It’s Your Move: The Changing Game of Endpoint Security Webinar 9/7/2011
Hosted by: Lumension
Notes by: Brittany Box, Fortalice, LLC.
Executive Summary: The changing landscape of threats and more mobile workforce create a higher need for more thorough network security.
Panel: Paul Henry( security and forensic analyst) , Paul Zimski (Lumension), Doug Walls, Jason Brown
1. How have the Bad Guys changed the Rules
-there are no rules for them, defenders follow rules
-attacks on all ports
-Current recipe for disaster:
1. Bait an end user with spear phishing
2. Exploit a vulnerability
3. Download a back door
4. Est. back channel
5. Explore & steal
6. Select another victim
7. Repeat (ie. FB friending)
-Flaw Remediation is missing the target* still taking advantage of the same vulnerabilities
-neglect our endpoints, traditional AV can no longer keep up, focused on gateway only
-more than 73,000 new malware instances daily- can’t be matched without constant signature monitoring
-14 victims of malware every single second!!
-focused on blocking the delivery of malware-not preventing its execution…definition of insanity: repeating the same thing multiple times and expecting different results
- we need to make a definitive change in our defenses or we will procure the same results
-next generation malware has arrived: FLUX- is a new Trojan spreading covertly through the internet, instead of the infected machine waiting for a connection to be made from the outside, the infected machine makes the connection itself, write code—need to recognize, nearly invisible to current anti-malware software, circumvents most desktop firewalls
-Polled audience: What is your top IT security challenge- Advanced Persistent threats/ targeted attacks 21%, patching critical vulnerabilities 15%, data encryption 4%, malware viruses 20%, reducing agents and consoles 1%, educating users 38%
2. Key Moves we can make to regain control
1. Implement Defense-in-Depth Endpoint Security: more operational & security approach at a core level, risk mitigation, define a trusted environment from in the inside-out
2. Shift from threat-centric to Trust-based security
-stop malware payloads
-what is the end goal of that attack?
-antivirus will provide some protection against known payloads, provides a good layer in ultimate security defenses
-application whitelisting: what should be trusted and what should occur, look inwards on own environment unlike traditional AV, can limit use of unauthorized applications
-Trusted updater: authorizes select systems mgt. solutions to “update” software, patches, and remediations, while automatically updating the whitelist
-trusted publisher: authorizes apps. Based on the vendor that “published” them thru the digital signing certificate
-trusted path: authorizes apps to run based on their location
-local authorization—limit local admin usage, monitor and control existing local admins
3. Focus on operational basics
-Assess, Prioritize, Remediate, Repeat
-vulnerability management
“the top security priority is patching client-side software”-SANS institute, heterogeneous patch maker in place
-immediate and simple risk mitigation
4. Manage those devices ie. Compromised Flash drives? Keyboards? Anything with memory
-enforce access policy
-enforce encryption policy
-monitor, manage, report
3. Real world IT Security Experience
-EM solutions, Arlington VA: insider threat and data spill, huge focus on auditing transportable media
-protect dedicated network
-Lumension Endpoint Management and Security Suite: snapshots all endpoints
4. Q&A
-need to integrate all security systems
-need to build integrity check into defenses
