SlideShare a Scribd company logo

How to improve endpoint security on a SMB budget

Download as PPT, PDF
Lumension, profile picture
Lumension

The document discusses improving security for small and medium-sized businesses on a limited budget. It outlines common security threats faced by SMBs, such as financially motivated attacks and intellectual property theft. It then discusses how traditional defenses like antivirus software and patching alone are often not effective. It recommends prioritizing security basics like rapid patch management, application control, and device encryption to minimize endpoint risks cost-effectively. A security suite that provides single console management is presented as an effective solution.

Technology
Related topics:
endpoint-security IT Security
1 of 33
Downloaded 26 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Effective and Efficient Security on a SMB Budget Part I – How to Improve SMB Endpoint Security
Today’s Speakers Chris Merritt Director of Solution Marketing Lumension Roger A. Grimes Security Consultant, Author and Columnist
Today’s Agenda Today’s Threats Defenses – and What Does & Does Not Work Improving SMB Security Q&A
Today’s Threats
Today’s Threats General Categories Financially Motivated Bank Accts, Passwords, etc. Identity Theft Insiders Intellectual Property Theft Hacktivists IP / Customer data Denial of Service Reputational Damage
Today’s Threats Financially Motivated Examples Fraudulent Payroll / Accounting Transfers Bank Info Stealing Trojans Fake Invoices Malicious Long Distance Service Extortion
Today’s Threats IP Theft Examples Corporate Espionage Future Product Plans Trade Secrets Customer Lists Lawyer Case Files (sold to opposing counsel) RSA Attack
Today’s Threats Hacktivist Examples Wikileaks Retaliation Distributed Denial of Service (DDOS) as a Protest
Typical SMB Defenses
Defense-in-Depth Traditional Defenses … Antivirus Patching Microsoft OS and Apps Firewalls Strong Passwords End-User Education Programs … Don’t Always Work: If They Did, We Wouldn’t Have IT Security Breaches!
Defenses – What Does Not Work
Defenses Where Traditional Defenses Fall Short Risk from Un-patched 3 rd Party Apps Controlling Local Admins Gone Wild Preventing Zero-Day Attacks and Targeted Malware End-User Education Isn’t Keeping Up Actionable Reporting and Security Measurement
Why Antivirus Doesn’t Work Swamped by the Deluge Can’t keep up with rising daily volume of malware Can’t defend against zero-day threats (on average, only 19% of new malware signatures are detected on day 1) Severely impacts endpoint performance 36% of SMBs rely on free AV
Hidden Costs of Antivirus Acquisition Costs Licensing (license cost, maintenance, support) Installation (HW / SW, roll-out, other) Operational Costs System Managemenet Incident Management (help desk, escalation, re-imaging) Lost Productivity Extraordinary Costs Data Breach Operational (60~80%) Acquistion (20~40%)
Why Patching Microsoft Alone Doesn’t Work Missing the Target Relying on “free” tools Go beyond Microsoft Most organizations take at least twice as long to patch 3 rd party application vulnerabilities than they do to patch OS vulnerabilities 60% of users are running un-patched versions of Adobe
Hidden Costs of Free Patching Why “Free” Can Cost You More Speed and Accuracy Time to deploy non-MSFT or custom application patches No CVE information Visibility and Compliance Lack of hardware and software inventory Limited reporting
Defenses What Else Doesn’t Work Buying advanced tools, such as IDS, PKI, black-box solutions, while ignoring the basics Preventing attack methods instead of shoring up IT risk sources and focusing on preventing malware execution
Defenses Better End-User Education Do your users know the company security policies and do they understand their importance? Do you show your users what your “real” AV detection screen looks like? Do they know that they are most likely to be infected from legitimate web sites, social media, USB keys, etc.?
Defenses – What Does Work
