Sanctuary EndPoint Management - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Sanctuary EndPoint Management

Description:

... Internet, there is over a 90% chance your computer is infected with SpyWare ... Dell Computer ... One out of every fifteen computers is infected with a key logger. Corporate ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 38
Provided by: datacon
Category:

less

Transcript and Presenter's Notes

Title: Sanctuary EndPoint Management


1
SanctuaryEnd-Point Management
  • Bill Aubin

Vice President, North American Sales
Version 3.4
2
My Contact info
  • Bill Aubin VP, North American Sales
    (703)724-1032 - Office bill.aubin_at_securewave.com
      Eric Vanderbur Pre-Sales Engineer
    (703)980-0951 - Cell eric.vanderbur_at_securewave.c
    om

3
Agenda
  • SecureWave Overview
  • The Challenge
  • Why Sanctuary
  • Uncontrolled Device Use
  • Beyond Security Questions

4
SecureWave Corporate Overview
5
SecureWave Value Proposition
SecureWaves Sanctuary platform provides
policy-based threat prevention solutions for
Global 2000 Enterprises
What Do We Do?
1,500,000 enterprise workers in 1,000
accounts rely on our security solutions
Who are our Customers?
The Sanctuary platform secures Personal
Computers/Laptops, Thin Clients, Servers, and
Terminal Servers against tomorrows malware today
at the point of execution and prevents
unauthorized device usage
Our Product Portfolio
Sanctuary shifts customers away from reactive
security models through a positive policy-based
application and device control model
What Makes Us Unique?
6
Strategic Technology Partners
Technology Partners
  • "Companies in all fields can easily administer
    and centrally manage their endpoint security
    solutions with SecureWave's Sanctuary suite."
  • SecureWave and Network Access Protection will
    improve overall network security by decreasing
    the risk of virus attacks and malware introduced
    to an organization's network, as well as the
    possibility of data theft associated with mobile
    devices.
  • Steve Anderson, Director
  • Windows Server Group
  • Microsoft

7
Sanctuary Platform A Complete Solution
8
The Challenge
  • Current Security Events

9
Todays Hot Topic IT security threats
Percentage of firms that rated the following as
one of the top threats to their organizations
Base 149 technology decision-makers at North
American SMBs and Enterprises (multiple response
accepted)
Natalie Lambert - Analyst January 31, 2006
10
Todays hot Topic Patching
  • Microsoft's delay to patch fuels
    concernsMicrosoft's decision to cancel a
    security fix after finding problems with the
    patch has security experts questioning whether
    waiting for the fix to come next month might
    leave them open to attack.
  • Robert Lemos, SecurityFocus 2005-09-13
  • Unofficial patch WMF Exploit
  • For those of you wanting to try an unofficial
    patch with all the risks involved, please see
    here. (md5 15f0a36ea33f39c1bcf5a98e51d4f4f6), PGP
    signature (signed with ISC key) here. Initially
    it was only for Windows XP SP2.  Fellow handler
    Tom Liston worked with Ilfak Guilfanov to help
    confirm some information required to extend it to
    cover Windows XP SP1 and Windows 2000.Note When
    MS comes out with a real patch, simply uninstall
    this from Add/Remove programs on the Control
    Panel.
  • SANS Institute
  • Internet Storm Center

11
Todays Hot Topic Zero Day Virus Protection
  • Virus Fighters Can't Keep UpFast-moving
    malware has the antivirus industry looking for a
    new strategy that focuses on proactive, automated
    tools.

"The majority of products are unable even to
guarantee 90 protection. And this is the main
problem facing the antivirus industry today." -
Eugene Kaspersky
Thomas Claburn Dec 19, 2005 1200 AM
12
Todays Hot Topic Zero Day Virus Protection
  • Kaspersky Lab receives 200 to 300 new malware
    samples a day. Sophos plc, a U.K. research lab,
    reports that the number of new threats rose by
    48 this year. Panda Software warns that more
    than 10,000 new bots--automated worms or Trojans
    that infest PCs and turn them into zombies under
    a hacker's control--have appeared in 2005. "The
    game has definitely changed over the past few
    years, even in the past 12 months, about what is
    an acceptable speed of response to a new virus,"
    says Richard Wang, manager of Sophos labs.
  • InformationWeek
  • Dec 19, 2005 1200 AM

13
Todays Hot Topic SpyWare Protection
  • If you use the Internet, there is over a 90
    chance your computer is infected with SpyWare -
  • 20 of all of our Support related calls are
    SpyWare related
  • Dell Computer
  • Nearly 80 of IT managers claim their
    organizations have been infiltrated in the last
    12 months by spyware.
  • Information Week

Computer Security News 2/06/2006
USA TODAY 6/15/2004
InformationWeek Dec 19, 2005 1200 AM
14
In the News Unauthorized Applications
  • Hackers Tap 40 Million Credit Cards
  • "It looks like a hacker gained access to
    CardSystems' database and installed a script that
    acts like a virus, searching out certain types of
    card transaction data," said MasterCard
    spokeswoman Jessica Antle.
  • MasterCard and CardSystems said that of the more
    than 40 million accounts exposed, information on
    only 68,000 Mastercard accounts, 100,000 Visa
    accounts and 30,000 accounts from other card
    brands are known to have been exported by the
    hackers. The data exported included names, card
    numbers and card security codes..

