Lumension: Because Hope is no Strategy Andreas Mller Regional
Sales Manager D/A/CH
Slide 2
Press Highlights Conficker hits Krnten Government! 3000 Clients
down! Datatheft at German Telekom: 17.000.000 Data of Customers
lost! About 1.000.000 version of new Malware in 2008! Cybercrime
cost $1 Trillion in 2008 1
Slide 3
Endpoints are the Weakest Link 2 Skript-Kiddies changed to
business man
Slide 4
3
Slide 5
What Sources of Endpoint Risk do Threats Target? 4 65% Mis-
Configurations 30% Missing Patches 5% Zero-day Attacks Exploit
Risks at the Core The CORE / Sources of Risk Source: John Pescatore
Vice President, Gartner Fellow
Slide 6
Traditional, Reactive Security Approaches 5 Security Add-on
Solutions Desktop Firewall Anti-Virus Spyware IPS Heuristics
Application Blacklist EXTERNAL THREATS The CORE / Sources of Risk X
X X X X X
Slide 7
Endpoints are the Weakest Link 6 The weakest Point in IT: The
User
Slide 8
Proactive, Operational Approach 7 Authorize Software Use
Eliminate Data Leakage Internal Threats: Enforce Application &
Device Use Policies
Slide 9
Endpoints are the Weakest Link How has the Security Landscape
Changed and What is the Impact? Increasing number of
vulnerabilities for all platforms and applications Endpoints are
targeted by internal and external threats Attacks from well funded
adversaries target endpoints Data protection is a major challenge
and cost Traditional and reactive security approaches are
ineffective Evolving regulations create strict compliance and
reporting standards 8
Slide 10
What We Deliver 9 Dynamically enforce application/device
policies to prevent security threats at the endpoint Proactively
discover and assess risks and threats within the IT environment for
comprehensive view of risk profile Lumension delivers
best-of-breed, policy-based solutions that address the entire
security management lifecycle. Assess, prioritize and remediate
vulnerabilities for continuous validation and compliance
reporting
Slide 11
Lumension More Effectively Secures the Endpoint 10 Endpoint
Security must address internal and external threats Platform
Security VA and Remediation Application Control User Security
Application Control Device Control Data Security Device Control
Data-at-Rest Content Filtering Internal and External Threats
Internal Threats External Threats Vulnerability Management / Patch
Solution Endpoint Security Solution Data Security Solution
Slide 12
Effective Endpoint Security is a Continuous Process 11 Discover
Assets Develop Policy Assess & Remediate Threats Enforce Policy
Compliance Audit Centralized Management & Reporting
Slide 13
Who is responsible for this? 12 YOU!
Slide 14
Patchlink Scan 13
Slide 15
Comprehensive Reporting Out-of-the-box reports provide
high-level or detailed information on vulnerabilities found Compare
security posture to common industry tracking mechanisms 14
Slide 16
PatchLink Scan Value Quickly Discover All Network Assets and
Vulnerabilities Accurate Network-based Assessments Actionable
Information Delivered to Make Intelligent Policy Decisions
Comprehensive Vulnerability Coverage Highly Scalable Architecture
Common Criteria EAL2 Certified 15
Slide 17
Patchlink Update
Slide 18
PatchLink Update Value Stay Ahead of Threats with Automated and
Accurate Enterprise-Wide Patch Management Most accurate patch
applicability and assessment Deploy patches within hours of release
from vendor Capabilities and context to effectively act on
information - Role and Task Based Redundant vulnerability
assessment Broad Support of Content via Open Architecture Leverages
content directly from OS/Application vendors Broad English and
international content support Security and operational patches
Protect Heterogeneous Environments with One Solution All major
Operating System platforms All major third party applications
17
Slide 19
Rapid, Accurate Network-based Scans 18 Thorough and accurate
discovery of all network devices Detailed assessment checks on
configurations, AV, worms, Trojans, missing patches, open ports,
services and more Deep inspection of target systems
Slide 20
PatchLink Security Configuration Management 19
Slide 21
PatchLink SCM Workflow Policy Management Upload a Security
Configuration Specification Customize Security Specifications
Policy Assessment Apply a Security Configuration Specification
Perform a Manual Assessment Policy Compliance Reporting View Group
Policy Compliance Details View Device Security Configuration
20
Slide 22
Open, Standards-Based Approach to Policy Compliance
Comprehensive Policies Security Content Automation Protocol
(SCAP)Security Content Automation Protocol Hundreds of pre-defined
