Protect Your Desktops from
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Protect Your Desktops from Malware and Unauthorized Software PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Protect Your Desktops from Malware and Unauthorized Software. “We found 51 games installed on a problematic PC in our ER department.”. “We found iTunes running on plastics cutting machines.”. “Some of our call center reps had 6 IM tools running while being on a call.”.

Download Presentation

Protect Your Desktops from Malware and Unauthorized Software

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Protect your desktops from malware and unauthorized software

Protect Your Desktops from

Malware and Unauthorized Software


Protect your desktops from malware and unauthorized software

“We found

51 games installed

on a problematic PC

in our ER department.”


Protect your desktops from malware and unauthorized software

“We found

iTunes

running on

plastics cutting machines.”


Protect your desktops from malware and unauthorized software

“Some of our call

center reps had

6 IM tools running

while being

on a call.”


20 years of chasing malicious software

Tries to keep a list of all bad software

Tries to identify bad behavior

Lets unrecognized executables run

20 Years of Chasing Malicious Software

Blacklisting

Using the most popular antivirus applications …

8 out of 10 pieces of malicious code are going to get in”.

AusCERT


Challenges

Challenges

Security

New threats continually

outsmart existing defenses

Compliance

Computers polluted with illegal and unauthorized software

Manageability

Disruptive software causing down time and unnecessary support calls


The endpoint protection gap

The Endpoint Protection Gap

Patches

CentrallyDistributedApplications

Provisioned

Base Image

Known Malware

ManagedMalware

Games

Unknown

Malware

Botnets

  • Unmanaged Software:

  • Invisible

  • Untraceable

  • Uncontrollable

  • Unpatched

  • Vulnerable

Spyware

Unlicensed

InstantMessenger

Rootkits

Skype

Managed

Software


Addressing the gap

Mainstream approaches have proven unsuccessful

Addressing The Gap

The need …

Manageable and effective approach to controlling all unauthorized software.

  • Ineffective against new threats

  • IT always has to get involved

  • Impossible to manage

  • Overwhelming false positives

  • Annoying and unscalable

  • Antivirus (Existing)

  • Remove Admin Rights

  • Restriction Policies

  • Behavioral HIPS

  • Vista UAC


Security at an inflection point

Security at an Inflection Point

Blacklisting

First

Execution

Block

Automated

Software

Approval

Flexible

Policies

Application

Grouping

Policy

Simulation

Software

Identification

Whitelisting

Software

Reputation

Service

Complexity of Administration

Targeted

Attacks

Spyware

Legitimacy

False

Positives

Agent

Bloating

Signature

File Size

New Types

Of Attacks

Time


Application whitelisting in the press

Application Whitelisting In The Press


Symantec

Symantec

Mark Bregman, CTO

“Eventually, a comprehensive whitelist of legitimate software may be as close to a silver bullet as one can hope to find – one that best serves the evolving security needs of the growing cybercommunity.

John Thompson, CEO

“I'll be chasing my tail forever trying to block every one of those things. ”


Microsoft

Microsoft

David Cross, Product Unit Manager

April, 2008

“Microsoft wants to make better use of things such as application whitelisting, which prevents any application from running other than those explicitly allowed by the user.”


Cisco

Cisco

John Stewart, CSO

May, 2008

"I am not so sure that we can get to a place of feeling confident in our infrastructure without doing whitelisting“.

“Whitelisting is the next generation of defense“


Mcafee

McAfee

Dave DeWalt, CEO

June 13

“Blacklisting — where vendors compile lists of known malware — has become technically unfeasible.”

“As blacklisting becomes increasingly difficult, whitelisting holds promise.”


Today s endpoint management

Today’s Endpoint Management

  • Trends

  • Suites/Platforms emerge for both Security & Ops

  • MSFT/OS increasing functionality (AV, AS, PF, Encr …)


Future of endpoint management

Future of Endpoint Management

Endpoint Mgmt

Control

  • Trends

  • Endpoint Control increasing more important

  • MSFT commoditizes AV, AS, PF, Encr, SD, PM


Introducing bit9

Introducing Bit9

Bit9 Parity

Bit9 ParityCenter

Visibility

Knowledge

Control

Bit9 ensures that only approved software runs.


Bit 9 architecture

Bit9 Architecture

Threats, Attributes

Publisher

Product

Source

Threat Level

Trust Factor

Active Directory

Customer Premises

Bit9’s Hosted Web Service

External Data Sources

Bit9Clients

Internet

Laptops

Desktops

Servers

Crawling

Partnerships

Physical Media

Honey pots

Third-party metadata

File Hashes

Events

Policies

Bit9ParityCenter

Bit9 Parity Server

File Hashes

6B+ File Records

Commercial Software

OpenSource

Shareware

Malware

Web-enabled

Console


How bit9 s application control works deploy and enforce policy

How Bit9’s Application Control WorksDeploy and Enforce Policy

Bit9 ParityCenter

Monitor

Lockdown

Block & Ask

Lockdown

Lockdown

Lockdown

Internet

?

?

?

?

?

?


Software identification authentication trust

Software Identification, Authentication & Trust

Multi-Scanner

Risk Assessment

Automated Software Categorization

Automated Vista Compatibility

Bit9 ParityCenter

6B+ records


Requires and adaptive whitelist

Requires and Adaptive Whitelist

  • Trust Software Distribution

  • Trust Patch Management

  • Trust Self-Updating Products

  • Trust Publishers

  • Trust Directories

  • Trust Privileged Users


Case studies

Case Studies

Ritz Camera

Retail Electronics

Compliance

Before Bit9:

  • Compliance  unauthorized software on kiosks

  • Hundreds of stores with non-networked PCs

    After Bit9:

  • Antivirusreplaced

  • Kiosks controlled

  • General Dynamics

  • Defense Contractor

  • Control

  • Before Bit9:

  • Unauthorized software used by outsourcer cost $$

  • Sensitive data not protected when transferred to devices

  • After Bit9:

  • Eliminated costs

  • Data protected

  • Fox Interactive

  • Media Conglomerate

  • Visibility

  • Before Bit9:

  • Creative culture required that users can install new apps

  • Known vulnerabilities were uncontrollable

  • After Bit9:

  • Most apps pre-approved

  • Zero-day threats blocked


Closing the endpoint protection gap

Closing the Endpoint Protection Gap

Patches

CentrallyDistributedApplications

Bit9 Parity

The easiest way to control what can and can’t run on your Windows computers.

Provisioned

Base Image

Known Malware

Blacklist

ManagedMalware

  • Blacklist

  • Not approved

  • Not allowed to run

Games

Unknown

Malware

Botnets

Spyware

Whitelist

  • Whitelist

  • Trusted Software

  • Allowed to Run

Rootkits

InstantMessenger

Skype

Managed

Software


3 year cost to maintain a desktop

3 Year Cost to Maintain a Desktop

$5,300

$4,300

$3,300

Well-Managed

Average Managed

Poorly Managed


Key application whitelisting takeaways

Key Application Whitelisting Takeaways …

  • Default Deny on Unrecognized Software

  • Custom By Company / Organization

  • Adaptive to Include New Software


Regain control with app whitelisting

Regain Control with App Whitelisting!

Security

  • Only trusted software is allowed to run

    Compliance

  • Visibility and control over endpoints

    Manageability

  • Drastic reduction in support costs


  • Login