Protect Your Desktops from Malware and Unauthorized Software

1. Protect Your Desktops from Malware and Unauthorized Software

2. “We found 51 games installed on a problematic PC in our ER department.”

3. “We found iTunes running on plastics cutting machines.”

4. “Some of our call center reps had 6 IM tools running while being on a call.”

5. Tries to keep a list of all bad software Tries to identify bad behavior Lets unrecognized executables run 20 Years of Chasing Malicious Software Blacklisting Using the most popular antivirus applications … 8 out of 10 pieces of malicious code are going to get in”. AusCERT

6. Challenges Security New threats continually outsmart existing defenses Compliance Computers polluted with illegal and unauthorized software Manageability Disruptive software causing down time and unnecessary support calls

7. The Endpoint Protection Gap Patches CentrallyDistributedApplications Provisioned Base Image Known Malware ManagedMalware Games Unknown Malware Botnets • Unmanaged Software: • Invisible • Untraceable • Uncontrollable • Unpatched • Vulnerable Spyware Unlicensed InstantMessenger Rootkits Skype Managed Software

8. Mainstream approaches have proven unsuccessful Addressing The Gap The need … Manageable and effective approach to controlling all unauthorized software. • Ineffective against new threats • IT always has to get involved • Impossible to manage • Overwhelming false positives • Annoying and unscalable • Antivirus (Existing) • Remove Admin Rights • Restriction Policies • Behavioral HIPS • Vista UAC

9. Security at an Inflection Point Blacklisting First Execution Block Automated Software Approval Flexible Policies Application Grouping Policy Simulation Software Identification Whitelisting Software Reputation Service Complexity of Administration Targeted Attacks Spyware Legitimacy False Positives Agent Bloating Signature File Size New Types Of Attacks Time

10. Application Whitelisting In The Press

11. Symantec Mark Bregman, CTO “Eventually, a comprehensive whitelist of legitimate software may be as close to a silver bullet as one can hope to find – one that best serves the evolving security needs of the growing cybercommunity. John Thompson, CEO “I'll be chasing my tail forever trying to block every one of those things. ”

12. Microsoft David Cross, Product Unit Manager April, 2008 “Microsoft wants to make better use of things such as application whitelisting, which prevents any application from running other than those explicitly allowed by the user.”

13. Cisco John Stewart, CSO May, 2008 "I am not so sure that we can get to a place of feeling confident in our infrastructure without doing whitelisting“. “Whitelisting is the next generation of defense“

14. McAfee Dave DeWalt, CEO June 13 “Blacklisting — where vendors compile lists of known malware — has become technically unfeasible.” “As blacklisting becomes increasingly difficult, whitelisting holds promise.”

15. Today’s Endpoint Management • Trends • Suites/Platforms emerge for both Security & Ops • MSFT/OS increasing functionality (AV, AS, PF, Encr …)

16. Future of Endpoint Management Endpoint Mgmt Control • Trends • Endpoint Control increasing more important • MSFT commoditizes AV, AS, PF, Encr, SD, PM

17. Introducing Bit9 Bit9 Parity Bit9 ParityCenter Visibility Knowledge Control Bit9 ensures that only approved software runs.

18. Bit9 Architecture Threats, Attributes Publisher Product Source Threat Level Trust Factor Active Directory Customer Premises Bit9’s Hosted Web Service External Data Sources Bit9Clients Internet Laptops Desktops Servers Crawling Partnerships Physical Media Honey pots Third-party metadata File Hashes Events Policies Bit9ParityCenter Bit9 Parity Server File Hashes 6B+ File Records Commercial Software OpenSource Shareware Malware Web-enabled Console

19. How Bit9’s Application Control WorksDeploy and Enforce Policy Bit9 ParityCenter Monitor Lockdown Block & Ask Lockdown Lockdown Lockdown Internet ? ? ? ? ? ?

20. Software Identification, Authentication & Trust Multi-Scanner Risk Assessment Automated Software Categorization Automated Vista Compatibility Bit9 ParityCenter 6B+ records

21. Requires and Adaptive Whitelist • Trust Software Distribution • Trust Patch Management • Trust Self-Updating Products • Trust Publishers • Trust Directories • Trust Privileged Users • …

22. Case Studies Ritz Camera Retail Electronics Compliance Before Bit9: • Compliance  unauthorized software on kiosks • Hundreds of stores with non-networked PCs After Bit9: • Antivirusreplaced • Kiosks controlled • General Dynamics • Defense Contractor • Control • Before Bit9: • Unauthorized software used by outsourcer cost $$ • Sensitive data not protected when transferred to devices • After Bit9: • Eliminated costs • Data protected • Fox Interactive • Media Conglomerate • Visibility • Before Bit9: • Creative culture required that users can install new apps • Known vulnerabilities were uncontrollable • After Bit9: • Most apps pre-approved • Zero-day threats blocked

23. Closing the Endpoint Protection Gap Patches CentrallyDistributedApplications Bit9 Parity The easiest way to control what can and can’t run on your Windows computers. Provisioned Base Image Known Malware Blacklist ManagedMalware • Blacklist • Not approved • Not allowed to run Games Unknown Malware Botnets Spyware Whitelist • Whitelist • Trusted Software • Allowed to Run Rootkits InstantMessenger Skype Managed Software

24. 3 Year Cost to Maintain a Desktop $5,300 $4,300 $3,300 Well-Managed Average Managed Poorly Managed

25. Key Application Whitelisting Takeaways … • Default Deny on Unrecognized Software • Custom By Company / Organization • Adaptive to Include New Software

26. Regain Control with App Whitelisting! Security • Only trusted software is allowed to run Compliance • Visibility and control over endpoints Manageability • Drastic reduction in support costs