New Customer Presentation

Download Report

Transcript New Customer Presentation

“Trends in Endpoint Security”
by
Richard Lau
29 September 2005
Agenda
 The Challenges: Market, Technical,
Regulatory
 Trends and Key Developments
 Requirements of Endpoint Security
 Cast Study
 Conclusions
2
Business Impact of Multi-Layered
Attacks
Average Worm
$2 million in lost revenue
per incident per victim
(Aberdeen Group)
Code Red
700,000 machines infected
$2-2.9 billion in damage
$200 million in damage per day during
attacks
(Computer Economics)
Worst-Case Worm
$50 billion in U.S. damage
alone
(International Computer Science
Institute)
3
Enterprise Protection Problem
Increasingly Complex IT Infrastructure
Complexity
 Diverse devices, access points, users, agents, applications
Exploits are attacking every layer
 Operating System, Application, Network, Device
Vulnerability
 Spreading faster than patches or Signatures
Difficult to control w/out curtailing benefits
 Wireless, Guests, Outsourcing, Mobility, USB, IM, Rogues
Lack of
Control
Traditional security products aren’t effective
 99% have AV - 68% get viruses
Inefficiency
 New agent for every threat, poor management, no integration
 You have to choose between security and productivity
4
The Problems (Gartner Research)
Vulnerabilities Exploited
Misconfiguration
Old Patch
Recent Patch
New Vulnerability
 Misuse, misconfiguration and malicious access
of systems compromises business.
Copyright © 2002
5
The Problems
 Compromised and Rogue Devices
- 20 percent of the systems that operations, network and
security admins know about are compromised – misused,
misconfigured, exposed to malicious access (Gartner).
- 20% of the IP addresses in use on corporate network admins
know nothing about (Gartner).
 Virus and worm events can cost IT staffs
upwards of $250 per system infected
 Typical American enterprise spent $200K on
worm attacks
6
Vulnerability-Exploit Gap
Decreasing
Ramen/Adore - 06/00
Vulnerability Announced
Code Red - 06/01
5 variants, 359,000 machines infected
Digispid - 03/02
Spida - 04/02
SQL Slammer - 07/02
Slapper - 07/02
WebDAV vuln - 03/03
Blaster/Welchia - 07/03
75 variants, 500,000+ machines infected
Witty - 03/04
17 variants, 1,000,000+ machines infected
Sasser - 04/04
Zotob 8/05
0
100
200
Days Until First Attack
7
Traditional Security
Has Not Blocked Attacks
Ex: Zero-Day Worm
Perimeter Firewalls
• Can’t block access to ports used for legitimate purposes
• Packet scanning only effective against recognizable signatures
Network Intrusion Detection
• Can only reliably detect worms after they have
compromised some systems and are actively spreading
Basic Personal Firewall
• Can’t lockdown the system enough to prevent worms from
acting like an authorized applications or traffic.
Patch Management Solutions
• Window of vulnerability prior to patch being applied
• Not effective against unknown attacks
Anti-Virus
• Damage is done by the time the virus definition is deployed
Comprehensive NAC and Host-based Intrusion
Prevention Systems are required…
8
LAN Security Challenges
 The LAN edge represents the largest area
of vulnerability
 Need to consider securing next generation
devices
Rouge Device
Guest user
Opening infected
attachment from
hotmail.com
Mobile User brought
virus with them
9
VPN Security Challenges
Rogue Device Elimination
Security Policy Compliance
 Non-compliant VPN connected systems
may infect the corporate network
 Unprotected Systems can launch man-inthe-middle attacks on IPSec VPNs
 “Dirty” public systems may contain
malware, keyloggers, and other privacy
threats
10
Regulatory Challenges
Increasing government or industry regulations are
presenting new challenges to IT organizations,
especially in the financial and health care sectors,
e.g. HIPPA, SOX, Basel II and etc.
• How can I ensure continuous compliance?
• How do I know that patient-confidential information is
protected?
• Can I demonstrate Sarbanes-Oxley (SOX) compliance?
• What can I do to prevent regulatory violations?
• How can I ensure that my users are not violating use policies?
11
Business Compromised
 Companies lose production systems,
revenue is compromised,
 companies lose customer credit card
numbers, relationships are compromised,
 companies lose software source code,
product lines are compromised,
 companies lose copyrighted material,
shareholders are compromised.
 companies lose employee productivity,
profitability is compromised.
