Endpoint Security Protect, Detect and Respond

Privilege Management and Application

Control Joseph Carson Head of Product

HUMANS WITH

PRIVILEGED ACCESS

WHAT IS THE HIGHEST THREAT IN YOUR ORGANIZATIONS?

Why Privilege Management is extremely important

Typical Stages of an APT

•  Reconnaissance •  Gaining Access •  Pivot building •  Privilege Escalation •  Maintaining Access •  Malicious Activity •  Covering Tracks

% of APT breaches involved stolen credentials

100%  

Domain Accounts Services Accounts Local Admin Accounts Privileged User Accounts

Mandiant, M-Trends and APT1 Report

Approx. # of Privileged Accounts for a 1000 Users

5000  

Domain Accounts Services Accounts Local Admin Accounts Privileged User Accounts

% of incidents related to errors by admins

>50%  

% of people open and click on phishing emails

23%  

Data Source: Verizon DBIR Report 2015

WHAT IS THE AVERAGE DWELL TIME IN YOUR ORGANIZATIONS?

WWW.ESCGS.COM

205 DAYS

BREACH DETECTION

WHERE SHOULD YOU BE INVESTING INTO CYBER DEFENSE

PREVENTION DETECTION RESPONSE

% of breaches that could have been prevented with patches!

90%  

According  to                                                :    •  96%  of  cri0cal  vulnerabili0es  affec0ng  Windows  opera0ng  

systems  could  be  mi2gated  by  removing  admin  rights    •  60%  of  all  MicrosoC  vulnerabili0es  published  in  2013  could  

be  mi2gated  by  removing  admin  rights  

Eliminate Vulnerabilities

Discover and Report privileged users, groups, settings and applications.

What can Arellia do for you?

Reduce this risk by removing privileged access but allowing users flexibility to install applications and execute system tools. Automated Enforcement of provisioned accounts.

The average dwell time of a breach to detection is approx. 205 Days!

What can Arellia do for you?

Reduce this risk significantly by implementing a password randomization and privilege management solutions.

With over 7000 vulnerabilities in 2014 how do you prioritize?

What can Arellia do for you?

Simplify by eliminating vulnerabilities that can only be exploited with Privileged Users and improve efficiency and deployment of Software Updates

Enable end-users to be productive but safe?

What can Arellia do for you?

Limit risk but allow productivity to query applications for good or bad reputation before executing or installation!

•     Applica2on  Whitelis2ng  and  Reputa2on  •     Ensure  Secure  OS  Configura2ons  •             Patch  Applica2ons  •             Patch  Opera2ng  Systems  •     Limit  administrator  privileges  

Arellia partners with Symantec, LANDesk and Microsoft to mitigate SANS Top 5 critical security controls

SANS Institute Quick Wins

Beretning til Statsrevisorerne om forebyggelse af hackerangreb (2013)

This is also highlighted in

Hvad kan løsningen hjælpe Koncernservice med

•  Implementere større sikkerhed og kontrol, uden at brugerne mister fleksibilitet

•  Management rapportering til brug for IT revision.

•  Leve op til IT sikkerhedsregulativer, herunder krav til kontrol af brugere med administrative rettigheder

•  Minimere risiko/problemer og ressourceindsats ved større softwareopdatering •  Minimere servicedesk kald som resultat af problemer på klienter med software

problemer relateret til egen installeret software

Arellia’s Combination of Products to Provide Complete Endpoint Security

Local  Security  Solu0on  Identify Users With Admin

Accounts

Remove Administrator Rights from Unauthorized Users

Secure and Audit Authorized Admin Accounts

Harden Services and OS Components

Security  Analysis  Solu0on  Security Configuration

Assessment

Automated compliance remediation

Auditable change management

Ongoing security configuration measurement

Applica0on  Control  Solu0on  

Find Applications that Require Admin Rights

Enable Non-Admin Users with App Elevation or Protect with Privilege

Reduction

Flexible White \ Grey \ Black Listing \ Dynamic Real-Time

Application Compatibility Analysis and Adjustment

Arellia  Security  Remedia0on  Suite  

Sources for Standards Based Remediation:

Standards Based Remediation

ARELLIA INTEGRATIONS

Arellia Integrations Arellia Management Suite (AMS) •  Arellia 8.x Solutions are built on the standalone Arellia Management Server •  AMS integration options:

o  Microsoft System Center Configuration Manager (SCCM) o  Symantec Management Platform (Altiris) o  LANDesk Management Server

•  AMS ticketing / service desk integration options: o  LANDesk Help Desk o  ServiceNow o  SharePoint

Discovery and Report Privileged Accounts

Arellia Management Server

Arellia Management Agent

Arellia Application Control with whitelisting and Awareness

Reputation Engines

Security Operations Center

Systems Management

Blacklisting Whitelisting Grey listing App Isolation App Container (SWV) Real-Time Elevation

Application Threat Intelligence and Data Analytics

Arellia Mobile

Mobile App Application Approvals Application Reputation Password Reveal/Audit Application Alerts

Arellia Application Control using Symantec Application Containers (SWV) aka Sandbox

27

Applica2on  Container  Turned  Off  

Applica2on  Container  Turned  On  

DEMO

ARELLIA THANK YOU JOSEPH CARSON JCARSON@ARELLIA.COM