Title: Sanctuary EndPoint Management
1SanctuaryEnd-Point Management
Vice President, North American Sales
Version 3.4
2My Contact info
- Bill Aubin VP, North American Sales
(703)724-1032 - Office bill.aubin_at_securewave.com
Eric Vanderbur Pre-Sales Engineer
(703)980-0951 - Cell eric.vanderbur_at_securewave.c
om
3Agenda
- SecureWave Overview
- The Challenge
- Why Sanctuary
- Uncontrolled Device Use
- Beyond Security Questions
4SecureWave Corporate Overview
5SecureWave Value Proposition
SecureWaves Sanctuary platform provides
policy-based threat prevention solutions for
Global 2000 Enterprises
What Do We Do?
1,500,000 enterprise workers in 1,000
accounts rely on our security solutions
Who are our Customers?
The Sanctuary platform secures Personal
Computers/Laptops, Thin Clients, Servers, and
Terminal Servers against tomorrows malware today
at the point of execution and prevents
unauthorized device usage
Our Product Portfolio
Sanctuary shifts customers away from reactive
security models through a positive policy-based
application and device control model
What Makes Us Unique?
6Strategic Technology Partners
Technology Partners
- "Companies in all fields can easily administer
and centrally manage their endpoint security
solutions with SecureWave's Sanctuary suite." - SecureWave and Network Access Protection will
improve overall network security by decreasing
the risk of virus attacks and malware introduced
to an organization's network, as well as the
possibility of data theft associated with mobile
devices. - Steve Anderson, Director
- Windows Server Group
- Microsoft
7Sanctuary Platform A Complete Solution
8The Challenge
9Todays Hot Topic IT security threats
Percentage of firms that rated the following as
one of the top threats to their organizations
Base 149 technology decision-makers at North
American SMBs and Enterprises (multiple response
accepted)
Natalie Lambert - Analyst January 31, 2006
10Todays hot Topic Patching
- Microsoft's delay to patch fuels
concernsMicrosoft's decision to cancel a
security fix after finding problems with the
patch has security experts questioning whether
waiting for the fix to come next month might
leave them open to attack. - Robert Lemos, SecurityFocus 2005-09-13
- Unofficial patch WMF Exploit
- For those of you wanting to try an unofficial
patch with all the risks involved, please see
here. (md5 15f0a36ea33f39c1bcf5a98e51d4f4f6), PGP
signature (signed with ISC key) here. Initially
it was only for Windows XP SP2. Fellow handler
Tom Liston worked with Ilfak Guilfanov to help
confirm some information required to extend it to
cover Windows XP SP1 and Windows 2000.Note When
MS comes out with a real patch, simply uninstall
this from Add/Remove programs on the Control
Panel. - SANS Institute
- Internet Storm Center
11Todays Hot Topic Zero Day Virus Protection
- Virus Fighters Can't Keep UpFast-moving
malware has the antivirus industry looking for a
new strategy that focuses on proactive, automated
tools.
"The majority of products are unable even to
guarantee 90 protection. And this is the main
problem facing the antivirus industry today." -
Eugene Kaspersky
Thomas Claburn Dec 19, 2005 1200 AM
12Todays Hot Topic Zero Day Virus Protection
- Kaspersky Lab receives 200 to 300 new malware
samples a day. Sophos plc, a U.K. research lab,
reports that the number of new threats rose by
48 this year. Panda Software warns that more
than 10,000 new bots--automated worms or Trojans
that infest PCs and turn them into zombies under
a hacker's control--have appeared in 2005. "The
game has definitely changed over the past few
years, even in the past 12 months, about what is
an acceptable speed of response to a new virus,"
says Richard Wang, manager of Sophos labs. - InformationWeek
- Dec 19, 2005 1200 AM
13Todays Hot Topic SpyWare Protection
- If you use the Internet, there is over a 90
chance your computer is infected with SpyWare - - 20 of all of our Support related calls are
SpyWare related - Dell Computer
- Nearly 80 of IT managers claim their
organizations have been infiltrated in the last
12 months by spyware. - Information Week
Computer Security News 2/06/2006
USA TODAY 6/15/2004
InformationWeek Dec 19, 2005 1200 AM
14In the News Unauthorized Applications
- Hackers Tap 40 Million Credit Cards
- "It looks like a hacker gained access to
CardSystems' database and installed a script that
acts like a virus, searching out certain types of
card transaction data," said MasterCard
spokeswoman Jessica Antle. - MasterCard and CardSystems said that of the more
than 40 million accounts exposed, information on
only 68,000 Mastercard accounts, 100,000 Visa
accounts and 30,000 accounts from other card
brands are known to have been exported by the
hackers. The data exported included names, card
numbers and card security codes..
CNN/Money senior writer By Jeanne Sahadi, July
27, 2005
15Blacklists dont work
- Over 100,000 signatures and growing daily .
- But offers no protection against ZERO-DAY
attacks.