12
Agenda
 The Challenges: Market, Technical,
Regulatory
 Trends and Key Developments
 Requirements of Endpoint Security
 Case Study
 Conclusions
13
Magic Quadrant for Personal Firewall
14
Continuous Compliance Model
Security
Policy
Rely on User Discipline
System Enforcement
15
Network Access Control Process
1. Define Policy
2. Discover Policy Compliance
 Agent
 On-Demand Agent
 Network Interrogation
3. Enforce Network Access
Security
Policy
Control




LAN, DHCP, Gateway Enforcer
Self-Enforcement
Infrastructure Integration
Universal Enforcement API
4. Remediate Non-Compliant Endpoints
5. Continuous Monitoring
16
Key Developments –
Network Access Control
 Gartner created reference design for
Network Access Control
 Cisco has announced Network Admission
Control
 Microsoft has announced Network Access
Protection
 The Trusted Computing Group has
announced Trusted Network Connect
 802.1x Standard
17
Gartner –
Network Access Control
 Policy – outline the security configurations wish to
enforce as a prerequisite for network access, including
patches, AV, custom security software, or special
configurations
 Baseline – is used to compare systems connecting to
the network with the configured policy
 Access Control – is used to give the connecting
system the appropriate level of network access
 Quarantine – systems exhibiting anomalous behavior
must be sent into a quarantine area
 Remediation – to bring the system into compliance
18
Cisco’s NAC
 A closed, “invitation only” architecture for
protecting Cisco infrastructures only
 Requires end-to-end Cisco to be effective
 LAN enforcement will not be available
until later this year
 Rounded up some AV vendors’ support
19
Cisco NAC Components and
Decision Making Flow
AV agent
FW agent
Cisco
Trust
Agent
4. Based on
results, CTA
provisions
router
OS agent
1. Individual
2. CTA delivers
agents report to ACS
status
Cisco ACS
Server
3. ACS checks
configured
policy version
for each
policy
20
Layer 3 Protection is not
complete
L3 Cisco NAC
Enabled Router
CNAC Stops infection at router
X
Mobile user spreads infection
on his Layer 2 segment
21
Sygate Simplifies CNAC
5. Based on
results, CTA
provisions
router
Sygate agent
1. Sygate
collects all
compliance
information
Cisco
Trust
Agent
2. CTA delivers
to ACS
Cisco ACS
Server
4. ACS
checks
configured
Sygate
policy
version
22
Cisco NAC Architecture
23
Cisco NAC Architecture In Context
Of Other Layers
Policy
Mgmt
Policy
Decision
Point
CNAC
Policy
Enforcement
Point
Access
Device
24
NAC in a Corporate Network
Policy
Mgmt
Site 1
Policy
Decision
Point
Site 2
SSA
LAN Enforcer
DHCP Enforcer
Gateway Enforcer
CNAC
Network
Policy
Services
ACS
Radius Server
AD
Site 3
SODA
Endpoint Enforcer On Demand Enforcer
…
DHCP Server
DNS Server
Web Server
Enforcement
Network
Access
Points
Devices
Modem/DSL
CTA
OS (like MSFT) and/or 3rd Party network access clients ( DHCP / VPN / .1x / IPsec / Dialer )
Access
Devices
Security Agent
Clients
3rd party Applications (AV, Patch, Config, etc.)
Windows
Macintosh
Linux
PocketPC
…
25
Microsoft’s NAP
 A more open program designed to protect
the Microsoft ecosystem only
 Open to participation by any network
infrastructure vendor
 No plans for any support for nonMicrosoft OS
 Available with Longhorn Serversometime in 2006
26
 Standards Organization focused on computer
system security
- Over 50 Members
 Developing an open standard for any operating
system and network infrastructure
- Completely open, anyone can join
- Specification available early 2005
 Also developed a hardware chip specification to:
- Help ensure the authenticity of hardware- prove system
identity
- Protect systems from executing software that has become
corrupted or hacked
27
What is 802.1x
 802.1x is an IEEE standard for access
control for wireless and wired LANs, 802.1x
provides a means of authenticating and
authorizing devices to attach to a LAN port.
 This standard defines the Extensible
Authentication Protocol (EAP), which uses a
central authentication server to authenticate
each user on the network.
