A15.2
DS9 CM-2,4,6
Keep endpoints patched 6.1 A12.6 DS5.9 CM-2
Perform regular vulnerability scans andaddress findings
11.2 A12.6 PO9.3 RA-5
Keep a current network diagram, knowwhen things are added to the network
1.1 A7.1 DS13.3 CM-8
Install, maintain endpoint firewalls, NAC 1.4 A11.4 DS5.10 AC-19
77
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
8/20
The Endpoint Is The Perimeter
Yesterday
Configuration controls, auditsfocused on servers processing
regulated data + general
policies and processes
WAN, LAN, VPN allcomputers had to connect to
the network to get stuff done
AV, maybe FW on desktops &laptops, otherwise rely on
network security protections
Today
Auditors looking at distributedenvironment in much more detail
Large # of roaming laptops, smartphones, tablets, etc.
Some rarely access the network,use Salesforce.com, Outlook HTTPaccess, Google Docs, etc.
Network security tools are anecessary layer, but no longer
protect many endpoints
8 8
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
9/20
Has this happened to you?
Fix all these issues by the end of the
week9 9
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
10/20
10
1.The security team develops compliancepolicies.
2.The security team runs an assessmenttool (or tools) against that policy3.The security team forwards findings to
ops
4.Ops makes corrections as workloadallows, one item at a time using different
tools from security (which generates
different answers to questions like howmany endpoints do I have?
5.Users make changes causing endpointsto fall out of compliance again
6.Start assessment all over again
1.Security and ops work together to formulatepolicies and service-level agreements (SLAs)
2.Ops implements the baseline (patch, config,AV, etc.) across all endpoints in the
organization
3.Policy compliance is continuously monitoredand enforced at the endpoint, changes are
reported immediately
4.The security team can check on the currentstate of security and compliance (i.e. noassessment necessary)
5.Security and operations teams work togetherto continually strengthen security and adjust
to evolving requirements.
10
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
11/20
Getting Back to Basics
Endpoint Security and Compliance
Know what OSes and third party software you have.And where.
Identify usage patterns. Remove software thats not required (or being used!)
Precisely target patch updates. My Mac doesnt know or care what an .exe is! Dont forget about those roaming endpoints
Implement additional endpoint security tools HIPS, FW, standard security configurations
Automate as much as possible Bridge assessment with remediation
1111
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
12/20
Todays Endpoint Management Requirements
Apply and Confirm Critical Patches inHours 95%+ first-pass success rate Confirmation is critical for proving compliance Spray and Pray no longer adequate
Anytime, Anywhere, Any Connection Inside and outside of the firewall Bandwidth- and connection-aware
12
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
13/20
Todays Endpoint Management Requirements
13
Automated, Closed Loop PatchManagement and Policy
Enforcement
One Tool for a Wide Variety ofEndpoint Operating Systems
and Platforms
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
14/20
Todays Endpoint Management Requirements
Self-Repair and Quarantine Automatic re-application of patches Take endpoints off network until
remediation is complete
Custom Policy Definition Enables custom remediation Swiss Army Knife for IT admins
Remote Control Capabilities Reaching endpoints wherever they roam
14
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
15/20
Endpoint Management Architectures: Compared
Dumb Agents, Smart Servers Server contains policy repository, makes decisions
and sends instructions to agents
Agents do not autonomously enforce policies Relies on polling and distributed database repository
Smart Agents, Dumb Servers Server distributes policies to endpoint agents Agents store, enforce policies; continuously
enforcing them
Bulk of processing performed by agents
15
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
16/20
Real-World Zero-Day Case Study
Incident Details April 2008 51 computers out of 3,000 displaying
strange behavior:
Running port scans against the network Continual reboot cycle
Infection by New Polymorphic Virus Zilcat / Sality.w / Sality.ae No AV signatures available
Rapidly Spread to 200+ Computers
Initial Plan Proposed Drive around to offices, disconnecting from network until DAT file
updates published
16
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
17/20
Real-World Zero-Day Case Study Instead, They Used Endpoint Management
Identified infected machines across 3,000 endpoints in less than180 seconds
(system.ini file change the one common variable)
Auto-quarantined infected machines from the network Automatically remediate infected machines via single
management port once AV updates were available
Lessons Learned: When the first defense layer fails, have a
workable Plan B Real-time visibility and precise control
are priceless
17
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
18/20
Key Take-aways
Traditional network perimeter controls are less relevanttoday because: laptops enter hostile environments attack vectors such as end user documents and web surfing
Baking intelligence and policy enforcement into theendpoint is essential.
Improved visibility, automation and control will improvesecurity AND help us pass those audits!
1818
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
19/20
To learn more
www.ibm.com/security www.instituteforadvancedsecurity.com www.youtube.com/ibmsecuritysolutions Twitter:
www.twitter.com/ibmsecurity www.twitter.com/ibmxforce
8/2/2019 4. Achieving Continuous Compliance for Your Roaming Endpoints
20/20
Questions?Click on the questions tab on your screen, type in your question, name
and e-mail address; then hit submit.
Top Related