Goal Line Stand EndPoint Security

1
Goal Line StandEnd-Point Security

• Dave R. Taylor
• LANDesk Software

2
LANDesk Company Background

• Historical overview
• 11 years inside Intel
• Spin-out from Intel in Sept. 2002
• Strong management team
• Offices in 18 countries

• Significant investment
• Strong technology base, developed and refined
  over a decade
• Well established sales channel
• Large and loyal user base

LANDesk Corporate Office
3
'Security Off Top-Five List in Two Years'

• Who said this?
• John Chambers, Cisco
• Al Gore, Vice President
• Eric Schmidt, Google
• Bill Gates, Microsoft
• Peter Firstbrook, Gartner

Gartner Symposium/ITxpo, 29 March 2004, San
Diego, California
4
Threats Real and Present Danger
From January to March 2005, data showed an
increase of 34 percent in the number of malicious
sites found that hosted spyware. Information
week, 5/2005

• Adware and spyware
• Viruses
• Malicious attacks
• Grey, or unwanted, software
• Regulatory compliance
• Sometimes, we are our own worst enemy!
• We visit web sites that hide spyware and adware
• We dont keep our antivirus (AV) software
  up-to-date
• We change settings and disable programs (i.e.
  PFW)
• We skip OS updates, hotfixes, and patches
• We install applications at will
• We are mobile or only occasionally connect

Why arent current products protecting your
company against potential downtime from these
threats?
5
(No Transcript)
6
We are still Vulnerable!

• Shrinking time from vulnerability announcement to
  exploit
• Blaster 28 days (2003)
• Sasser 20 days (2004)
• Witty 7 days (2004)
• Zotob 3 days (2005)
• Increased infections from mobile and
  VPN-connected users
• Unauthorized users gaining network
  access

7
Are These Systems Management or Security Issues?
Spyware
Weakpasswords
UnpatchedSoftware
Viruses
Unapprovedapplications
Intrusions
Spam
Datatheft
Malware
Users withadmin rights
8
Endpoint Security Business Drivers

• Requirement for network access all-the-time,
  anytime, anywhere
• Remote access, mobile corporate users, wireless,
  occasionally connected
• Connections to customers, partners suppliers
• Legal and regulatory burden/requirements growing
• Sarbanes-Oxley, GLBA, HIPAA, CA SB1386, etc.
• Demands more visibility and requires more
  evidence
• Majority of attacks criminally motivated
• Global network of criminals/gangs
• DDOS
• Corporate IP theft
• Customer/Patient privacy
• aggressive spyware

9
Endpoint Security Technology Drivers

• Increasing complexity and vulnerability of IT
  security environment
• Perimeter security insufficient
• Sophistication of internal threats
• Complex mix of applications running on network
• New security threats
• Blended attacks, zero-day threats, faster worms
  (Zotob)
• Aggressive malware/spyware (i.e. spyware-borne
  Trojans)
• Unsecured endpoints
• Non-standard security configuration settings
• Out-of-date OS patches
• Unmanaged PCs connecting to the corporate network

10
Systems and Security Management Market Overview
McAfee
Microsoft
Computer Associates
CheckPoint
IBM Tivoli
Symantec
BMC
Internet SecuritySystems
Altiris
HP OpenView
Security Management (patching, antivirus,
firewall, malware)
Systems Management (desktops, servers, laptops,
handhelds)
PatchLink
the patch management market will disappear, and
the feature set will be absorbed into other
larger product segments, such as IT systems
administration or configuration management
market... Gartner, Patch Management Is a
Fast Growing Market, 5/2003
Clients should evaluate Systems Management tools
using future security requirements and should
favor vendors with clear road maps for
integrating CSM and client security
David Friedlander, Forrester, How to evaluate
Client Systems Management tools, 9/2004
11
Ignore IT Security Bad Idea

• Companies must be more proactive against security
  threats to avoid
• lost data
• lost productivity
• ruined reputation
• unnecessary costs
• significant business risk
• Even with large investments in IT security
• 1/3 companies will be infected by computer virus
• Over 2/3 machines will be infected with spyware
• 1/3 companies will experience internal security
  breach
• 1/3 companies will fail compliance audit
• What do these companies have in common???