 Layer 2 protocol
 802.1x happens before TCP/IP is established
28
Purpose of 802.1x
 Authenticate the user/computer at the
network level
 Block unauthorized computers from
accessing the network
 Provide different levels of authentication
and encryption security based on
administrator’s decision and network
needs
 Most vendors have extended 802.1x from
the RFC definition
29
Enforcement with 802.1x
Sygate LAN
Enforcer
SMS
Remediation
Server
RADIUS
Permit or
Deny
Internet
RADIUS
802.1x and EAP
Login
Credentials
30
802.1x NAC Solution
Ethernet
802.1x NAC
Wired User
Sygate Policy Server
System sends NAC and user data via EAP
Switch forwards to LE
LE Checks user login
RADIUS server
Quarantine
Network
Sygate LAN Enforcer
LAN Enforcer connects system to corporate or
quarantine network
 Most secure LAN solution
- NAC status, or NAC+User credentials
Quarantine Patch Server
 Standards-based
- Nearly all vendors support
31
How DHCP Enforcement works
 Systems connecting to the network get a DHCP
lease with a short lease time in a “quarantine
address space”
- Secondary IP space or DHCP route filters
 DHCP Enforcer checks for SSA agent and status
 If the agent is present and system is up-to-date,
DHCP Enforcer gives the system a new address
in the normal address space
 If there is no agent, system remains in the
quarantine address space
 Exceptions are provided by OS type and MAC
address.
32
DHCP NAC SolutionIn compliance
Mobile Users,
Wireless
DHCP
Server
DHCP
Enforcer
Wired User
Ethernet
Switch
DHCP Request
10.1.1.100
Route 10.2.2.2 blah
Unknown system- send route filters or Quarantine Address
Probe for agent and policy status
Trigger release/renew on pass
DHCP Request
10.1.1.100
Compliant- send regular address
33
New DHCP NAC SolutionOut of Compliance
Wireless
DHCP
Server
Mobile Users,
DHCP
Enforcer
Wired User
Ethernet
Switch
DHCP Request
Remediation
Server
10.1.1.100
Route 10.2.2.2 blah
Unknown system- send route filters
Probe for agent and policy status
Trigger remediation on failure
Perform Remediation action
Trigger Release/Renew upon completion
DHCP Request
10.1.1.100
Compliant- Remove route filters
34
On-Demand Security
35
Ubiquitous Enforcement Requires
ON-Demand enforcement capability
 Not all systems on a network can have
agents installed
 Not all systems on a network are owned
by the company
 Guests may require safe network access
 Information must be protected when
employees access via 3rd party devices
- Internet Kiosks
- Hotel Business Centers
- Home PCs
36
On-Demand Value
 Problem
- Theft of data from unmanaged devices
- Unprotected or compromised devices connecting to the
enterprise via web infrastructure
- Delivering endpoint security to unmanaged devices
(contractors, kiosks, home machines)
 Solution
- Protects confidential data by creating a secure
environment that provides encryption and file deletion
upon session termination
- Protection from viruses, worms by enforcing AV,
Personal Firewall via Host Integrity
- Lower TCO by delivering endpoint protection ondemand via existing web infrastructure
37
The Market in Which SODA Plays
Gartner Has Defined the Market…
Six Critical Requirement for On-Demand Security:
 Client Integrity Checkers
- SODA Host Integrity
 Browser Cache File Cleanup
- SODA Cache Cleaner
 Behavioral Malicious Code Scanners
- SODA Malicious Code Prevention
 Personal Firewall Mini-Engines:
- SODA Connection Control
 Protected Virtual User Sessions
- SODA Virtual Desktop
 Dynamic User Access Policies
- SODA Adaptive Policies
Source: “Access From Anywhere Drives Innovation for On-Demand Security, Gartner,
ID Number: G00126242”, March 21, 2005.
38
On-Demand Security Agent
On-Demand Agent
 Host Integrity
 Adaptive Policies
 Virtual Desktop
 Data Sanitization
 Persistent Desktop
 Malicious Code
Protection
 Customizable User
Environment
39
When Do You Need On-Demand?
