Upload
andrew-wong
View
1.130
Download
4
Embed Size (px)
DESCRIPTION
Introduction to Kaspersky Endpoint Security for Businesss
Citation preview
PAGE 1 | 51KESB Launch | Hong Kong | March 7-8, 2013
See it – Control it – Protect it– An into of Kaspersky Endpoint Security for Business
Nathan Wang, VP of Tech Divisions Kaspersky APAC
PAGE 2 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
2
3
PAGE 3 | 51
Business drivers and their impact on IT
Move fast, be nimble and flexibleAGILITY66% of business owners
identify business agility as a
priority
Cut costs
Consolidate and streamlineEFFICIENCY
54% of organizations say that
their business processes
could be improved
Maximise the value of existing resources
Do more with less PRODUCTIVITY
81% of business owners cite
operational efficiencies as
their top strategic priority
IMPACT on IT
IT complexity: more data, more systems, more technology
Pressure on resources and budgets
PAGE 4 | 51
1999 2001 2003 2005 2007 2009 2011
Malware files in Kaspersky Lab collection Jan 2013 >100m
New threats every day 200K
Malicious programs specifically targeting mobile devices >35K
2013
And then, there’s the rise of malware…
PAGE 5 | 51
The impact on IT security
Malware
Mobile / BYOD
Your data is onthe move!
The #1 target: applications!
YOUR DATA
Response:
Anti-malware plus management
tool / dashboard
Response:
Systems / patch
management
Response:
Data encryption
Response:
Mobile device
management (MDM)
PAGE 6 | 51
What if?
Malware
Mobile / BYOD
Your data is onthe move!
The #1 target: applications!
YOUR DATA1PLATFORM
MANAGEMENT CONSOLE
COST
PAGE 7 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
3
2
PAGE 8 | 51
A high level glance of KES/KSC10
Physical, virtual, mobile
Identify vulnerabilities
Inventory HW and SW
Take action with clear
reporting
SEEConfigure and deploy
Set and enforce IT
policies
Manage employee-
owned devices
Prioritize patches
License Management
NAC
CONTROLEvolve beyond anti-
virus
Meet security demands
Protect data and
devices anywhere
Rely on Kaspersky
expertise
PROTECT
PAGE 9 | 51
•Smartphones
•Tablets
•Server
•Workstation
•Laptop
Kaspersky
Endpoint Security
•Anti-malware
•Control Tools
•Encryption
•Mail and Web
•Collaboration Server
•Image Mgmnt
•NAC
•SW/HW Mgmnt
Kaspersky
Security Center
•Security policy mgmnt
•Mobile Device Mgmnt
•Systems Management
•Vulnerability Scan
•Patch Mgmnt
•License Mgmnt
A high level glance of KES/KSC10
PAGE 10 | 51
A high level glance of KES/KSC10
Anti Malware + Firewall
Kasp
ers
ky S
ecu
rity C
en
ter
Web ControlDevice ControlApplication
Control
File Server Security
Systems Management (SMS)
GatewayCollaboration Mail
License Management
Vulnerability Scan
PatchManagement
Image
Management
Software
Installation
Network Admission (NAC)
Mobile Device Management (MDM)
Cloud protection is enabled for business users via the
Kaspersky Security Network (KSN)
Core
Select
Advanced
Total
Mobile Endpoint Security
Data Protection (Encryption)
EndpointManagement Infrastructure
PAGE 11 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
3
2
PAGE 12 | 51
Encryption – quite difficult mechanism---- Who is listening and what to do?