12
Managing Security Lowers TCO
Total costs for Windows XP and 2000 desktops
It has not been unusual for managers in
organizations without patch management or
software distribution tools and processes to
report that operations labor costs increased by
15 percent to 20 percent because of patch
deployment and PC remediation. Companies with PCs
that are already considered to be "well-managed"
generally report smaller TCO increases on smaller
base costs, making manageability an important
factor.
Source Gartner, Security Holes Increase TCO,
Oct. 2004
13
5-Point Checklist for Security Management
Multi-layered approach is key

• Automated Patch Management
• Enterprise Anti-Malware
• Enforced Client Security Settings
• Device Connection Control / Lockdown
• Network Access Control

14
Automated Patch Management
Must Haves

• A solution that will Patch the OS and as well as
  applications
• Patch heterogeneous environments
• Automated process for
• Know when a patch is released
• Assess threat to network
• Identify dependencies
• Deploy patches efficiently
• Test patches
• Provide ongoing protection

15
Enterprise Anti-SpyWare
Must Haves

• Policy enforcement
• Centralized management
• Detection and removal
• Continually monitor devices for suspicious
  activity
• Block spyware and adware from running
• Force Compliance

16
Client Security Settings
Must Haves
Personal Firewall Protection
Anti-Virus

• Centrally manage Windows XP SP2 Firewall
• Establish and enforce corporate security policy
  across the enterprise
• Prevent users from disabling firewall
• Prevent users from changing firewall settings

• Centrally manage antivirus applications on all
  devices
• Ensure devices are using current version of
  antivirus application
• Enforce consistency in settings
• Guarantee devices are protected and virus-free
  before they enter network

17
Device Connection Control / Lockdown
Must Haves

• Control over client network connections
• Ability to prevent data theft
• Lockdown and limit access to peripheral devices
• digital cameras
• iPods
• CompactFlash
• USB devices

Network Drive F
USB drive
CompactFlash
iPod
18
Network Access Control
Must Haves

• Protect your network against
• Vulnerable Mobile devices
• Users who disable or change settings
• Visitors who may compromise security
• Enforce security policies before devices enter
  network
• Allow only compliant devices
• Offer noncompliant devices the ability to become
  compliant
• Block noncompliant devices

19
Blended Threats require Layered Solutions
5. Protect criticaldata
10. Establish networkpolicies

• Force policycompliance

8. Track userconfigurations
4. Stay patched
LowerTCO
3. Know yourenvironment
7. Block unwantedapplications
2. Filter atperimeter
9. Centrally installsoftware
6. Keep malware out
A layered approach to IT security that combines
strong perimeter protection and other forms of
blocking with general system hardening is
required to secure a modern IT environment from
external and internal threats. Source Mark
Nicolett, Vulnerability Management Defined,
Gartner
20
LANDesk Solutions
21
Executive Dashboard
22
Why LANDesk?

• In April 2005, Forrester Research ranked LANDesk
  "Best in Class" in all three Client Systems
  Management (CSM) categories (a first for a single
  vendor)

Source The Forrester Wave, Client Systems
Management Tools, Q2, 2005
23
Analysts view of LANDesk

• Gartner Analysts view
• LANDesk offers a comprehensive life cycle suite
  that meets its buyers needs.
• LANDesk was the first vendor to address the
  security CM market which is likely to merge
  with operational CM over time and launched its
  own integrated suite in 2004

24
What makes LANDesk different?

• Agnostic approach investment protection
• tools
• platforms
• Low infrastructure cost

25
Rapid Return on Investment
IDC, Quantifying the ROI Benefits of Integrated
Systems Management Oct, 2004
26
What makes LANDesk different?

• Agnostic approach investment protection
• tools
• platforms
• Low infrastructure cost
• Automated Management Platform
• Broad systems, security, server, and device
  management
• Integrated, centralized enterprise management

27
Summary

• Current threat landscape is a real and present
  danger
• Perimeter defenses are not enough
• Sometimes were our own worst enemy
• We must be vigilant in combating these threats
  with multi-layered approach
• Policy enforced spyware removal
• Patch management
• Antivirus enforcement
• Application blocking
• Network access control
• Secure the end-node device by applying security
  and configuration management solutions such as
  offered by LANDesk Software

28
Thank You!