 SSL VPN
 Guest Wireless
Thin
Client/Server
Applications
Web-based
Applications
Traditional
Client/Server
Applications
File
Share
 Webmail
 Enterprise Web Apps (ERP/CRM)
 Online Banking/E-Commerce
 Terminal Services (Citrix)
Public
Kiosk
Traveling
Executives
Partner
Extranet
40
Citrix
Business Drivers:
- Speed application
deployment
- Access from anywhere
- Access from any device
Data at Risk:
- Citrix login password
- Screen images
- Browser history
41
HR/Financial/Partner Portals
Business Drivers:
- Web-based access to payroll
and employee information
- Eliminate cost of printing and
mailing paychecks
Data at Risk:
- Portal login password
- PDF paycheck stub
- Payroll system
42
Architecture - How It Works
Sygate On-Demand Manager
Sygate Enforcer
Sygate
On-Demand
Agent
Upon
inactivity
or
closing,
VD
Sygate
On-Demand
Agent
User
IfVirtual
compliant,
can
User
securely
logsOn-Demand
into
download,
SSL
Desktop
or
Cache
User
Connects
to
Login
Page
Administrator
Uploads
Creates
is
closed
and
data
erased
launches
view,
VPN/Web
modify,
the
App
Virtual
and
and
upload
Desktop
gets
Cleaner
then
launches
the
Adapts
Verifies
Policies
Host
to
Integrity
Environment
Downloads
(Java)
Sygate
On-Demand
Agent
corporate
or
access
Cache
information
Cleaner
network
login to
process
Radius
Remediation
Correlator
Web Applications
Adaptive
Policies
Host Integrity Rule
Statu
Device Type
Discovery Engine
Network
Anti-Virus
On
Location
Corporate-Owned,
Airport WLAN
Anti-Virus Updated
Running SSA
Personal Firewall On
Employee Home
Home Network
Service Pack Updated
Guest Laptop
Internal LAN
Patch Updated
802.1x Switch
ATM
Kiosk
Printer
Public Internet
s Policy
Trusted
VD, HI,
Persistent
VD, HI
VD, HI
Wireless
Workstation
Kiosk
Guest
Hotel
Traveling
Executive
Partner
43
Sygate On-Demand Qualification
 Enterprises providing access to corporate
information through web applications
-
Web Mail – Outlook Web Access and Lotus Inotes
SSL VPN – Netscreen, Aventail, Nortel, Netilla
Citrix
Portals – Financial, HR, Partner
Web CRM - Siebel
Financial Applications – SAP financials
 Critical Qualification Information
-
What are the web applications in use?
What are the different types of users and devices?
Do they want different policies for different situations?
Do they want to check the security of the computer before
allowing access?
44
SSL VPN
Business Drivers:
- Low cost remote access
- Access from anywhere
Thin
Client/Server
Applications
Web-based
Applications
Traditional
Client/Server
Applications
File
Share
Data at Risk:
- SSL VPN login password
- Shared files
- Application data
Public
Kiosk
Traveling
Executives
Partner
Extranet
45
Securing Remote Access
with SSL VPN
WWW
Private
Network
Protected network
resource, application,
or service
Bind to AM Policy
based on scan
Sygate Security Agent is pre-installed
on the managed device to provide
firewall, intrusion prevention, and
policy enforcement. The Juniper Host
Checker verifies that the Sygate
Security Agent is running.
NetScreen Host Checker
packaged with NHC
Server API extensions
Managed Device
Unmanaged Device
Sygate On-Demand Agent
(Part of Sygate On-Demand)
Upload Sygate On-Demand
Agent using either
Customer UI or as a Host
Checker Package
Sygate Security Agent
(Part of Sygate Secure Enterprise)
- User connects to SSL VPN and is subject to Host Integrity Check
- Sygate On-Demand Agent checks Host Integrity, and installs Cache
Cleaner or Virtual Desktop.
