Lumension Webinar 9/7/2011

It’s Your Move: The Changing Game of Endpoint Security Webinar 9/7/2011

Hosted by: Lumension

Notes by: Brittany Box, Fortalice, LLC.

Executive Summary: The changing landscape of threats and more mobile workforce create a higher need for more thorough network security.

Panel: Paul Henry( security and forensic analyst) , Paul Zimski (Lumension), Doug Walls, Jason Brown

1. How have the Bad Guys changed the Rules

-there are no rules for them, defenders follow rules

-attacks on all ports

-Current recipe for disaster:

1. Bait an end user with spear phishing

2. Exploit a vulnerability

3. Download a back door

4. Est. back channel

5. Explore & steal

6. Select another victim

7. Repeat (ie. FB friending)

-Flaw Remediation is missing the target* still taking advantage of the same vulnerabilities

-neglect our endpoints, traditional AV can no longer keep up, focused on gateway only

-more than 73,000 new malware instances daily- can’t be matched without constant signature monitoring

-14 victims of malware every single second!!

-focused on blocking the delivery of malware-not preventing its execution…definition of insanity: repeating the same thing multiple times and expecting different results

- we need to make a definitive change in our defenses or we will procure the same results

-next generation malware has arrived: FLUX- is a new Trojan spreading covertly through the internet, instead of the infected machine waiting for a connection to be made from the outside, the infected machine makes the connection itself, write code—need to recognize, nearly invisible to current anti-malware software, circumvents most desktop firewalls

-Polled audience: What is your top IT security challenge- Advanced Persistent threats/ targeted attacks 21%, patching critical vulnerabilities 15%, data encryption 4%, malware viruses 20%, reducing agents and consoles 1%, educating users 38%

2. Key Moves we can make to regain control

1. Implement Defense-in-Depth Endpoint Security: more operational & security approach at a core level, risk mitigation, define a trusted environment from in the inside-out

2. Shift from threat-centric to Trust-based security

-stop malware payloads

-what is the end goal of that attack?

-antivirus will provide some protection against known payloads, provides a good layer in ultimate security defenses

-application whitelisting: what should be trusted and what should occur, look inwards on own environment unlike traditional AV, can limit use of unauthorized applications

-Trusted updater: authorizes select systems mgt. solutions to “update” software, patches, and remediations, while automatically updating the whitelist

-trusted publisher: authorizes apps. Based on the vendor that “published” them thru the digital signing certificate

-trusted path: authorizes apps to run based on their location

-local authorization—limit local admin usage, monitor and control existing local admins

3. Focus on operational basics

-Assess, Prioritize, Remediate, Repeat

-vulnerability management

“the top security priority is patching client-side software”-SANS institute, heterogeneous patch maker in place

-immediate and simple risk mitigation

4. Manage those devices ie. Compromised Flash drives? Keyboards? Anything with memory

-enforce access policy

-enforce encryption policy

-monitor, manage, report

3. Real world IT Security Experience

-EM solutions, Arlington VA: insider threat and data spill, huge focus on auditing transportable media

-protect dedicated network

-Lumension Endpoint Management and Security Suite: snapshots all endpoints

4. Q&A

-need to integrate all security systems

-need to build integrity check into defenses