Smart Security Solutions Easy to Order, Deploy and Support

1
Smart Security SolutionsEasy to Order, Deploy
and Support
Security Challenges and Solutions October 17,
2007
2
Michael Dell

• Simplify IT
• Flexible Computing
• Virtualization

• Simplify Security
• Dell Smart Security
• Simple to Deploy and Manage Solutions
• Encrypting HDDs
• Simplified Strong User Authentication
• Symantec Endpoint Protection Server

3
Menu

• Appetizer
• The Need for Security Solutions
• Main Course Meat and Potatoes
• Dell Smart Security Overview
• New Solutions
• Dessert
• A Peek Into The Future

4
What do you VALUE and need to protect?

• Typical Responses
• Customer Lists
• Financial Information
• User Data
• Student information
• Patient Records
• Business Plans
• Certain E-Mails
• Mostly Data vs. HW!

Must have the Right Data Available to the Right
People at the Right Time- WITHOUT reducing
Productivity
Locking everything in a vault is NOT the answer!
5
Storm Worm

• The Storm worm first appeared at the beginning of
  the year, hiding in e-mail attachments with the
  subject line "230 dead as storm batters Europe."
  Those who opened the attachment became infected,
  their computers joining an ever-growing botnet.
• Although it's most commonly called a worm, Storm
  is really more a worm, a Trojan horse and a bot
  all rolled into one. It's also the most
  successful example we have of a new breed of
  worm, and I've seen estimates that between 1
  million and 50 million computers have been
  infected worldwide.
• Old-style worms -- Sasser, Slammer, Nimda -- were
  written by hackers looking for fame. They spread
  as quickly as possible (Slammer infected 75,000
  computers in 10 minutes) and garnered a lot of
  notice in the process. The onslaught made it
  easier for security experts to detect the attack,
  but required a quick response by antivirus
  companies, sysadmins, and users hoping to contain
  it. Think of this type of worm as an infectious
  disease that shows immediate symptoms.
• Worms like Storm are written by hackers looking
  for profit, and they're different. These worms
  spread more subtly, without making noise.
• Symptoms don't appear immediately, and an
  infected computer can sit dormant for a long
  time.
• From Bruce Schneiers CRTPTO-GRAM, October 15,
  2007

6
The Shifting Threat Landscape
Threat Evolution Timeline
crime
curiosity
1986
2006
Slide provided by Symantec
7
Todays Threats - Crimeware

• The bad guys have become more sophisticated
• Viruses were for bragging rights
• New Malware is for Profit (Crimeware)

• Threat Volume is Overwhelming (1)
• 9.8 US Enterprise PCs may have Trojans
• 7 of US Enterprise PCs may have system monitors
• 2006 Virus Outbreaks were down about 10 vs 2005
• Virus detection rules up 10 due to more
  sophisticated attacks
• 60 to90 of E-Mail is SPAM
• SPAM volume is up 110 to over 60 Billion a month
  in 10/06
• Embedded image Spam has grown from 5 to 25
  (10x larger)
• SPAM data volume has grown 198

• Attacks are focused(1)
• Up to 75 of US banks have reported Phishing
• May be focused on high balance account holders!
• Smaller but rapidly changing footprints- attempt
  to prevent detection
• One SPAM attack had 1.5 Billion messages from
  100K Zombie PCs
• 20,000 variants from 1500 domains over 2 weeks
• Changed domains every 15 minutes
• Changed signature every 12 minutes
• Traditional Signature Based Solutions Cannot Work

(1) Source- Book Upping the Anti-, Tom Gillis,
Ironport
8
Anti-Malware (Internet security) is an area IT
professionals find especially challenging
IT Priorities vs. Challenges of Execution
High
Encryption
Anti-Malware
ChallengeofExecution
Note Gridlines set at medians
Low
Low
Priority
High
Source Pulse Panel 684 Dell Customers mid CY2007
9
Need Simplified Security Solutions
Countless Complex Offerings
EU - 95/46/EC
Data Protection Act
IDC,2006
Technology
Basel II
Virus/Worm Spyware/Malware Spam Phishing Key
Logger Internal Threats
CISP, SDP (Visa, MC)
Local Privacy Regs
Threats
Regulations
10
Dell Enterprise Smart Security Solutions

• Simplify Security
• Easier to select, order, deploy and support
• Recommend Good, Better and Best offerings for
  most categories
• Similar solutions/features for clients, servers
  and storage
• Migrate more functions to Virtual Appliances
• Onsite and professional services as needed
• Without "requiring an army of consultants"
• Without "creating a lifetime annuity for
  consultants
• Remote management and support when possible
• Security Best Practices Recommendations

11
Enterprise Security
Dell Management Platform
Solve MY problems
Help me manage everything Is everything working?
Can I prove it?
Engineered for Security (HW and SW)
Am I buying the right HW? (Will it support ANY
security function that I may need in the future?)
Professional Services for Assessment and Design
What do I need?
Server
Client
Storage
12
Engineered for Security
Dell BIOS Features