0 01 2
0+1 0+2
0+2 0+1 21
0+1+2 0+1+2
0+1+2
0+2
0+1
0
eVe BobAlice
PAGE 13 | 51
Encryption – quite difficult mechanism
BobAlice
---- Color trick & numerical arithmetic with one-way function
eVe
PAGE 14 | 51
Encryption offering
Full Disk Encryption (FDE)
File Level Encryption (FLE)
Removable Media data Encryption (RME)
Asymmetric encryption — protection for data in transit
Secure connection between EP and KSC (SSL)
User and computer keys’ management exchange
Protection for recovery data
Symmetric encryption — protection for data at rest
Full disk encryption
File level encryption
Removable media data encryption
AES encryption module
256-bit
56-bit
Encryption – quite difficult mechanism
PAGE 15 | 51
Encryption – quite difficult mechanism---- Keys used in encryption
An individual master key for each computer
An individual key for each user
The computer key is encrypted using the public key of the Security Center
The user’s key is encrypted using the personal key
Master key
Master keyMS DPAPI
User’s key
Master keyComputer key
store User key store
PAGE 16 | 51
Encrypted file (Master key ID)
Computer #1
Master key #2
Master key #1
User key store
1 3
2
4
Computer #2
Encryption – quite difficult mechanism---- Document exchange inside a corp network
PAGE 17 | 51
---- Boot order when FDE is used
Authentication Agent starts before the operating system
Key for decrypting the system boot sector
Special drivers are responsible for decrypting disk files
during and after the operating system start
MBRPre-boot Environment(Authentication Agent)
Operating system boot record File system
Password
Open data Encrypted data
Encryption – quite difficult mechanism
PAGE 18 | 51
Authentication AgentUsername/Password
WindowsUsername/Password
Next start
Passwords do not match
Authentication Agent changes the password
Passwordsmatch
Encryption – an easy operation---- Single Sign-On for end users
PAGE 19 | 51
Encryption – an easy operation---- SSO, a routine policy configuration for IT guys
PAGE 20 | 51
Encryption – an easy operation---- Enable encryption and policy configuration
PAGE 21 | 51
Encryption – an easy operation---- “Tough” requirements for FLE and data recovery
The only requirement for FLE is the accessibility of KSC
• The File Level Encryption is integrated to Windows’ authentication;
• The key exchange is materialized automatically;
• The Kaspersky encryption implementation is seamless to end
users and applications, a great example of ease of use;
The data recovery requirement is simple
• The computer to which the damaged disk connected can not have
FDE enabled;
• Just connect the damaged disk and run the recovery utility;
No FDE enabled Old hard disk
PAGE 22 | 51
Encryption – an easy operation---- Data sent to external parties
PAGE 23 | 51
Encryption – an easy operation---- Removable Media data Encryption in clicks
PAGE 24 | 51
Encryption – an easy operation---- Removable Media data Encryption in clicks
PAGE 25 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
3
2
PAGE 26 | 51
Software monitoring/inventory
Hardware monitoring/inventory
License Management
Vulnerability detection
Update management
Installation of 3rd party’s applications
Network Access Control (NAC)
Deployment of operating system images
System Management: What’s new?---- SM function via KSC and Network Agent
PAGE 27 | 51
System Management: What’s new?---- Licensed management (remember software inventory?)
PAGE 28 | 51
System Management: What’s new?---- Licensed management (NOT licensing enforcement)
Examples of use cases:
Error, the number of licenses is exceeded;
Warning, license will expire soon (in 14 days);
Info, 95% of the available licenses are used up
PAGE 29 | 51
System Management: What’s new?---- New update management
Vulnerability Scan Task
1. Missing
Windows
updates
2. Vulnerabilities
from KL
database
Windows Update
KL Expertise
KL Vulnerability DB
PAGE 30 | 51
System Management: What’s new?---- Patching vulnerabilities
PAGE 31 | 51
System Management: What’s new?---- Testing tasks patch and update installation
PAGE 32 | 51
System Management: What’s new?---- SM features in KSC9 and in the new KSC10 The previous implementation in KSC 9 are available:
• Find vulnerabilities and Microsoft application updates (via the local
WU service);
• Installation of selected Microsoft updates (via the local WU service);
• Installation of updates manually created and assigned by
the administrator;
The new licensed capabilities added to KSC 10:
• Automatic installation of updates and patches according to