checks Easy-to-edit XML Format New policy checklists can be
added/created Based on Industry Standards OVAL, XCCDF, CVE, CME,
CPE Ensure compliance with specific regulations (i.e. FDCC, PCI,
etc.) Improved operational efficiencies due to security best
practices 21
Slide 23
How Policies get into PatchLink SCM 22 XCCDF Policy Instance
Mapping policies and other sets of requirements to high-level
technical checks OVAL Archive Mapping technical checks to the
low-level details of executing those checks SCAP Checklist Policy
Government (OMB Mandate) Industry (PCI, SOX, HIPAA) US or other
Regulations Corp. Specific best practices PatchLink SCM Automation
(monitoring/reporting)
Slide 24
How Policies get into PatchLink SCM: Example 23 XCCDF Policy
Instance Mapping policies and other sets of requirements to
high-level technical checks OVAL Archive Mapping technical checks
to the low-level details of executing those checks SCAP Checklist
Policy Government (OMB Mandate) Industry (PCI, SOX, HIPAA) US or
other Regulations Corp. Specific best practices NIST SP 800-53
Authentication Management Policy: Systems minimum password length
is at least 8 characters XCCDF Mapping: Map specific requirement
for systems minimum password length is at least 8 characters OVAL
Check Mapping: Check to be performed (E.g.) on all Windows XP based
computers
Slide 25
PatchLink SCM Value 24 Ensures that security configurations are
standardized throughout the enterprise Ensures continuous policy
compliance Improves operational efficiency Consolidates
vulnerability and mis-configuration monitoring and reporting
Slide 26
PatchLink Developers Kit 25
Slide 27
Develop Custom Patches Create and deliver patches and updates
for commercial or proprietary software Patch legacy applications
and niche products Open and modify any packages available via
PatchLink Update 26
Slide 28
PatchLink PDK How it Works 27
Slide 29
Lumension VMS 28
Slide 30
Comprehensive Vulnerability Assessment and Remediation 29
Discover, Assess and Remediate Vulnerabilities for Policy
Compliance Rapid identification of unprotected endpoints Automated
remediation of configuration and software vulnerabilities Advanced
vulnerability, configuration and policy compliance reporting
Flexible, open support for all major platforms, applications and
vulnerability and configuration content Purpose-built to support
compliance with regulatory policies and industry standards
Vulnerability Assessment and Remediation for Configuration Issues
& Patches PatchLink Developers Kit (Add-On Module) PatchLink
Scan (Network Based) PatchLink Update (Agent Based) PatchLink
Security Configuration Management (Add-On Module) FDCC and PCI
Slide 31
Sanctuary Application Control 30
Slide 32
Sanctuary Application Control Value Protects against both known
and unknown threats Safeguards against zero-day threats and
targeted attacks Controls proliferation of unwanted applications
from burdening network bandwidth Maximizes benefits of new
technologies and minimizes risk of network disruption Stabilizes
desktop and Windows server configurations Enables adherence with
software license agreements 31
Slide 33
Sanctuary Device Control 32
Slide 34
Automates discovery of peripheral devices Provides granular
device control permission settings Offers flexible encryption
options 33 PatchLink Developers Kit Enforcement of Peripheral
Device Use Policies Delivers detailed audit capabilities Patented
bi-directional Shadowing of data written to/from a device All
device access attempts All administrator actions Sanctuary
Application Control Sanctuary Device Control Endpoint Policy
Enforcement (Agent Based)
Slide 35
Sanctuary Device Control Value Minimizes risk of data theft /
data leakage via any removable device Granular Device Control
Policies Forced Encryption File Type Filtering Detailed Audit
Capabilities Blocks USB Keyloggers Prevents malware introduction
via unauthorized removable media Assures compliance with privacy
and confidentiality regulations and policies 34
Who We Are 38 Leading global security management company,
providing unified protection and control of all enterprise
endpoints. Ranked #14 on Inc. 500 list of fast growing companies
Ranked #1 for Patch and Remediation for third consecutive year
Ranked #1 Application and Device Control Over 5,100 customers and
14 million nodes deployed worldwide Award-Winning, Industry
Recognized and Certified
Slide 40
Worldwide Customer Deployments 39 Miscellaneous Charities Legal
Services Manufacturing Dolphin Drilling Health Care
Transportation/Utilities Media Education Bishops Stortford College
Financial Government/ Military