Network Control Meets Endpoint Security

Similar documents
The ForeScout Difference

ForeScout MDM Enterprise

McAfee Endpoint Protection Products

Top 10 Reasons Enterprises are Moving Security to the Cloud

Industrial Security for Process Automation

Securing Healthcare Data on Mobile Devices

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Reducing the cost and complexity of endpoint management

How To Improve Your Network Security

Protecting Your Roaming Workforce With Cloud-Based Security

Top five strategies for combating modern threats Is anti-virus dead?

Devising a Server Protection Strategy with Trend Micro

End-user Security Analytics Strengthens Protection with ArcSight

Devising a Server Protection Strategy with Trend Micro

INTRODUCING isheriff CLOUD SECURITY

Embracing Complete BYOD Security with MDM and NAC

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time

Use Bring-Your-Own-Device Programs Securely

isheriff CLOUD SECURITY

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

Jonas Vercruysse Technical Pre-sales February Endpoint Management IBM Corporation

The User is Evolving. July 12, 2011

Modular Network Security. Tyler Carter, McAfee Network Security

INSERT COMPANY LOGO HERE

On and off premises technologies Which is best for you?

Next Gen Firewall and UTM Buyers Guide

Endpoint Security Management

Total Defense Endpoint Premium r12

Malware and Other Malicious Threats

Critical Security Controls

Whitepaper. Securing Visitor Access through Network Access Control Technology

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Unified Threat Management, Managed Security, and the Cloud Services Model

4 Steps to Effective Mobile Application Security

Data Center Security in a World Without Perimeters

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

REVOLUTIONIZING ADVANCED THREAT PROTECTION

What Do You Mean My Cloud Data Isn t Secure?

Proven LANDesk Solutions

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Zscaler Internet Security Frequently Asked Questions

Technical Note. ForeScout CounterACT: Virtual Firewall

Under the Hood of the IBM Threat Protection System

Uncover security risks on your enterprise network

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

The Challenge of a Comprehensive Network Protection. Introduction

Cisco Security Optimization Service

BYOD Policy & Management Part I

V1.4. Spambrella Continuity SaaS. August 2

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink.

Netzwerkvirtualisierung? Aber mit Sicherheit!

Secure Your Mobile Workplace

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

IBM Endpoint Manager for Core Protection

Fortigate Features & Demo

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Endpoint Security More secure. Less complex. Less costs... More control.

IBM Security Intrusion Prevention Solutions

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Network Security. Intertech Associates, Inc.

Network Access Control in Virtual Environments. Technical Note

TRENDS IN THE THREAT LANDSCAPE

Bringing Continuous Security to the Global Enterprise

Executive Brief on Enterprise Next-Generation Firewalls

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Codeproof Mobile Security & SaaS MDM Platform

Symantec Endpoint Protection

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Buyers Guide to Web Protection

ForeScout CounterACT. Continuous Monitoring and Mitigation

Navigate Securely with Check Point and FishNet Security

IBM Endpoint Manager Product Introduction and Overview

Clean VPN Approach to Secure Remote Access

OVERVIEW. Enterprise Security Solutions

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Symantec Endpoint Protection Analyzer Report

Data Protection McAfee s Endpoint and Network Data Loss Prevention

Addressing BYOD Challenges with ForeScout and Motorola Solutions

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

74% 96 Action Items. Compliance

Solution Brief. Secure and Assured Networking for Financial Services

Metrics that Matter Security Risk Analytics

WHITE PAPER W H I T E P A P E R. by Gregory Toto, Vice President, Product Management, BigFix, Inc.