Defenses What Does Work Focusing on the Basics Prioritize and Implement Using past history to determine this year’s priorities Make a ranked list and begin Go for low hanging fruit first Using Strong Data to Convince Management
Focus on the Operational Basics Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010 Assess Prioritize Remediate Repeat Identify all IT assets (including platforms, operating systems, applications, network services) Monitor external sources for vulnerabilities, threats and intelligence regarding remediation Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations Maintain an inventory of IT assets Maintain a database of remediation intelligence Prioritize the order of remediation as a function of risk, compliance, audit and business value Model / stage / test remediation before deployment Deploy remediation (automated, or manually) Train administrators and end-users in vulnerability management best practices Scan to verify success of previous remediation Report for audit and compliance Continue to assess, prioritize and remediate
Defenses – What Does Work Augment existing defense-in-depth tools Comprehensive Patch and Configuration Management Application Control / Whitelisting Device Control Encryption Blacklisting As The Core Zero Day 3 rd Party Application Risk Malware As a Service Volume of Malware Traditional Endpoint Security
Improving SMB Security
Minimize Your True Endpoint Risk Rapid Patch and Configuration Management Analyze and deploy patches across all OS’s and apps (incl. 3 rd party) Ensure all endpoints on the network are managed Benchmark and continuously enforce patch and configuration management processes Don’t forget about the browser! Un-patched browsers represent the highest risk for web-borne malware. Source: John Pescatore Vice President, Gartner Fellow 30% Missing Patches Areas of Risk at the Endpoint 65% Misconfigurations 5% Zero-Day
Antivirus Use for malware clean-up and removal Application control Much better defense to prevent unknown or unwanted apps from running Stop Malware Payloads with App Whitelisting Malware Apps Known Viruses Worms Trojans Unknown Viruses Worms Trojans Keyloggers Spyware Authorized Operating Systems Business Software Unauthorized Games iTunes Shareware Unlicensed S/W Un-Trusted
Stop Unwanted Applications Immediate and simple risk mitigation Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
Reduce Local Administrator Risk Monitor / Control Local Admin Usage Local Admins can do ANYTHING on their systems Install unwanted and unauthorized software Install malware Remove patches Bypass security measures Change configurations
Manage those Devices
Encryption Endpoints (Whole Disk) Secure all data on endpoint Enforce secure pre-boot authentication w/ single sign-on Recover forgotten passwords and data quickly Automated deployment Removable Devices Secure all data on removable devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs) Centralized limits, enforcement, and visibility Laptop Thefts (IDC 2010) Lost UFDs (Ponemon 2011)
Improving SMB Security Problems Defense-In-Depth is not easy Hard to manage it all Different solutions don’t always work well together The more consoles you have to monitor, the less you’ll do it Unreviewed logs are useless It’s NOT compliance vs. security … both are necessary
Improving SMB Security Solution – Security Suites Single Server / Management Console Single Agent Modular, Extensible Design Organization-wide Reporting Lower Total Cost of Ownership (TCO) Single Console Agile architecture Single Promotable Agent
More Information SMB Security Series Resource Center: http://www.lumension.com/smb-budget Webcast Part 2: http://www.lumension.com/Resources/Webinars/How-to-Reduce-Endpoint-Complexity-and-Costs.aspx Quantify Your IT Risk with Free Scanners http://www.lumension.com/special-offer/PREMIUM-SECURITY-TOOLS.ASPX Lumension ® Endpoint Management and Security Suite Demo: http://www.lumension.com/endpoint-management-security-suite/demo.aspx Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx SMB Market Survey www.lumension.com/smb-survey
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 [email_address] http://blog.lumension.com