16Todays Hot Topic SpyWare Protection
- If you use the Internet, there is over a 90
chance your computer is infected with SpyWare - - 25 of all of our Support related calls are
SpyWare related - Dell Computer
- Nearly 80 of IT managers claim their
organizations have been infiltrated in the last
12 months by spyware. - Information Week
17In the News Unauthorized Applications
- Hackers Tap 40 Million Credit Cards
- MasterCard International said card numbers and
expiration dates were harvested by a rogue
program planted inside the computer network at
CardSystems Inc., one of the firms that process
merchant requests for credit card authorization.
When a retailer swipes a customer's card, the
information goes to companies such as CardSystems
for approval before getting passed along to
banks.
18Legitimate or Dangerous Devices
19What actions to take
- Develop a policy for the use of removable media
- Gartner (July 2004) advises companies to forbid
employees to use iPods and other USB/FireWire
devices
20Why Sanctuary?
21Why Sanctuary ?
- Corporate Security issues
- Competitive losses, lawsuits
- New Technologies/Behaviors
- Remote Access VPNs, 2.5/3G, Broadband and roaming
WiFi availability - Data portability and sharing
- Keyloggers, Trojans, Bots, Spyware
- Legal and Privacy exposures
- Regulatory compliance
- HIPAA, Sarbanes-Oxley, GLBA, Basel II, etc.
22Why Sanctuary ?
80 of enterprises experienced malware attacks in
2004 while 99 had Fire Walls and 80 have
Anti-Virus solutions In Q1 of 2005 more than 55
percent of corporate PCs were infected by
spyware One out of every fifteen computers is
infected with a key logger.
- Corporate Security breaches
- Competitive losses, lawsuits
-
23Why Sanctuary ?
New Technologies/Behaviors
24Why Sanctuary ?
HIPAA 55 of all Required Implementation
Specifications (11/20) 64 of all Addressable
Implementation Specifications (14/22) 60 of all
Implementation Specifications together
(25/42) Sarbanse Oxley 105 Protection against
violation of confidentiality 302 Prevents
unauthorized modification, destruction of
data 404 Safeguards against unauthorized and
improper use of data 409 Real-time reporting and
event-driven alerts GLBA
(Gramm-Leach-Bliley Act) 501 (a) Privacy
Obligation Policy.It is the policy of the
Congress that each financial institution has an
affirmative and continuing obligation to respect
the privacy of its customers and to Protect the
security and confidentiality of those customers
nonpublic personal information.
- Regulatory compliance
- HIPAA
- Sarbanes-Oxley
- GLBA
- Basel II
- Governance Framework
- More
-
25Challenge The Uncontrolled Device Threat
26The Device Control Problem
Music Files? OR Your Customer Database to Go?
27The Device Control Problem
Cool Gadget OR New Entry Point for Malware?
28Sanctuary Device Control
Manage Devices and Access Control Protect All
Ports
TREO MP3
29Managed Device Access Control
Users
Kernel Driver
List of classes known devices
Known Device Checking
Device Access Request
DEVICE CLASS LISTED DEVICES
Known Device?
Authorization
Access Control List (ACL)
30Managed Device Access Control
Users
Kernel Driver
List of classes known devices
Known Device Checking
Device Access Request
USER DEFINED DEVICE TYPE
Known Device?
Known Device?
Authorization
Authorization
Access Control List (ACL)
31Challenge Unauthorized, illegal and unwanted
executables
32Malware Threat
33Sample of Unauthorized Software
34Todays Countermeasures at Glance
Malware
Applications
R I S K
- Known
- Viruses
- Worms
- Trojans
- Spyware
- Authorized
- Operating Systems
- Business Software
- Unknown
- Viruses
- Worms
- Trojans
- Spyware
- Unauthorized
- Games
- Shareware
- Unlicensed
- Software
35SecureWave Sanctuary Application Control
Malware
Applications
- Known
- Viruses
- Worms
- Trojans
- Spyware
Stops Malware COLD!
- Authorized
- Operating Systems
- Business Software
- Unknown
- Viruses
- Worms
- Trojans
- Spyware
- Unauthorized
- Games
- Shareware
- Unlicensed Software
36Authenticated ExecutionTrusted Code Execution
Users
Kernel Driver
File signature generation using SHA-1 hash
Application Execution Request
0x20ee7cf645efeba7C81bd660fe307
Comparison with list of centrally authorized
files signature
Authorization
0x4969b6ca2e9651565c75338bcbb1
No Matching Signature
0x20ee7cf645efeba7C81bd660fe307
Log
37Authenticated ExecutionDefault Deny
Users
Kernel Driver
File signature generation using SHA-1 hash
Application Execution Request
0x20ee7cf645efeba7C81bd660fe307
Comparison with list of centrally authorized
files signature
Authorization
Log
38Beyond Security
39Beyond the Security Aspect
- Patch Management simplified
- End point performance improves
- Network Performance improves
- Significant Tech Support ROI
40Thank you