46
Agenda
 The Challenges: Market, Technical,
Regulatory
 Trends and Key Developments
 Requirements of Endpoint Security
 Case Study
 Conclusions
47
Enterprise Protection
Problem - Networks and endpoints are
vulnerable, causing:
Propagation of Malicious code
Leakage of sensitive information
Lost user productivity
Increased support costs
Solution - Safeguard computers, networks, and
data by:
Ridding the network of non-compliant endpoints with NAC
Ensuring Compliance on Contact™ across all entry points
Protecting endpoints with a Host Intrusion Prevention
48
Enterprise Protection Features
HIPS
Device
AS
Traditional
Desktop FW
Enterprise Management
IDS
FW
NAC
Adaptive
Policies
Enterprise Management
AS
NAC
Adaptive
Policies
IDS
IDS
FW
FW
Current
Enterprise
Protection
Next
Enterprise
Protection
•
•
•
•
OS Protection
Buffer Overflow Protection
File/Registry Access Control
Process Execution Control
• Peripheral Device Control
• Anti-Spyware
•
•
•
•
DHCP Enforcement
Host Integrity IF...Then...Else
802.1x Wireless Support
Cisco NAC
• Wireless Detection
• And...Or...Not Conditions
• Signature-Based IDS
• Desktop Firewall
49
Enterprise End-Point Device
Protection Features
 Host Intrusion Prevention System (HIPS)
 Network Access Control (NAC)
 Adaptive Policies
 End-Point Intrusion Prevention
 End-Point Firewall
50
HIPS & The Vulnerability Lifecycle
0-200 Days
14-90 Days
3 Days to Never
Behavioral (HIPS) & White List (Firewall)
Blacklist (Anti-Virus
& IDS Signatures)
Network Access
Control
Patches
51
Host Intrusion Prevention System
Protection
Layer
Black List
Method
White List
Method
Behavior
Method
Network
Layer
Code Red
Personal
Firewall
ARP Poisoning
Application
Layer
SQL
Slammer
Block IIS Buffer
Overflow
OS Layer
Blaster
Signature
Allow Only
Browser,
Email
Prevent
Malware from
Creating
Accounts
Allow only
Mice and
Keyboards
Device Layer Block iPod
USB Key
Block OS Buffer
Overflow
(RPC DCOM)
Block read/
write/exe
by device and
location
52
Server Protection Solution
 Process
Execution
 SQL Injection
 Application
 Privilege Behavior
Escalation
 Block DLL Loading
 File
Access
Account
Creation
 Registry
Control
Auto Start
 Anti-Hijacking
Code Execution
 File Integrity
Applications
 Data Theft
 Device Control
 Spyware
 File Read/Write/Exe
File
Registry
CPU & Kernel
Device
 Rootkits
 System
Lockdown

 Firewall
DoS

 IPS
Worms
Network
Memory
Memory
Memory
Firewall
 Buffer
Overflows
NX Emulation
 Shatter
Attacks
53
NAC in a Corporate Network
Policy
Mgmt
Policy
Decision
Point
Network
Services
Site 1
Site 2
SSA
LAN Enforcer
DHCP Enforcer
Gateway Enforcer
SODA
Endpoint Enforcer On Demand Enforcer
…
Radius Server
DHCP Server
Policy
Network
Enforcement
Access
Devices
Points
DNS Server
Web Server
Modem/DSL
OS (like MSFT) and/or 3rd Party network access clients ( DHCP / VPN / .1x / IPsec / Dialer )
Access
Devices
AD
Site 3
Security Agent
Clients
3rd party Applications (AV, Patch, Config, etc.)
Windows
Macintosh
Linux
PocketPC
…
54
Network Access Control Solution
55
Network Access Control
Problem - Insecure Endpoints Connecting to
Networks Results In:
 Malicious Code Propagation
 Theft of Sensitive Information
 Exposure to Regulatory Penalties
Solution - NAC protects enterprise networks by:
 Discovering endpoints & compliance w/ security policies
 Enforcing network access throughout the entire network
 Remediating non-compliant endpoints
 Monitoring the network continuously
56
Enterprise NAC Requirements
 Pervasive Endpoint Coverage
- Managed Laptops, Desktops, Servers
- Unmanaged Guests, Contractors, Home Computers
 Central, Scalable, Flexible Policy Management
- Distributed servers, redundancy, data base replication, AD integration
 Universal enforcement
- (W)LAN, IPSec VPN, SSL VPN, Web Portal
 Integration with Existing and Emerging Standards
- 802.1x, Cisco NAC, Microsoft NAP, TCG’s TNC
 Automated Remediation Process
- No user intervention required to
 Learning mode and discovery tools
57
Endpoint Intrusion Prevention
 Intrusion Prevention
X
protects against known
attacks on services that are
required
Code Red
 Runs “behind the firewall” to
increase system protection
Valid
Request
 Uses signatures to match
known attacks, reducing the
occurrence of false positives
 Examples- SQL Slammer,
Code Red
Firewall
IDP
 Must log security events
58
Endpoint Firewall Requirements
 Packet Filtering
X
SQL Port 1434/udp
Slammer
Exploit
X
Messenger
Spam
- Closes ports that are not required but
left open by default- Windows
Messenger, SQL, etc
 Stateful Packet Inspection
Messenger Port
6891/tcp
User Request
Permitted Response
- Block inbound packets that do not
correspond to established flows
- Protects open ports from attack
- Blocks protocol-based attacks
 Must operate both inbound and
outbound
X
- Block unauthorized outbound
communications
Unexpected Response
 Must log security events
Firewall
59
Layered Protection
Misconfiguration
Old Patch
Recent Patch
IPS
New Vulnerability
0
Day
