Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Endpoint Security Protect, Detect and Respond
Privilege Management and Application
Control Joseph Carson Head of Product
HUMANS WITH
PRIVILEGED ACCESS
WHAT IS THE HIGHEST THREAT IN YOUR ORGANIZATIONS?
Why Privilege Management is extremely important
Typical Stages of an APT
• Reconnaissance • Gaining Access • Pivot building • Privilege Escalation • Maintaining Access • Malicious Activity • Covering Tracks
% of APT breaches involved stolen credentials
100%
Domain Accounts Services Accounts Local Admin Accounts Privileged User Accounts
Mandiant, M-Trends and APT1 Report
Approx. # of Privileged Accounts for a 1000 Users
5000
Domain Accounts Services Accounts Local Admin Accounts Privileged User Accounts
% of incidents related to errors by admins
>50%
% of people open and click on phishing emails
23%
Data Source: Verizon DBIR Report 2015
WHAT IS THE AVERAGE DWELL TIME IN YOUR ORGANIZATIONS?
WWW.ESCGS.COM
205 DAYS
BREACH DETECTION
WHERE SHOULD YOU BE INVESTING INTO CYBER DEFENSE
PREVENTION DETECTION RESPONSE
% of breaches that could have been prevented with patches!
90%
According to : • 96% of cri0cal vulnerabili0es affec0ng Windows opera0ng
systems could be mi2gated by removing admin rights • 60% of all MicrosoC vulnerabili0es published in 2013 could
be mi2gated by removing admin rights
Eliminate Vulnerabilities
Discover and Report privileged users, groups, settings and applications.
What can Arellia do for you?
Reduce this risk by removing privileged access but allowing users flexibility to install applications and execute system tools. Automated Enforcement of provisioned accounts.
The average dwell time of a breach to detection is approx. 205 Days!
What can Arellia do for you?
Reduce this risk significantly by implementing a password randomization and privilege management solutions.
With over 7000 vulnerabilities in 2014 how do you prioritize?
What can Arellia do for you?
Simplify by eliminating vulnerabilities that can only be exploited with Privileged Users and improve efficiency and deployment of Software Updates
Enable end-users to be productive but safe?
What can Arellia do for you?
Limit risk but allow productivity to query applications for good or bad reputation before executing or installation!
• Applica2on Whitelis2ng and Reputa2on • Ensure Secure OS Configura2ons • Patch Applica2ons • Patch Opera2ng Systems • Limit administrator privileges
Arellia partners with Symantec, LANDesk and Microsoft to mitigate SANS Top 5 critical security controls
SANS Institute Quick Wins
Beretning til Statsrevisorerne om forebyggelse af hackerangreb (2013)
This is also highlighted in
Hvad kan løsningen hjælpe Koncernservice med
• Implementere større sikkerhed og kontrol, uden at brugerne mister fleksibilitet
• Management rapportering til brug for IT revision.
• Leve op til IT sikkerhedsregulativer, herunder krav til kontrol af brugere med administrative rettigheder
• Minimere risiko/problemer og ressourceindsats ved større softwareopdatering • Minimere servicedesk kald som resultat af problemer på klienter med software
problemer relateret til egen installeret software
Arellia’s Combination of Products to Provide Complete Endpoint Security
Local Security Solu0on Identify Users With Admin
Accounts
Remove Administrator Rights from Unauthorized Users
Secure and Audit Authorized Admin Accounts
Harden Services and OS Components
Security Analysis Solu0on Security Configuration
Assessment
Automated compliance remediation
Auditable change management
Ongoing security configuration measurement
Applica0on Control Solu0on
Find Applications that Require Admin Rights
Enable Non-Admin Users with App Elevation or Protect with Privilege
Reduction
Flexible White \ Grey \ Black Listing \ Dynamic Real-Time
Application Compatibility Analysis and Adjustment
Arellia Security Remedia0on Suite
Sources for Standards Based Remediation:
Standards Based Remediation
ARELLIA INTEGRATIONS
Arellia Integrations Arellia Management Suite (AMS) • Arellia 8.x Solutions are built on the standalone Arellia Management Server • AMS integration options:
o Microsoft System Center Configuration Manager (SCCM) o Symantec Management Platform (Altiris) o LANDesk Management Server
• AMS ticketing / service desk integration options: o LANDesk Help Desk o ServiceNow o SharePoint
Discovery and Report Privileged Accounts
Arellia Management Server
Arellia Management Agent
Arellia Application Control with whitelisting and Awareness
Reputation Engines
Security Operations Center
Systems Management
Blacklisting Whitelisting Grey listing App Isolation App Container (SWV) Real-Time Elevation
Application Threat Intelligence and Data Analytics
Arellia Mobile
Mobile App Application Approvals Application Reputation Password Reveal/Audit Application Alerts
Arellia Application Control using Symantec Application Containers (SWV) aka Sandbox
27
Applica2on Container Turned Off
Applica2on Container Turned On
DEMO
ARELLIA THANK YOU JOSEPH CARSON [email protected]