More Related Content

PDF
Incident response methodology
Piyush Jain
 
PPTX
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 
PDF
Information Security Risk Management
Ersoy AKSOY
 
PDF
Bit defender ebook_secmonitor_print
james morris
 
PPTX
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
PDF
Vulnerability Management
GFI Software
 
PPTX
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
Pace IT at Edmonds Community College
 
PPTX
PACE-IT, Security+ 2.5: Incident Response Concepts
Pace IT at Edmonds Community College
 
Incident response methodology
Piyush Jain
 
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 
Information Security Risk Management
Ersoy AKSOY
 
Bit defender ebook_secmonitor_print
james morris
 
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Vulnerability Management
GFI Software
 
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 2.5: Incident Response Concepts
Pace IT at Edmonds Community College
 

What's hot (20)

PDF
L007 Managing System Security (2016)
Jan Wong
 
PPTX
PACE-IT, Security+2.8: Disaster Recovery Concepts
Pace IT at Edmonds Community College
 
PPTX
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
Pace IT at Edmonds Community College
 
PPTX
MISO L007 managing system security
Jan Wong
 
PPTX
PACE-IT, Security+2.9: Goals of Security Controls
Pace IT at Edmonds Community College
 
PPTX
Employee security awareness communication
SnapComms
 
PPTX
MISO L008 Disaster Recovery Plan
Jan Wong
 
PDF
Decision-Zone Introduction
Rocco Magnotta
 
PPTX
Control Issues and Mobile Devices
sunnay
 
PDF
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
PPTX
Protect Against 85% of Cyberattacks
Ivanti
 
PDF
AccelOps & SOC-NOC Convergence
Stephen Tsuchiyama
 
PDF
System of security controls
S.E. CTS CERT-GOV-MD
 
PDF
Endpoint Security
Ahmed Hashem El Fiky
 
PDF
Remote Deposit Capture Risk Management & FFIEC Complaince
JTLeekley
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
DOC
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
PPTX
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
PPTX
Soc
Mukesh Chaudhari
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
L007 Managing System Security (2016)
Jan Wong
 
PACE-IT, Security+2.8: Disaster Recovery Concepts
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 2.1: Risk Related Concepts (part 2)
Pace IT at Edmonds Community College
 
MISO L007 managing system security
Jan Wong
 
PACE-IT, Security+2.9: Goals of Security Controls
Pace IT at Edmonds Community College
 
Employee security awareness communication
SnapComms
 
MISO L008 Disaster Recovery Plan
Jan Wong
 
Decision-Zone Introduction
Rocco Magnotta
 
Control Issues and Mobile Devices
sunnay
 
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Protect Against 85% of Cyberattacks
Ivanti
 
AccelOps & SOC-NOC Convergence
Stephen Tsuchiyama
 
System of security controls
S.E. CTS CERT-GOV-MD
 
Endpoint Security
Ahmed Hashem El Fiky
 
Remote Deposit Capture Risk Management & FFIEC Complaince
JTLeekley
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
Soc
Mukesh Chaudhari
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Ad

Viewers also liked (7)

PPTX
How to succeed in the cloud
Spiceworks Ziff Davis
 
PDF
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
Motty Ben Atia
 
PPTX
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Spiceworks
 
PDF
Sample Cloud Security - SMB
ResearchFox
 
DOCX
Dear Sir
Leo Gregorio
 
PPTX
7 Small Business Security Tips
Infusionsoft
 
PDF
Gartner Symposium 2016 Roundup: Key Trends for Small Businesses
GetApp
 
How to succeed in the cloud
Spiceworks Ziff Davis
 
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
Motty Ben Atia
 
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Spiceworks
 
Sample Cloud Security - SMB
ResearchFox
 
Dear Sir
Leo Gregorio
 
7 Small Business Security Tips
Infusionsoft
 
Gartner Symposium 2016 Roundup: Key Trends for Small Businesses
GetApp
 
Ad

Similar to How to improve endpoint security on a SMB budget (20)

PPT
It's Your Move: The Changing Game of Endpoint Security
Lumension
 
PDF
Endpoint Security & Why It Matters!
Net at Work
 
PPTX
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
PDF
CoreSecurity
Ray Coffin
 
PPTX
Why Patch Management is Still the Best First Line of Defense
Lumension
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
PDF
Vulnerability and Patch Management
n|u - The Open Security Community
 
PDF
Declaration of malWARe
Scott Sutherland
 
PDF
Patch and Vulnerability Management
Marcelo Martins
 
PPTX
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Lumension
 
PPTX
Security Minded - Ransomware Awareness
Greg Wartes, MCP
 
PPT
S M B Top 10minstakes
ctnewmarket
 
PPT
Securing Your Small Business Network
Anindita Ghatak
 
PPT
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
Lumension
 
PDF
Symantec Managed AV Service - KAZ
Grant Chapman
 
PPTX
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
PDF
“8th National Biennial Conference on Medical Informatics 2012”
Ashu Ash
 
PDF
Stratégies de Sécurité pour les PME : Recommandations Clés
hoktechco
 
DOC
Data security
Laura Breese
 
PDF
Cybersecurity a short business guide
larry1401
 
It's Your Move: The Changing Game of Endpoint Security
Lumension
 
Endpoint Security & Why It Matters!
Net at Work
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
CoreSecurity
Ray Coffin
 
Why Patch Management is Still the Best First Line of Defense
Lumension
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Vulnerability and Patch Management
n|u - The Open Security Community
 
Declaration of malWARe
Scott Sutherland
 
Patch and Vulnerability Management
Marcelo Martins
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Lumension
 
