Abstract image of a woman sitting on books and studying on a laptop

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

Download as PPTX, PDF
Lumension, profile picture
Lumension

The document discusses best practices for implementing device control policies to protect organizational data. It recommends augmenting endpoint security with device control and lays out steps for preparing and enforcing policies, including laying groundwork by understanding the security profile and policy considerations, preparing by creating policies for device classes and collections, and enforcing policies through a phased rollout while managing device control through monitoring dashboards and handling exceptions. The goal is to control removable storage, external drives, and other devices to prevent data loss and theft.

Technology
Related topics:
Data Protection Practices endpoint-security Insider Threats
1 of 29
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Best Practices in Device Control An In-Depth Look at Enforcing Data Protection Policies PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Today’s Agenda Introduction Augment Your Endpoint Security with Device Control to Protect Your Data • Laying the Groundwork • Preparing for Enforcement • Enforcing Policy • Managing Device Control Q&A
Why Device Control Is Important Today’s Endpoint Security Stack Significant Data Loss / Theft Issues AV Device Control Application Control Patch & Configuration Management 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits of Enforceable Device Control Policy Malware Costs Money Data Breaches Cost Money 4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Device Control Best Practices Laying the Groundwork Device Managing Preparing for Management Device Control Enforcement Process Enforcing Policy 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Laying the Groundwork
Know Your Organization’s Security Profile Permissive Moderate Stringent 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Policy Considerations Devices and Who, Where Connections Permission Types When 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Active Directory Synchronization Schedule 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
What Can You Control? Physical Interfaces Wireless Interfaces Device Types • USB • Wi-Fi • Removable Storage Devices • FireWire • Bluetooth • External Hard Drives • PCMCIA • IrDA • CD / DVD Drives • ATA / IDE • Wireless NICs • Floppy Drives • SCSI • Tape Drives • LPT / Parallel • Printers • COM / Serial • Modems / Secondary Network • PS/2 Access Devices • PDAs and other handhelds • Imaging Devices (Scanners) • Biometric Devices • Windows Portable Devices • Smart Card Readers • PS/2 Keyboards • User-Defined Devices 10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
A Good Device Control Strategy Policy Scope Policy Assignments Preferred Entire Device Class ‘Everyone’ Device Collection - Models AD User Group Device Collection - Devices Individual AD User Endpoint Create policies at the Endpoint Group (static) highest level possible Endpoint Group (dynamic) 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Permission Types & Times of Enforcement 12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Discovery 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Very Important User Communication Executive Sponsor 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Preparing for Enforcement
Creating Policies Work one class at a time For each class Biometric Sensors Do we use these? Can they be managed USB Printers as a single class? What types of DVD/CD permissions? Everyone, User Groups, Removable Storage Users, Endpoints What exceptions need et cetera to be accounted for? 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Device Collections 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Encryption Options • Don’t allow users to encrypt devices and DVD/CD media • Allow users the option to encrypt devices and DVD/CD media • Force users to encrypt devices and DVD/CD media • Encrypted Device Access » Password » User certificate 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Enforcing Policy
Phased Rollout • User communication • Start with a small group of users/endpoints • Proceed one device class at a time until all are enforcing your policies • Confirm – monitor, adjust • Expand users/endpoints • Confirm – monitor/adjust • Expand users/endpoints • … 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Managing Device Control
Dashboard Widgets Look for anomalies Look for suspicious use or needed policy adjustments 22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Temporary Policies 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Temporary Permissions (offline endpoints) Challenge/response tool 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Password Recovery Challenge/response tool 25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Adding Individual AD Users For exceptions only 26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Adding Devices to Collections Allowing use of new devices 27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
More Information • Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network intelligent-whitelisting/buy-now.aspx#5 » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Device Control » Online Information: http://www.lumension.com/device-control » Free Downloadable Trial: http://www.lumension.com/device-control- software/usb-security-protection/free-trial.aspx 28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com

More Related Content

PDF
HP, the gloabl leader in Thin Clients
HP Thin Clients
 
PDF
Tg nec 55_b2
Jerry Byrd
 
PDF
Tg nec 46_b6
Jerry Byrd
 
PDF
Tg nec 40_b6
Jerry Byrd
 
PDF
Slfsrv 36
ATMGALARY
 
PDF
Tg nec 46_b2
Jerry Byrd
 
PDF
Selfserv Checkout Ds
joeclassic1971
 
PDF
Tg nec 40_b2
Jerry Byrd
 
HP, the gloabl leader in Thin Clients
HP Thin Clients
 
Tg nec 55_b2
Jerry Byrd
 
Tg nec 46_b6
Jerry Byrd
 
Tg nec 40_b6
Jerry Byrd
 
Slfsrv 36
ATMGALARY
 
Tg nec 46_b2
Jerry Byrd
 
Selfserv Checkout Ds
joeclassic1971
 
Tg nec 40_b2
Jerry Byrd
 

Similar to Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies (20)

PDF
Ldc
Akosenko
 
PPT
Sanctuary Device Control
HassaanSahloul
 
PPTX
K Two Asset Tracking Solutions Impre 090225
guest497a4b
 
PDF
Ajax World West I Phone Summit
rajivmordani
 
PDF
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Novell
 
PDF
Webinar: Understanding the System Center suite & Windows Server 2012
Sentri
 
PPTX
W8 client management
Jaroslav Karlik
 
PDF
Webinar: Mobile Device Management
Advanced Logic Industries
 
PDF
Mobile device management
Advanced Logic Industries
 
PPTX
Airwatch - Mobile Content Strategies and Deployment Best Practices
Global Business Events
 