Vulnerabilities Exploited – Gartner
60
Continuous Compliance Model
Security
Policy
Rely on User Discipline
System Enforcement
61
Requirements for Enforcement
 Continuous- must work across all access
methods, at all times, for all users
 Consider corporate owned, guest,
managed, unmanaged, and unmanageable
systems
 Must provide automatic remediation, not
just deny access
 All endpoints, all accesses, all networks,
all users
62
Enterprise Protection Solution
63
Location Based (Adaptive) Rules
 Security policies must adapt from HQ to hotel to
home to hotspot
 Policies must change by role, device type, location
and connection
 Without adaptive policies, companies must
choose either good security or productive users
Adaptive Policies
Role
Device Type
Network
Location
Policy
Executive
Corporate
Owned
Enterprise
LAN
Trusted, file sharing on, full
application access
Sales
person
Employee
Owned
Home
wireless
File sharing off, IM off, print
sharing off, VPN on, limited
application access
Outsourcer
Unknown
Public
Internet
VD, HI, SSL VPN access only
and web mail only with data
sanitization
64
Enterprise-Class Management
 Scalable Multi-Server Architecture
- Policy & Log Replication
- Policy Distribution (Push/Pull)
- Configurable Priority/Load Balancing
 Policy Management
-
Group hierarchy w/ inheritance
Manage by computer or user
Reusable policy objects
AD user and group synchronization
 Centralized Logging and Reporting
- Event forwarding (Syslog, SIMs)
- Daily or Weekly E-mailed Reports
65
Agenda
 The Challenges: Market, Technical,
Regulatory
 Trends and Key Developments
 Requirements of Endpoint Security
 Case Study
 Conclusions
66
Solution Highlights
Solution Highlights
VPN & Wireless Protection
On-Demand Protection
Device Discovery
Policy Enforcement
Rogue Prevention (802.1x)
Application Control
Zero-Day Protection
Safe Third-Party Access
Regulatory Compliance
67
Case Study –
Enforcing Basic Security Standards
 Customer : US division of a large international retail
food company
 Business : The company owns 1600 retail food stores
on the eastern seaboard under various brand names
 Business Drivers :
- Reduce Cost associated with virus and worm outbreaks
- Support outsourcing relationships in which vendors’
equipment is on site
- Reduce cost of laptop management
68
Case Study –
Enforcing Basic Security Standards
 Business Requirement :
- Maintain minimum security safequards on the company’s
2000 laptops, most of which login remotely
- Enable remote 3rd party control (administrative rights) over
specific internal servers without compromising corporate security
- Protect internal network from end-point security breaches
- Able to work on a variety of Windows versions, including
2000, XP, and NT
69
Case Study –
Enforcing Basic Security Standards
 Actions :
- Install End-Point Security Agents on all existing laptops during
scheduled configuration upgrade
- Install End-Point Security Enterprise Management Server for policy
enforcement
- Add End-Point Security Agents to standard configuration policy on all
new machines, including internal servers
- Install End-Point Security Agents on existing internal servers
administered by outside vendor partners
- Install End-Point Security Agents on all new servers deployed
70
Case Study –
Enforcing Basic Security Standards
Protecting their network
 When the End-Point Security Agents launched Norton
Antivirus on those home machines, they caught and
identified upwards of 200 viruses that would have
otherwise entered their network,
 Each incident could have easily cost the company
US$50,000 to clean up, not to mention productivity losses
during network interruptions.
 If one of those viruses had gotten lose in the system, an
eight-man LAN server team and a three-man mitigation
team would have had to spring into action. This type of
remediation could take as many as three days for each
virus.
71
Case Study –
Enforcing Basic Security Standards
Unexpected Benefit :
 Blaster worm outbreak
 Use Tivoli software distribution to push out a security
patch
 End-Point security icons blinking red on executives’
machine
 Checking the logs for the attack origin
 Followed the IP addresses and find four new laboratory
production servers, being as yet unregistered, missed the
patch push
72
Summary
 Fusion of endpoint security and network access
control will be a top priority for large enterprises
 Corporations need more sophisticated endpoint
security solutions
- E.g. Central management, reporting, policy control
 Automates the complete compliance and
enforcement process on contact
-
all computers - corporate, consultant, guest, student, outsourcer
all access - LAN, Wireless, Remote, Mobile,
all users - from engineers to executives,
on all networks friendly or hostile - corporate, home, hotel,
business center, airport, the Internet
from all threats - malicious access, misconfiguration,
and misuse
73
THANK YOU!
Richard Lau
[email protected]
UDS Data Systems Ltd.