Security Minded - Ransomware Awareness
Greg Wartes, MCP
 
S M B Top 10minstakes
ctnewmarket
 
Securing Your Small Business Network
Anindita Ghatak
 
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
Lumension
 
Symantec Managed AV Service - KAZ
Grant Chapman
 
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
“8th National Biennial Conference on Medical Informatics 2012”
Ashu Ash
 
Stratégies de Sécurité pour les PME : Recommandations Clés
hoktechco
 
Data security
Laura Breese
 
Cybersecurity a short business guide
larry1401
 

More from Lumension (20)

PPTX
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
PPTX
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
PPTX
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
PPTX
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
PPTX
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
PPTX
Careto: Unmasking a New Level in APT-ware
Lumension
 
PPTX
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
PPTX
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
PPTX
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
PDF
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
PPTX
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
PPTX
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
PPTX
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
PPTX
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
PPTX
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
PPTX
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
PPTX
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
PPTX
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
PPTX
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
PDF
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 

Recently uploaded (20)

PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
KodekX | Application Modernization Development
KodekX
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Cloud computing and distributed systems.
kkkkkhan
 
Approach and Philosophy of On baking technology
30anthuong17
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

How to improve endpoint security on a SMB budget

  • 1. Effective and Efficient Security on a SMB Budget Part I – How to Improve SMB Endpoint Security
  • 2. Today’s Speakers Chris Merritt Director of Solution Marketing Lumension Roger A. Grimes Security Consultant, Author and Columnist
  • 3. Today’s Agenda Today’s Threats Defenses – and What Does & Does Not Work Improving SMB Security Q&A
  • 5. Today’s Threats General Categories Financially Motivated Bank Accts, Passwords, etc. Identity Theft Insiders Intellectual Property Theft Hacktivists IP / Customer data Denial of Service Reputational Damage
  • 6. Today’s Threats Financially Motivated Examples Fraudulent Payroll / Accounting Transfers Bank Info Stealing Trojans Fake Invoices Malicious Long Distance Service Extortion
  • 7. Today’s Threats IP Theft Examples Corporate Espionage Future Product Plans Trade Secrets Customer Lists Lawyer Case Files (sold to opposing counsel) RSA Attack
  • 8. Today’s Threats Hacktivist Examples Wikileaks Retaliation Distributed Denial of Service (DDOS) as a Protest
  • 10. Defense-in-Depth Traditional Defenses … Antivirus Patching Microsoft OS and Apps Firewalls Strong Passwords End-User Education Programs … Don’t Always Work: If They Did, We Wouldn’t Have IT Security Breaches!
  • 11. Defenses – What Does Not Work
  • 12. Defenses Where Traditional Defenses Fall Short Risk from Un-patched 3 rd Party Apps Controlling Local Admins Gone Wild Preventing Zero-Day Attacks and Targeted Malware End-User Education Isn’t Keeping Up Actionable Reporting and Security Measurement
  • 13. Why Antivirus Doesn’t Work Swamped by the Deluge Can’t keep up with rising daily volume of malware Can’t defend against zero-day threats (on average, only 19% of new malware signatures are detected on day 1) Severely impacts endpoint performance 36% of SMBs rely on free AV
  • 14. Hidden Costs of Antivirus Acquisition Costs Licensing (license cost, maintenance, support) Installation (HW / SW, roll-out, other) Operational Costs System Managemenet Incident Management (help desk, escalation, re-imaging) Lost Productivity Extraordinary Costs Data Breach Operational (60~80%) Acquistion (20~40%)
  • 15. Why Patching Microsoft Alone Doesn’t Work Missing the Target Relying on “free” tools Go beyond Microsoft Most organizations take at least twice as long to patch 3 rd party application vulnerabilities than they do to patch OS vulnerabilities 60% of users are running un-patched versions of Adobe
  • 16. Hidden Costs of Free Patching Why “Free” Can Cost You More Speed and Accuracy Time to deploy non-MSFT or custom application patches No CVE information Visibility and Compliance Lack of hardware and software inventory Limited reporting
  • 17. Defenses What Else Doesn’t Work Buying advanced tools, such as IDS, PKI, black-box solutions, while ignoring the basics Preventing attack methods instead of shoring up IT risk sources and focusing on preventing malware execution
