1 / 6

Capabilities and Limitations of Endpoint Security Solutions (CLESS)

Capabilities and Limitations of Endpoint Security Solutions (CLESS). IETF 104, Monday 25th of March 2019, Prague Arnaud Taddei ( Arnaud_ Taddei@symantec.com ) Candid Wueest ( Candid_Wueest@symantec.com ) Kevin Roundy ( Kevin_Roundy@symantec.com )

bfleetwood
Download Presentation

Capabilities and Limitations of Endpoint Security Solutions (CLESS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Capabilities and Limitations of Endpoint Security Solutions (CLESS) IETF 104, Monday 25th of March 2019, Prague Arnaud Taddei (Arnaud_Taddei@symantec.com) CandidWueest (Candid_Wueest@symantec.com) Kevin Roundy (Kevin_Roundy@symantec.com) Dominique Lazanski (dml@lastpresslabel.com)

  2. Introduction to CLESS • Why? A gap in the « codification » of endpointsecurity? • Whynow? Many  « environmental » changes (technical, regulations, etc.) • What? • In the long term, a full review of endpointsecurity in all its dimensions • Currentlywestartedwith • EndpointModels • ThreatLandscape • Endpointsecuritycapabilities • An idealendpointsecurity • Defence in depth • Endpointsecurity limitations • Examplefrom production data • Regulatory aspects • Status? An earlydraft on purpose, weseek feedback and future collaboration

  3. Where to findit? Table of Contenthttps://github.com/smart-rg/drafts/blob/master/draft-taddei-cless-introduction-00.txt

  4. LessonsLearntAlready • Much harder thaninitiallythought • Couldn’tfindanysatisfying: • ThreatLandscapemethodology for endpointsecurity • Capabilitieslist and methodology for endpointsecurity (not just 3rd party) • Good potential of work for SMART on boththreatlandscape and capabilities • Production data fromManaged Security Services • Interestingmethodology • Study on the last 3 months on hundreds of enterprisecustomers • Endpointonlysecuritygives a lot of results • Critical events not detected by endpoints

  5. Questions for Future Development • Endpointmodelingbetween ‘UEs’ and ‘Hosts’ • Betteruniformityacross the document • ThreatLandscapeMethodology • Alignwith or fork from MITRE ATT&CK? • Shoulditbedone in this I-D? • IntrinsicCapabilities • Need a muchdeeperinventory • Other Aspects • Shouldwe have an economic section? • Regulations and HumanRights sections – need a good neutral balance • New Requirements, New Limits, New Constraints • Other real production data?

  6. QUESTIONS ? THANK YOU

More Related