Upload
john-d-johnson
View
188
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Presentation for Next Generation Security Summit, Jan 2012. Topic: Endpoint Security.
Citation preview
Endpoint Security John D. Johnson Next Generation Security Summit Château Élan, Atlanta, GA February 1, 2012
Agenda
Define the endpoint
Examine use cases
Identify the threats
Identify security tools and controls
Review our options
Propose a roadmap
Group discussion
Define the endpoint
Desktops, Laptops
Application Servers
Mobile Devices
Embedded Systems
Storage Devices
Printers
Any resource with an OS that can be attacked
Desktops & Laptops Employees want anytime-anywhere access
Increasingly mobile
Employees engage in risky behavior
BYOD
The devices we manage need to be kept
“healthy” (std build, licensed sw, compromise-
free)
Thought: Should we trust all employees and
company assets the same?
Thought: How do we manage the risk introduced
by the end user actions and choices?
Increasingly, servers are exposed to the Internet
More suppliers have VPN connections to our
internal network to provide services
More outsourcing requires Suppliers have a desktop (i.e. RDP, SSH, ability to execute remote
code)
Servers increasingly using shared services, VM
farms and SAN
Observation: Because servers are thought of as
immobile, we still protect them with coarse firewall rules and ACLs
Servers
Employees and Suppliers want anywhere,
anytime access to company Email
SharePoint and other collaboration tools exposed
to Internet, in order to provide access to business partners Sometimes externally hosted
Contractors provide administrative support (i.e. SAP, Identity Management, Active Directory)
and other transactional data processing
Suppliers & contractors need access to view & modify IP
Observation: The enterprise network has been
extended to the cloud
Application Servers
Innovation: New technology can be disruptive,
providing competitive business advantage,
increases in productivity, market differentiation
Smart phones and tablets offer something
different for different classes of user
Employees want work-life balance
Many companies already have email sync
Embedded systems becoming commonplace
Observation: Mobile devices and cloud storage
are increasing risk by further extending our
enterprise through device consumerization
Mobile Devices
Role-Based Access to Resources
User Class
Employee
Contingent (on-site, role-based)
Contingent (off-site)
Contract (on-site, project-based)
Contract (off-site)
Supplier, Dealer, Business Partner
Customer
User Device Class
Company Managed Device
•Standard
•Supported
•Compliant
•Local Storage
Non-Company Device
•Device w/local storage (i.e. company standard virtual image, data caching or residual data)
Non-Company Device
•Device w/no local company data (i.e. thin client or VDI used to access company resources or encrypted web session)
Access Class
Transactional (via Web App or similar programmatic access
w/managed credentials)
Administrative (function is application administration and
support, i.e. SAP or IDM)
Server Administration (ability to install/execute code)
Remote Control (desktop, browser or other methods to access intranet resources they
may not be authorized for)
Creating IP (i.e. access engineering data)
Full intranet Access (access is too broad to restrict)
Exchange Only
Access Source
Internal
Internal (Nation specific issues)
Internet (ANY)
Dedicated Connection
•Company-manages network equipment
•Company Segment
Dedicated Connection
•Mixed Environment
The Network: Today
The Network: In Practice
Endpoint Security Threats M
alw
are
& S
py
wa
re
•Email, Phishing
•Social Media
•Mobile Apps
•Network-Borne
•Privacy Threats
•Trojans & Keyloggers
Ba
d A
cto
rs
•Malicious Users
•Activists
•Corporate Espionage
•Organized Crime
•Terrorists
•Nation States R
og
ue
& U
nm
an
ag
ed
•Mobile Devices
•Embedded Systems
•Printers
•Rogue Devices V
uln
era
bilitie
s •0-Day
•Operating Systems
•Applications
•Configs
•HW & VM
•Protocols
•Bluetooth
•Wireless
•VoIP
•Backdoor Connections
As the perimeter erodes, we must focus on protecting the
endpoint (ultimately the data) from new threats introduced by
new technology and new business use cases.
Maturity Model for Security
Since the mid-1990s, we have moved from focusing on the
perimeter to focusing on the endpoint, and our security tools
have become more sophisticated.
1995
2012+
Endpoint Protection &
Security Controls
Policy Enforcement
Monitor & Alert
(Reactive)
HR Legal
MFA
VPN-S
VLAN
Syslog,
IPS
Technical Enforcement (Proactive)
• Authentication • Authorization • Network Restrictions
• OS Restrictions, Hardening
• Whitelisting • GPO • Admin Rights • Access Method • Endpoint Security:
AV, HIPS, NAC, DLP
• Mobile Device Mgmt
• Contract Language • Supervision of
Contractor • Notice of Status
Change • Security Policy • Awareness, Training • Monitor Compliance
• NIPS • HIPS
• SIM, Syslog • Fraud Detection • DLP • Monitor Access
Changes • Admin • IP
The perimeter is disappearing
Business choices require merging our technical solutions (proactive & reactive) with policy-based
Role-based / identity-based access to resources required for end users to do what the business requires, anytime anywhere
Focus on what is important to the business and protect it
Layered security is still important to raise efficacy; the old problems haven’t gone away, we just have more problems now
The pace of technology won’t slow down, it will just roll over you if you don’t respond quick enough!
Summary
Discussion
What are your endpoint problems?
How are you addressing them?
Short-term?
Long-term?
Did I miss or mischaracterize:
Business needs?
Technology trends?
Threats?
Security solutions or controls?
Regulatory drivers?