• Dell Clients and Servers support most any
  security solution
• TPM on most relationship clients
• Coming to Servers in H2 CY2007
• Dell BIOS- Server and Client Security Features
• Computrace Built into BIOS
• Custom lock solutions in CFI SP for clients
  and servers
• Including custom key master key options

Engineered for Security (HW and SW)
13
Enterprise Security-Managed Solution
Categories
Dell Management Platform
Engineered for Security (HW and SW)
Onsite and professional services as
needed Without "requiring an army of
consultants"
Professional Services for Assessment and Design
Simplify Security Select, Order, Deploy, Support
Server
Client
Storage
14
Security Solution Categories
SYSTEMS
Asset ID/ RFID/Recovery Physical Asset
Protection Engineered for Security
DELL CONFIDENTIAL
15
Security Solution Pain Points
Best Practices for VM, etc.
SYSTEMS
DATA
Management Reporting Compliance RFID
Encryption Key Mgmt.(TPM) Lost Tape
Protection Lost Drive Protection (FDE)
File Folder Enc. DRM
UNAUTHORIZED ACCESS
MALICIOUS ATTACKS
Smart Card and Biometrics HID/Contact-less
Cards Auth. Over KVM/RDP/DRAC
AV/AS Appliances (FW, IPS, IDS, Gateways)
DELL CONFIDENTIAL
16
Dell Enterprise Smart Security Solutions

• Simplify Security
• Easier to select, order, deploy and support
• Recommend Good, Better and Best offerings for
  most categories
• Similar solutions/features for clients, servers
  and storage
• Migrate more functions to Virtual Appliances
• Onsite and professional services as needed
• Without "requiring an army of consultants"
• Without "creating a lifetime annuity for
  consultants
• Remote management and support when possible
• Security Best Practices Recommendations

17
Secure Exchange

• Key Offerings
• Symantec Brightmail Anti-Spam
• Symantec Enterprise Anti-Virus, Anti-Spy
• Dell tape Symantec Backup Exec
• Dell disk/tape Symantec Enterprise Vault
• Dell end to end support
• One call does it all

Archival Compliance
Tape Library
Enerprise Vault
PowerVault or Dell/EMC
Exchange 2003
Antivirus/ AntiSpam
PowerVault or Dell/EMC Disk Array
Exchange 2003
Outside Clients (VPN)
Tape Autoloader or Library
Secure Exchange
Internal Clients
18
Managed HW Encrypting HDDand TPM Management
When Combined with Dells Security Best
Practices1, can enable The Worlds Most Secure
Notebooks
Server Locks HDD in Encrypting Mode If HDD
Stolen, Server log can SHOW that all data was
protected HDD encrypts even if the Wave SW is
un-installed! Only the server can disable
Encryption! Server can also Configure TPMs and
Archive TPM Keys to enable file and folder
encryption
1 See www.dell.com/security/bestpractices
19
IdentiPHI Identity Management Suite
Card HolderUnique ID

• Secure Log-in with smart card, biometric, token,
  PIN
• Automated Single Sign-on with
• Supports various smart card types (Java,
  Multos)
• Broad Biometric sensor support (Fingerprint,
  Facial and Iris)
• File and HD encryption support
• Back-end directory support - AD
• Card Management System Support
• Management Server Bundle with on-site setup and
  training

Encryption
PKI
IdentiPHI Advanced Authentication Card
Management System
SingleSign-on
TPM
Smart CardAuthentication Broad Card
support(Java Multos) Meets HSPD-12 PIV
Biometric Authentication Broad Sensor Support
Middleware
20
Symantec Endpoint Protection SEP 11.0

• Dell Management Server Solutions For SEP 11.0
• Deploy agent to any client or server (existing
  SAV10 or other brands of AV)
• Provide AV updates to end point devices
• Manage ports
• Enforce and Remediate NAC
• Additional Altiris Solutions also Available

Symantec Endpoint Protection 11.0
Tiny, 21 MB Image !
21
Virtualization Best Practices and Virtual
Appliances

• One Server Many Solutions
• Security Best Practices can simplify deployment
  concerns
• Virtual Appliances for management and low
  bandwidth security solutions
• Gateways etc. will remain on physical appliances

• Virtual Appliances
• IdentiPHI Management Server
• Wave TPM and HDD Management Servers
• Symantec SEP 11.0 Management Server

22
Wouldnt it be Nice?

• First thing in the morning
• Present Contact-less Smart Card
• May also require a PIN
• Touch Fingerprint reader on mouse
• Now Logged into system with Single Sign on
• Re-present Smart Card to sign documents or
  decrypt files
• User goes to the Rest Room
• After 10 seconds system goes to screen saver
  mode
• Proximity Detector locks the screen
• When user returns touches fingerprint mouse
• Screen Saver removed back to work
• User goes to Lunch
• After 10 seconds system goes to screen saver
  mode
• Proximity Detector locks the screen
• After 15 minutes system goes to sleep
• When user returns Must present Contact-less
  Smart Card
• May also require a PIN
• Touch Fingerprint reader on mouse
• Now Logged into system with Single Sign on

23
RFIdeas - PCProx-Sonar

• Proximity Detector
• No Drivers on PC!
• Emulates a Keyboard
• Locks Screen when user leaves
• Also offer a no-driver Proximity Card Reader (HID
  Badge)
• No Drivers on PC!
• Emulates a Keyboard
• Enters users password when card is presented

