Webinar: Rethinking Current Endpoint Security Strategies

.

Chris Sherman | Forrester Research, Senior AnalystGrant McDonald| Intel Security, Senior Product Manager

Rethinking Current Endpoint Security Strategies

Rethinking Current Endpoint Security

StrategiesChris Sherman, Senior Analyst

May 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited

Orgs continue to struggle with targeted attacks

Publicly reported cyber incidents and breaches in the US

Source: Cyberfactors, LLC

© 2016 Forrester Research, Inc. Reproduction Prohibited 5

This Much Is Clear: Traditional

Endpoint Security Approaches

Have Failed


We are hyper focused on the

WRONG things


Organizations Must Refocus Their

Endpoint Security Strategies


The Targeted-Attack Hierarchy Of Needs


Targeted-Attack Hierarchy Of Needs

Need No. 1: An Actual Security Strategy


Expense in Depth


Return on Expense in Depth?


Components of a sound strategy

› Adopt principals of the Zero

Trust model

› Data driven security not alert

driven security

› Data driven security is really

business driven security which

is supported by executives



Need No. 2: A Dedication To Recruiting And Retaining Staff


Double down on higher education

› There is intense

competition between the

emerging cyber programs

› Make them more

competitive; join advisory

board drive curriculum that

produces capable

graduates



Need No. 3: A Focus On The Fundamentals


A Focus On The Fundamentals



Need No. 4: An Integrated Portfolio That Enables Orchestration


Friction?

› “Create friction for the

attacker. Slow them down

and make their job more

difficult.”

› What about all the friction

we create for ourselves?

› Most orgs don’t have the

resources to automate

their InfoSec processes.


What can you do?

› Invest in software

development staff

› Prioritize vendors that

integrate and automate

between the endpoint and

network layers

› Pay attention to vendors

who see the need and are

developing solutions.



Need No. 5: Prevention


Prevention is shifting

› Traditional approaches to

prevention will continue

› If you can prevent an

action, why not?

› Prevention with threat

intelligence

• Command and Control

indicators should be used to

prevent communications


Prevention begins and ends with attack surface reduction

Photo credit: Jan Stromme, Bloomberg Business


A combination of tools is necessary for max attack surface reduction



Need No. 6: Detection & Response


Detection

› Detection is the only option

when dealing with higher tier

adversaries

› No single control is your

breach detection system

› Your aggregate controls and

your people are your breach

detection system


Response

› Once you have

identified malicious

activity, how do you

respond?

› Is your remediation a

reimage?

› Time to containment

and remediation will

never improve without

automated response


To be successful, an endpoint

security strategy must balance

prevention with detection


Effective endpoint security tools orchestrate between the three key functions

Prevention Detection Control


Recommendations

1. Evaluate your own endpoint sec portfolio and

identify gaps/areas of overlap

2. Restrict your attack surface with app control

and targeted patch management

3. Extend your visibility into endpoint behavior for

more effective threat detection

4. Integrate network and endpoint security

controls where possible

.

30

Integrated Protection, Detection and Correction

Grant McDonaldEndpoint Security Product Manager

.

31

Problems & OutcomesWhat do Next Generation Converged Endpoint solutions need to solve?

Problem

DesiredOutcomes

Minimize likelihood

of breach in first place…

Limit exposure and discover patient 0

threats faster…

Reduce human effort, time, and

cost to fix…

• Large amount of grey.

• Long dwell time.

• Under radar attacks.

• Across Endpoints.

Detect

101001110101010101101110001010110100111010101

01011

• Timely closed loop remediation.

• High manual effort.

• Complex workflows.

Correct

• Targeted persistent Endpoint attacks.

• Broader attack surface.

• Bypass traditional controls.

Protect

.

Module A Module B Module C Module D

Endpoint Security Platform

32

A framework to simplify today, built with the future in mind

Endpoint Security Client

Security Management

Kernel Mode Drivers

Common Components

Firewall Web Control Future ModulesTIEThreatPrevention

McAfee ePO Agent Self-Managed

.

33

A Foundation for the FutureAdaptive, integrated, automated responses to adapt faster than threats can evolve

ENS gives you better protection

and performance

and our foundation for

what is next

ENS1

Start building your own threat intelligence base

TIE2

Start hunting now with top priority use

cases in Active Response

MAR3

Coordinate defense all

inside ePO – no other solution

has this breadth in one console

ePO

.

Endpoint Migration Assistant

34

The Migration Assistant was created to educate and aid customers in migrating data to the ENS platform.

Automatic migration can create new policies and client tasks automatically, based on your current product settings, and assign them to groups and managed systems based on your current assignments.

Manual migration lets you select the settings you want to migrate and, optionally, edit them. Manual migration does not retain assignments.

Automatic Migration Manual Migration

Select what items you want to migrate:• Policies• Client tasks• Catalog (FW only)

Select what items you want to migrate:• Policies• Client tasks

Preview policy migration results

Configure policies or tasks

Migrated items are created and assigned automatically

Migrated items are created

Manually assign migrated items

Repeat to migrate additional items

.

Summary

Improved threat detection and reporting

Faster action and containment against emerging, advanced threats

Easy, intuitive insights for corrective actions

Faster performance

Management flexibility

Proven performance

Removes complexity and redundancies

Delivers an architecture for the future

Intelligent and effective with an extensible framework

35

Learn more by visiting:www.mcafee.com/nextgenendpoint

.

37

Resources

Go to the Resources Area of this webcast console to access:

• Solution Brief: Overcome the Attacker Advantage with McAfee Endpoint Security 10 Defenders

• Data Sheet: Complete Endpoint Protection—Enterprise

• Presentation Slides

Chris [email protected]@ChrisShermanFR

Grant [email protected]@mcdonaldgrant

http://www.mcafee.com/us/resources/solution-briefs/sb-endpoint-security-technology.pdf

http://www.mcafee.com/us/resources/data-sheets/ds-complete-endpoint-protection-enterprise.pdf

http://images.demand.intelsecurity.com/Web/McAfeeE10BuildProduction/7ad25808-710f-48f6-a1f0-77d247eb6fdc_Forrester_IntelSecurity_Endpoint_Webinar_Presentation.pdf

mailto:[email protected]

mailto:[email protected]

.

38

Technology

Webinar: Rethinking Current Endpoint Security Strategies