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

A Bring-Your-Own-Device (BYOD) Solution Brief

2012 Endpoint Security Best Practices Survey

Transcription:

Network Control Meets Endpoint Security Sandy Hawke, CISSP Sr. Director of Product Marketing, BigFix Jack Marsal Director of Marketing, ForeScout 1

Agenda Introductions Network and Endpoint Security Challenges Mobility Managed vs. Unmanaged users Requirements for Layered Security Continuous protection Multi-layer (at the network, at the endpoint) Multi-profile access policies Summary 2

Who is BigFix? BigFix is a leading global provider of high-performance security and systems management software for enterprise companies 40%+ year-over-year growth Global and pervasive deployment across vertical industries Highly complex environments Very large enterprise deployments > 100,000 assets Innovative BigFix technology platform Visionary in EPP and PCLM Gartner Magic Quadrants 19 patents worldwide 32 patents pending worldwide Fast Facts: Every day, trillions of $$$ flow through BigFix-managed computers Each year, over $350B in retail transactions is enabled by BigFix technology Tens of thousands of hotel reservations are made every day on BigFix-managed computers 3

Who is ForeScout? ForeScout is a leading provider of network access control (NAC) and policy compliance management for global enterprise. #1 in large enterprise NAC deployments Visionary in Gartner Magic Quadrant Easy NAC No software to install No network upgrades or reconfigurations Works with your existing infrastructure

The World of IT Circa 2000 192.168.2.X LAN FW 192.168.3.X DMZ IT Enterprise Architecture Circa: 2000 - Organizations primarily manage static computing devices that are within the corporate network and primarily access corporate assets; they focus on perimeter security keep the bad guys out 192.168.1.X Internet Back-end Servers 5

The World of IT Circa 2006 Remote Office Remote Office WAN Remote Office Corporate HQ Internet IT Enterprise Architecture Circa: 2006-2009 - Organizations must manage and secure a growing globally distributed, remote, and mobile computing environment all accessing corporate assets housed within the corporate network; they tend to focus on data center and critical infrastructure security and for the most part acquiesce management and securing mobile computing devices to fate and luck. Home Datacenter Hotel Coffee Shop 6

The World of IT 2010 and Beyond Remote Office Remote Office WAN Remote Office Corporate HQ IT Enterprise Architecture Circa: 2010+ - Organizations must manage and secure a large, complex, and globally distributed, remote, and mobile computing environment all accessing corporate assets in and outside the corporate network; The loss of visibility and control again forces them to look to how they can better maintain the health and security of their mobile computing environment - the endpoints that require access to corporate resources that are housed inside of the corporate network and in the cloud Internet SaaS applications: CRM, ERP, storage, email, etc. Outsourced Datacenter Telecommuters Remote Office 7

Blended Threats Require Blended Protection Conficker was the first, but not the last @ the endpoint: Start with the basics (e.g. passwd policies, patch management, etc.) @ the endpoint: Continuous policy enforcement @ the network: Confirm policy compliance prior to access; access tied to profile (managed vs. unmanaged) 8

Meeting Policy Enforcement Challenges Mobility now on network, now off Roaming laptops, mobile devices Consequences: maintenance challenges; increased exposure risk; loss of visibility/control Security approach: Location-aware, continuous protection policies Different user profiles Managed (employee) vs. unmanaged (guest) Consequences: too restrictive = productivity obstacles; too permissive = exposure risks Security approach: Profile-aware access policies Comprehensive security requires continuous protection regardless of computing context or network connection. 9

A Day in the (Risky) Life of a VP s Laptop/Cell Phone 8am Checks email from home before flight to partner meeting. Prints out boarding pass on airline website then clicks on ad with drive-by-download (THREAT #1) 10am Views latest NFL scores on cell phone. Tries to disable security setting that prevents a Flash plug-in from running since the website uses Flash. (THREATS #2 and #3) 11:30am Connects to partner network to provide presentation and product demo. Unfortunately, one of the gaming applications that his kids installed last weekend launched an IRC bot that tries to send IRC packets onto partner network (THREAT #4) 2pm Leaves cell phone at restaurant. Contains email with architectural design plans for the next release of their product. (THREAT #5) 6pm After checking into his hotel room, tries to download an animated screensaver that he thinks kids will like. It contains a number of dangerous spyware programs including one of which opens up a backdoor on his laptop. (THREAT #6) 10