CNN/Money senior writer By Jeanne Sahadi, July
27, 2005
15
Blacklists dont work
  • Over 100,000 signatures and growing daily .
  • But offers no protection against ZERO-DAY
    attacks.

16
Todays Hot Topic SpyWare Protection
  • If you use the Internet, there is over a 90
    chance your computer is infected with SpyWare -
  • 25 of all of our Support related calls are
    SpyWare related
  • Dell Computer
  • Nearly 80 of IT managers claim their
    organizations have been infiltrated in the last
    12 months by spyware.
  • Information Week

17
In the News Unauthorized Applications
  • Hackers Tap 40 Million Credit Cards
  • MasterCard International said card numbers and
    expiration dates were harvested by a rogue
    program planted inside the computer network at
    CardSystems Inc., one of the firms that process
    merchant requests for credit card authorization.
    When a retailer swipes a customer's card, the
    information goes to companies such as CardSystems
    for approval before getting passed along to
    banks.

18
Legitimate or Dangerous Devices
19
What actions to take
  • Develop a policy for the use of removable media
  • Gartner (July 2004) advises companies to forbid
    employees to use iPods and other USB/FireWire
    devices

20
Why Sanctuary?
21
Why Sanctuary ?
  • Corporate Security issues
  • Competitive losses, lawsuits
  • New Technologies/Behaviors
  • Remote Access VPNs, 2.5/3G, Broadband and roaming
    WiFi availability
  • Data portability and sharing
  • Keyloggers, Trojans, Bots, Spyware
  • Legal and Privacy exposures
  • Regulatory compliance
  • HIPAA, Sarbanes-Oxley, GLBA, Basel II, etc.

22
Why Sanctuary ?
80 of enterprises experienced malware attacks in
2004 while 99 had Fire Walls and 80 have
Anti-Virus solutions In Q1 of 2005 more than 55
percent of corporate PCs were infected by
spyware One out of every fifteen computers is
infected with a key logger.
  • Corporate Security breaches
  • Competitive losses, lawsuits

23
Why Sanctuary ?
New Technologies/Behaviors
24
Why Sanctuary ?
HIPAA 55 of all Required Implementation
Specifications (11/20) 64 of all Addressable
Implementation Specifications (14/22) 60 of all
Implementation Specifications together
(25/42) Sarbanse Oxley 105 Protection against
violation of confidentiality 302 Prevents
unauthorized modification, destruction of
data 404 Safeguards against unauthorized and
improper use of data 409 Real-time reporting and
event-driven alerts GLBA
(Gramm-Leach-Bliley Act) 501 (a) Privacy
Obligation Policy.It is the policy of the
Congress that each financial institution has an
affirmative and continuing obligation to respect
the privacy of its customers and to Protect the
security and confidentiality of those customers
nonpublic personal information.
  • Regulatory compliance
  • HIPAA
  • Sarbanes-Oxley
  • GLBA
  • Basel II
  • Governance Framework
  • More

25
Challenge The Uncontrolled Device Threat
26
The Device Control Problem
Music Files? OR Your Customer Database to Go?
27
The Device Control Problem
Cool Gadget OR New Entry Point for Malware?
28
Sanctuary Device Control
Manage Devices and Access Control Protect All
Ports
TREO MP3
29
Managed Device Access Control
Users
Kernel Driver
List of classes known devices
Known Device Checking
Device Access Request
DEVICE CLASS LISTED DEVICES
Known Device?
Authorization
Access Control List (ACL)
30
Managed Device Access Control
Users
Kernel Driver
List of classes known devices
Known Device Checking
Device Access Request
USER DEFINED DEVICE TYPE
Known Device?
Known Device?
Authorization
Authorization
Access Control List (ACL)
31
Challenge Unauthorized, illegal and unwanted
executables
32
Malware Threat
33
Sample of Unauthorized Software
34
Todays Countermeasures at Glance
Malware
Applications
R I S K
  • Known
  • Viruses
  • Worms
  • Trojans
  • Spyware
  • Authorized
  • Operating Systems
  • Business Software
  • Unknown
  • Viruses
  • Worms
  • Trojans
  • Spyware
  • Unauthorized
  • Games
  • Shareware
  • Unlicensed
  • Software

35
SecureWave Sanctuary Application Control
Malware
Applications
  • Known
  • Viruses
  • Worms
  • Trojans
  • Spyware

Stops Malware COLD!
  • Authorized
  • Operating Systems
  • Business Software
  • Unknown
  • Viruses
  • Worms
  • Trojans
  • Spyware
  • Unauthorized
  • Games
  • Shareware
  • Unlicensed Software

36
Authenticated ExecutionTrusted Code Execution
Users
Kernel Driver
File signature generation using SHA-1 hash
Application Execution Request
0x20ee7cf645efeba7C81bd660fe307
Comparison with list of centrally authorized
files signature
Authorization
0x4969b6ca2e9651565c75338bcbb1
No Matching Signature
0x20ee7cf645efeba7C81bd660fe307
Log
37
Authenticated ExecutionDefault Deny
Users
Kernel Driver
File signature generation using SHA-1 hash
Application Execution Request
0x20ee7cf645efeba7C81bd660fe307
Comparison with list of centrally authorized
files signature
Authorization
Log
38
Beyond Security
39
Beyond the Security Aspect
  • Patch Management simplified
  • End point performance improves
  • Network Performance improves
  • Significant Tech Support ROI

40
Thank you
Write a Comment
User Comments (0)
About PowerShow.com