the specified rules;
• Using of the KSC Server as a WSUS server;
• Installation of updates and patches for the applications; included in
the Kaspersky Lab database;
• Other new features;
PAGE 33 | 51
System Management: What’s new?---- Network Access/Admission Control (NAC)
NAC basics
• Usually people think NAC is an appliance using SNMP;
• NAC can be used to securely control authenticated/unauthenticated; user traffic according policies (based on port, protocol, subnet);
Capabilities of KL software based NAC
• Block Internet access for computers having «bad» protection status;
• Redirect unmanaged computers to the authorization portal;
• Block any network activity for new devices;
• Allow new computers accessing a special isolated subnet;
KL NAC architecture
• Enforcers, Policy server, Access policy and Network devices;
• Simple deployment and requires no changes on DHCP, DC;
PAGE 34 | 51
System Management: What’s new?---- Network Access/Admission Control (NAC)
PAGE 35 | 51
System Management: What’s new?---- Remote deployment of operating system images
Capturing an Operating System image
• Install and use Windows Automated Installation Kit;
• Enable representation of the OS image capture and distribution
functionality;
• Capture a computer image, say a Windows 8 operating system,
with application pre-installed;
Deploying the image
• Remote install the Windows 8 image to managed computers;
• Remote install the Windows 8 image to ―bare metal‖ computers;
PAGE 36 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT chandleries
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
3
2
PAGE 37 | 51
MDM: a convenient alternative?---- What we have been doing manually
PAGE 38 | 51
MDM: a convenient alternative?---- KL MDM architecture
PAGE 39 | 51
Apple Push Notification Service
iOS
AndroidWindows MobileWindows PhonePalm (WebOS)Nokia (Symbian, Maemo)
MDM: a convenient alternative?---- KL MDM architecture
PAGE 40 | 51
MDM: a convenient alternative?---- KL Mobile Devices Server installation
Adding Exchange ActiveSync Mobile Devices Server
• Install Agent and MDM server on an Exchange Server;*
• Testing the connection with a KSC Server;
• Exchange ActiveSync configuration;
Profile creation and policy configuration
• On the KSC, configures profiles and polices for selected mailbox of the
Exchange
• Sync the profile and policy with the Exchange
Mobile devices receive profiles and polices**
• Direct Push is used for pushing notifications (MS Exchange ActiveSync)
• Users receive it during the synchronization with the Exchange server
PAGE 41 | 51
Mobile Devices
MDM: a convenient alternative?---- Synchronizing Mobile Devices with KSC
PAGE 42 | 51
Kaspersky Mobile Endpoint Security---- Centrally managed by the KSC
Via SMS, email or
tether
CONFIGURE/DEPLOY
Anti-malware
Anti-phishing
Anti-spam
SECURITY
GPS find
Remote block
ANTI-THEFT
Set password
Jailbreak / Root
notice
Force settings
POLICY COMPLIANCE
Containerization
Data access
restriction
APPLICATIONS
Data Encryption
Remote wipe
DATA ACCESS
PAGE 43 | 51
MDM: a convenient alternative?---- Still want to go back to the old manual operation?
PAGE 44 | 51
Control it
Console
Platform
Cost
KES/KSC10 in a nutshell
See it Protect it
PAGE 45 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
3
2
PAGE 46 | 51
KSV 2, KS-Exchange 8, KLMS 8, SPE 10…
Kaspersky Security for Virtualization
• Effectively integrated with vShield, an agentless solution to deliver cloud/local anti-malware, network protection under KSC management;
• Materialize the mission for VMware to enhance security via an effective agentless approach;
Mail, collaboration and gateway security
• Email, SharePoint and gateway security are always the essential;
• Multi-layered spam filtering plus the best anti-malware for security elevation and resource optimization;
Service Provider Edition
• A web application designed for ISPs to provide anti-malware security control/monitoring service for corporate network;
• Coupled with KSV, it delivers cloud based security products and services;
---- Kaspersky comprehensive security offering
PAGE 47 | 51
Others: KSV 2.0, KS-Exchange and KLMS 8
MDM: a convenient alternative?
System Manager: what’s new?
Encryption: a difficult play or an easy game?
Topics of discussion
Business demands and IT challenges
Kaspersky Endpoint Security for Business
Kaspersky Lab datasheet
1
2
3
PAGE 48 | 51
Kaspersky Lab datasheet
PAGE 49 | 51
Kaspersky Lab datasheet
PAGE 50 | 51
Kaspersky Lab datasheet