  • 18. Defenses Better End-User Education Do your users know the company security policies and do they understand their importance? Do you show your users what your “real” AV detection screen looks like? Do they know that they are most likely to be infected from legitimate web sites, social media, USB keys, etc.?
  • 19. Defenses – What Does Work
  • 20. Defenses What Does Work Focusing on the Basics Prioritize and Implement Using past history to determine this year’s priorities Make a ranked list and begin Go for low hanging fruit first Using Strong Data to Convince Management
  • 21. Focus on the Operational Basics Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010 Assess Prioritize Remediate Repeat Identify all IT assets (including platforms, operating systems, applications, network services) Monitor external sources for vulnerabilities, threats and intelligence regarding remediation Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations Maintain an inventory of IT assets Maintain a database of remediation intelligence Prioritize the order of remediation as a function of risk, compliance, audit and business value Model / stage / test remediation before deployment Deploy remediation (automated, or manually) Train administrators and end-users in vulnerability management best practices Scan to verify success of previous remediation Report for audit and compliance Continue to assess, prioritize and remediate
  • 22. Defenses – What Does Work Augment existing defense-in-depth tools Comprehensive Patch and Configuration Management Application Control / Whitelisting Device Control Encryption Blacklisting As The Core Zero Day 3 rd Party Application Risk Malware As a Service Volume of Malware Traditional Endpoint Security
  • 24. Minimize Your True Endpoint Risk Rapid Patch and Configuration Management Analyze and deploy patches across all OS’s and apps (incl. 3 rd party) Ensure all endpoints on the network are managed Benchmark and continuously enforce patch and configuration management processes Don’t forget about the browser! Un-patched browsers represent the highest risk for web-borne malware. Source: John Pescatore Vice President, Gartner Fellow 30% Missing Patches Areas of Risk at the Endpoint 65% Misconfigurations 5% Zero-Day
  • 25. Antivirus Use for malware clean-up and removal Application control Much better defense to prevent unknown or unwanted apps from running Stop Malware Payloads with App Whitelisting Malware Apps Known Viruses Worms Trojans Unknown Viruses Worms Trojans Keyloggers Spyware Authorized Operating Systems Business Software Unauthorized Games iTunes Shareware Unlicensed S/W Un-Trusted
  • 26. Stop Unwanted Applications Immediate and simple risk mitigation Denied Application Policy prevents unwanted applications even if they are already installed Easily remove unwanted applications
  • 27. Reduce Local Administrator Risk Monitor / Control Local Admin Usage Local Admins can do ANYTHING on their systems Install unwanted and unauthorized software Install malware Remove patches Bypass security measures Change configurations
  • 29. Encryption Endpoints (Whole Disk) Secure all data on endpoint Enforce secure pre-boot authentication w/ single sign-on Recover forgotten passwords and data quickly Automated deployment Removable Devices Secure all data on removable devices (e.g., USB flash drives) and/or media (e.g. CDs / DVDs) Centralized limits, enforcement, and visibility Laptop Thefts (IDC 2010) Lost UFDs (Ponemon 2011)
  • 30. Improving SMB Security Problems Defense-In-Depth is not easy Hard to manage it all Different solutions don’t always work well together The more consoles you have to monitor, the less you’ll do it Unreviewed logs are useless It’s NOT compliance vs. security … both are necessary
  • 31. Improving SMB Security Solution – Security Suites Single Server / Management Console Single Agent Modular, Extensible Design Organization-wide Reporting Lower Total Cost of Ownership (TCO) Single Console Agile architecture Single Promotable Agent
  • 32. More Information SMB Security Series Resource Center: http://www.lumension.com/smb-budget Webcast Part 2: http://www.lumension.com/Resources/Webinars/How-to-Reduce-Endpoint-Complexity-and-Costs.aspx Quantify Your IT Risk with Free Scanners http://www.lumension.com/special-offer/PREMIUM-SECURITY-TOOLS.ASPX Lumension ® Endpoint Management and Security Suite Demo: http://www.lumension.com/endpoint-management-security-suite/demo.aspx Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx SMB Market Survey www.lumension.com/smb-survey
  • 33. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 [email_address] http://blog.lumension.com

Editor's Notes

  • #4: © Copyright 2008 - Lumension Security
  • #15: See http://www.lumension.com/Resources/Webcasts/The-True-Cost-of-AV.aspx
  • #17: See http://www.lumension.com/Resources/Webcasts/Beyond-Windows-Patching.aspx
  • #28: See http://www.lumension.com/Resources/Webcasts/How-to-Enable-Local-Admin-Access-Without-the-Risk.aspx