A Day in the (Risky) Life of a VP s Laptop/Cell Phone 8am Checks email from home before flight to partner meeting. Prints out boarding pass on airline website then clicks on ad with drive-by-download (THREAT #1) Security Control: Endpoint agent prevents download 10am Views latest NFL scores on cell phone. Tries to disable security setting that prevents a Flash plug-in from running since the website uses Flash. (THREATS #2 and #3) Security Control: Endpoint agent prevents reconfiguration 11:30am Connects to partner network to provide presentation and product demo. Unfortunately, one of the gaming applications that his kids installed last weekend launched an IRC bot that tries to send IRC packets onto partner network (THREAT #4) Security Control: Endpoint agent blocks initial download and would still block on execution (if installed prior to agent) 2pm Leaves cell phone at restaurant. Contains email with architectural design plans for the next release of their product. (THREAT #5) Security Control: IT Ops remotely enforces a password policy on cell phone 6pm After checking into his hotel room, tries to download an animated screensaver that he thinks kids will like. It contains a number of dangerous spyware programs including one of which opens up a backdoor on his laptop. (THREAT #6) Security Control: Endpoint agent filters website based on web reputation; never even gets redirected to the download site! 11

A Day in the (Risky) Life of a VP s Personal Laptop Weekend Used by teenagers. Facebook. YouTube. Amazon. itunes. VP uses laptop for personal project -- Little League uniform logos. Anti-virus is out of date. QuickTime is old, contains a vulnerability. Rootkit infection.

A Day in the (Risky) Life of a VP s Personal Laptop Weekend Used by teenagers. Facebook. YouTube. Amazon. itunes. VP uses laptop for personal project -- Little League uniform logos. Anti-virus is out of date. QuickTime is old, contains a vulnerability. Rootkit infection. 10am Monday VP brings laptop to work. Connects to the network to print the Little League uniform logos on the color printer. (THREAT #1 - Conficker. THREAT #2 QuickTime vulnerability. THREAT #3 Rootkit infection. THREAT #4 -- no DLP software.)

A Day in the (Risky) Life of a VP s Personal Laptop Weekend Used by teenagers. Facebook. YouTube. Amazon. itunes. VP uses laptop for personal project -- Little League uniform logos. Anti-virus is out of date. QuickTime is old, contains a vulnerability. Rootkit infection. 10am Monday VP brings laptop to work. Connects to the network to print the Little League uniform logos on the color printer. (THREAT #1 - Conficker. THREAT #2 QuickTime vulnerability. THREAT #3 Rootkit infection. THREAT #4 -- no DLP software.) Network Security Controls: 1) Identify ownership 2) Inspect system. Identify weaknesses (out-of-date antivirus, QuickTime vulnerability) 3) Remediate update antivirus and QuickTime 4) Allow onto guest network printing and Internet access 5) Block any malicious activity by the rootkit on the system

Network Access Control Slide 15

Sales HR Finance Role-based Network Access Control Sales HR Finance Guest Network Employees Slide 16

Unmanaged Endpoints Managed Endpoints Summary: Host Security + Network Security Endpoint Security Controls Protect system from attack (malware, intrusion) Protect data from loss Identify unauthorized applications Update software and configuration Automated, closed-loop remediation Compliance and inventory reports Network Security Controls Ensure agents are running on managed endpoints prior to network admission Real-time asset discovery and visibility Allows for management in minutes via right-click automation Block attacks on the network Protect network from insecure endpoints (AV, patch, firewall, etc.) Role-based network access Remediation Compliance and inventory reports 17

THANK YOU! Sandy Hawke, CISSP Sr. Director, Product Marketing @ BigFix Sandy_hawke@bigfix.com Jack Marsal Director, Marketing @ ForeScout jmarsal@forescout.com www.bigfix.com 18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information