PPTX
Mobile device management v5
RoyGerritse
 
PPSX
Windows7/8 Migration Strategies
Joe Honan
 
PPTX
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
PDF
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Novell
 
DOC
Leccion 2 Sistemas Operacionales
angielebron
 
PPTX
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
Global Business Events
 
PPT
PSoC USB HID
LloydMoore
 
PDF
IBM Virtual Desktop Virtualization
IBM Sverige
 
PPTX
Mobile Management
Carahsoft
 
PPTX
Gtb Product Technical Present
gtbsalesindia
 
Ldc
Akosenko
 
Sanctuary Device Control
HassaanSahloul
 
K Two Asset Tracking Solutions Impre 090225
guest497a4b
 
Ajax World West I Phone Summit
rajivmordani
 
Protection against Lost or Stolen Data with Novell ZENworks Endpoint Security...
Novell
 
Webinar: Understanding the System Center suite & Windows Server 2012
Sentri
 
W8 client management
Jaroslav Karlik
 
Webinar: Mobile Device Management
Advanced Logic Industries
 
Mobile device management
Advanced Logic Industries
 
Airwatch - Mobile Content Strategies and Deployment Best Practices
Global Business Events
 
Mobile device management v5
RoyGerritse
 
Windows7/8 Migration Strategies
Joe Honan
 
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Novell
 
Leccion 2 Sistemas Operacionales
angielebron
 
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
Global Business Events
 
PSoC USB HID
LloydMoore
 
IBM Virtual Desktop Virtualization
IBM Sverige
 
Mobile Management
Carahsoft
 
Gtb Product Technical Present
gtbsalesindia
 
Ad

More from Lumension (20)

PPTX
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
PPTX
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
PPTX
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
PPTX
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
PPTX
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
PPTX
Careto: Unmasking a New Level in APT-ware
Lumension
 
PPTX
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
PPTX
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
PPTX
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
PDF
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
PPTX
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
PPTX
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
PPTX
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
PPTX
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
PPTX
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
PPTX
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
PPTX
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
PPTX
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
PPTX
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
PDF
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Ad

Recently uploaded (20)

PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
Configure Apache Mutual Authentication
Antonino Piraino
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
Modernising the Digital Integration Hub
Daniel Toomey
 

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protection Policies

  • 1. Best Practices in Device Control An In-Depth Look at Enforcing Data Protection Policies PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 2. Today’s Agenda Introduction Augment Your Endpoint Security with Device Control to Protect Your Data • Laying the Groundwork • Preparing for Enforcement • Enforcing Policy • Managing Device Control Q&A
  • 3. Why Device Control Is Important Today’s Endpoint Security Stack Significant Data Loss / Theft Issues AV Device Control Application Control Patch & Configuration Management 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 4. Benefits of Enforceable Device Control Policy Malware Costs Money Data Breaches Cost Money 4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 5. Device Control Best Practices Laying the Groundwork Device Managing Preparing for Management Device Control Enforcement Process Enforcing Policy 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 7. Know Your Organization’s Security Profile Permissive Moderate Stringent 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 8. Policy Considerations Devices and Who, Where Connections Permission Types When 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 9. Active Directory Synchronization Schedule 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 10. What Can You Control? Physical Interfaces Wireless Interfaces Device Types • USB • Wi-Fi • Removable Storage Devices • FireWire • Bluetooth • External Hard Drives • PCMCIA • IrDA • CD / DVD Drives • ATA / IDE • Wireless NICs • Floppy Drives • SCSI • Tape Drives • LPT / Parallel • Printers • COM / Serial • Modems / Secondary Network • PS/2 Access Devices • PDAs and other handhelds • Imaging Devices (Scanners) • Biometric Devices • Windows Portable Devices • Smart Card Readers • PS/2 Keyboards • User-Defined Devices 10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 11. A Good Device Control Strategy Policy Scope Policy Assignments Preferred Entire Device Class ‘Everyone’ Device Collection - Models AD User Group Device Collection - Devices Individual AD User Endpoint Create policies at the Endpoint Group (static) highest level possible Endpoint Group (dynamic) 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 12. Permission Types & Times of Enforcement 12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 13. Discovery 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 14. Very Important User Communication Executive Sponsor 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 16. Creating Policies Work one class at a time For each class Biometric Sensors Do we use these? Can they be managed USB Printers as a single class? What types of DVD/CD permissions? Everyone, User Groups, Removable Storage Users, Endpoints What exceptions need et cetera to be accounted for? 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 17. Device Collections 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 18. Encryption Options • Don’t allow users to encrypt devices and DVD/CD media • Allow users the option to encrypt devices and DVD/CD media • Force users to encrypt devices and DVD/CD media • Encrypted Device Access » Password » User certificate 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 20. Phased Rollout • User communication • Start with a small group of users/endpoints • Proceed one device class at a time until all are enforcing your policies • Confirm – monitor, adjust • Expand users/endpoints • Confirm – monitor/adjust • Expand users/endpoints • … 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 22. Dashboard Widgets Look for anomalies Look for suspicious use or needed policy adjustments 22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 23. Temporary Policies 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 24. Temporary Permissions (offline endpoints) Challenge/response tool 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 25. Password Recovery Challenge/response tool 25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 26. Adding Individual AD Users For exceptions only 26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 27. Adding Devices to Collections Allowing use of new devices 27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 28. More Information • Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network intelligent-whitelisting/buy-now.aspx#5 » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Device Control » Online Information: http://www.lumension.com/device-control » Free Downloadable Trial: http://www.lumension.com/device-control- software/usb-security-protection/free-trial.aspx 28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 29. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com