24
The Future of Security?
25
The Future of Security?

• End Points
• Endpoint Protection Suites (Including Microsoft)
• Encrypting HDDs
• Contact-less ID Cards for Log-on
• Auto Log-off with Proximity Detection
• Diskless (no local data) SW self healing
  Flexible Computing
• Secure Any Device, Anywhere Access to
  Applications and Data

26
The Future of Security?

• Data Centers
• Key Management
• SW Encryption
• Some Encrypting HDDs
• Secure Virtualization and Appliances
• Gateway Content Filtering (stop Private data or
  Proprietary data leaks)
• Role Based Digital Rights Management of Data and
  Documents

• End Points
• Endpoint Protection Suites (Including Microsoft)
• Encrypting HDDs
• Contact-less ID Cards for Log-on
• Auto Log-off with Proximity Detection
• Diskless (no local data) SW self healing
  Flexible Computing
• Secure Any Device, Anywhere Access to
  Applications and Data

27

• Backup

28
RFID Concept

• RFID Scanner

• RFID Tags

Replace Service Tag CFI (limited read range)
29
Security is a Process
Security Process
Security Principles
Assess
People,Policy and Process
Confidentiality
Integrity
Protect
Respond

Technology
Availability
Detect
User Behavior/Compliance is a Challenge Simple to
Use Solutions Can Improve Compliance
Federal Information Security Act
30
Why Virtualized Security Appliances?Customer
Benefits

• Customer benefits include
• Load balancing, migration and failover/high
  availability
• Also useful during updates
• Update one copy then migrate the load to the
  patched copy when patches are complete and
  verified.
• Could be two VMs on one server or two servers.
• Migration server will normally need special HW
• Will normally be a second appliance, Not just a
  standard server
• Must have the exact correct configuration like
  multiple NICs etc.
• Highest performance applications will continue on
  physical servers
• Must have authorization to run SW on spare
  appliance (Key, token etc.)
• When Idle, Migration server could be used for
  other workloads

31
Why Virtualized Security Appliances?Appliance
Vendor Benefits

• Key Appliance Vendor benefits include
• Reduced Hardware Churn
• Server HW updates do not change VM image
• Reduced SW development and testing requirements
• Simplified implementation of high availability
• Offline patching option
• Spare appliance HW sales
• Potential to reduce OS requirements (future)

32
ServerEnd-Point Solution Offerings

• Secure Exchange Solution
• End to End support from Dell
• Refresh for Exchange 2007
• Encrypting HDD Management Server Appliance
• On-site configuration and training bundled with
  the server SW
• HDD and Software on Latitude via CFI
• TPM Deployment and Key Management Server
  Appliance
• On-site configuration and training bundled with
  the server SW
• File and Folder Encryption
• Client side SW on most relationship clients
• Server TPM HW (SP SW) H2 CY2007
• Flexible Smart Card and Biometrics Management
  Server Appliance
• IdentiPHI SW via SP or CFI for clients and
  server endpoints
• HSPD12 client SW via CFI
• Coming Soon
• Symantec SEP 11.0 Client and Management Server
  Bundle
• Includes SEP, NAC and Port Control Management
  Appliance
• Virtual Machine Security Best Practices
  Documentation
• Virtual Security Appliances-IdentiPHI, Wave,
  Symantec SEP 11.0

33
Notebook Best Practices

• The following areas should be addressed to help
  deliver optimal notebook PC security
• Security Audit Services
• Dell Recommends the ISO 17799 Audit (SKU
  A1270104)
• Dell also offers additional security professional
  services
• HDD Encryption (Helps protect data if Notebook is
  stolen)
• Dell Recommends the Dell HW Encrypting HDD with
  Waves EMBASSY Trust Suite for Dell 3.0
  Enterprise software (Legend Code 120DENW)
• Dell Recommends managing HW encrypting HDD with
  Wave Systems Embassy Remote Administration
  Server (ERAS) SW (Deployment bundle SKU A1233138)
• Dell also offers SW encryption solutions from
  Credant, Pointsec, Safeboot, Utimaco and
  others.
• File and Folder Encryption designed to protect
  files from being read by unauthorized users on
  the local HDD, when shared with others or stored
  on other devices like USB memory devices and
  enables E-mail encryption)
• Dell recommends using the managed TPM based
  encryption solution from Wave Systems
• Dell also offers other encryption solutions
  including e-mail content protection SW.
• Dell BIOS Settings (allows administrators to
  configure a system to meet the security needs of
  the customers environment.) Most customers
  should include the following settings
• Disable USB ports (or install port management SW
  )
• Limit boot to the internal HDD
• Enable Pre-boot authentication with a password or
  Smart Card
• Lock the BIOS setup menu with a complex
  administrator password (that the user does not
  know)
• Make sure that all SW and OS patches and updates
  have been installed
• Install a robust Anti-Virus and Anti-Malware
  solution
• Limit user OS privileges (do not give users OS
  administrator privileges for example do not
  allow users to load or remove SW applications)