Your Partner for Superior Cybersecurity Rob Juncker, Vice President, R&D Your Partner for Superior Cybersecurity

Your security risk is higher than ever. $19.95/mo. 40% 1 in 2 buys hackers easy-to-use “as-a-service” options for attacks ZDNet of spam contains ransomware IBM executives experience a ransomware attack IBM All top cybersecurity threats, including malware, phishing, and cyber attacks to steal financial information and intellectual property or data, are on the rise. (Source: the EY’s Global Information Security Survey 2016-17.) In the U.S. alone, there were a total of 501 publicly disclosed data breaches in 2016—nearly twice that of the 266 recorded in 2015. (Source: Privacy Rights Clearinghouse.) The uptick is in no small part due to how much easier it is to take up the mantle of cyber attacker. Today’s exploit kits, for example, simplify cyber attacks for even inexperienced hackers. These malicious toolkits come with pre-written exploit code and require no knowledge of how it works. Often a simple web interface allows licensed users to log in and view active victims and statistics. These kits may even include a support period and updates, much like legal commercial software. For its part, ransomware has evolved from a simple scary hack to enterprise-grade, nearly unbeatable malware that holds computers hostage and locks down entire systems. Combine that with the fact that nearly 40 percent of all spam emails sent in 2016 contain ransomware and it’s clear that at any point an unassuming user may click on something they shouldn’t. (Source: IBM X-Force study, http://www-03.ibm.com/press/us/en/pressrelease/51230.wss.) Research conducted by IBM X-Force found that one in two executives have experienced a ransomware attack at work. That’s potentially half the executives in your organization.

of recipients open phishing messages. 30% of recipients open phishing messages. click on attachments. 12% Verizon 2016 DBIR At alarming rates, users with their many devices are falling victim to ransomware and other malware via user-targeted attacks. According to the Verizon RISK team, 30 percent of phishing messages were opened—up from 23 percent in 2015—and in 12 percent of those events users clicked to open the malicious attachment or nefarious link. (Source: Verizon 2016 data Breach Investigations Report [DBIR].) The 2016 DBIR highlights the rise of a three-pronged phishing attack: The user receives a phishing email with a malicious attachment or a link pointing to a malicious website. The user downloads malware, which attackers can use to look for secrets and internal information, steal credentials to multiple applications through key logging, or encrypt files for ransom. Attackers can also use stolen credentials for further attacks: for example, to log into third-party websites like banking or retail sites.

You can’t afford to be wrong on this one. 93% 70% $1B USD of data breaches compromise organizations in minutes or less of businesses hit pay the ransom in ransom paid in 2016 2016 Verizon DBIR IBM FBI estimate You don’t want to be one of the 70% of cornered businesses that pay up when hit by ransomware to regain access to business data and systems. (Source: IBM X-Force study.) But what do you do when you have so little time to react? 93% of data breaches compromise organizations in minutes or less. (Source: Verizon 2016 DBIR.) The money remains a big draw for cyber criminals—which means you could be in this position sooner than you think. According to FBI estimates, criminals collected $209 million in revenue in the first quarter of 2016, and that number was expected to exceed $1 billion by year end. (Source: http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/.) So today? You simply can’t afford to make the wrong call when it comes to securing your organization.

Bring IT Ops and Security together. Only Security Both Only IT Security alerts Privilege management Server OS patching Application whitelisting Setting IT access control panels What could make your organization much more vulnerable to a cyber attack is a lack of synergy between IT Operations and Security. What if your security team discovers a breach, for example, but your IT Ops team is slow to react? Or IT Ops corrects an application failure that is actually a system hack? With more surface area to cover, more mission-critical assets to protect, and more sophisticated threats to defend against, security issues are increasingly complex. So these two teams must find a way to work together better to identify and protect vulnerable IT systems.

Feedback from a survey of 100 CIO/CSOs “We have to tear down the traditional view of what an IT operations entity is and what a security entity is.” On behalf of LANDESK (now Ivanti), global advisory firm The Chertoff Group surveyed 100 CIOs/CSOs in October of 2016 to determine what they considered to be the most important security challenges in managing their endpoints today. The results revealed a desire to redefine IT Operations and Security…

“IT wants things to work smoothly, while security wants security. Feedback from a survey of 100 CIO/CSOs “IT wants things to work smoothly, while security wants security. At the endpoint, they have to work together to maintain both.” …and a clear understanding of the benefits of bringing them together under one strategy.

Feedback from a survey of 100 CIO/CSOs “You do not need 15 best-in-breed products for a successful layered approach to cybersecurity.” They also revealed an awareness of the need for a simpler, more focused security solution.

Unfocused security strategies lead to Expense in Depth. According to The Chertoff Group’s findings, organizations are being squeezed by budgets yet again. Though the money flows more freely for security than IT, they still struggle to maintain their security posture with flat or decreasing budgets. Without a focused security strategy, though, device sprawl is costly—and also out of control. IT teams spend too much time managing security. <A list of technologies is provided below that you can call out as you choose.> Add to this a major cyber security labor shortage that forces companies to optimize their security personnel, and clearly a focused security strategy leveraging tech that’s both comprehensive and simplifies management offers a strong advantage over other solutions. <List of security point solutions found in organizations:> Unified Threat Management Data Loss Prevention Two-factor Authentication Next-Generation Firewall Intrusion Prevention System Containerization Configuration Management Web Proxy Wireless Intrusion Detection System Passive Vulnerability Scanner Network Analysis and Visibility Software Inventory Tools Encryption Mobile Device Management Malware Analysis Automated Asset Inventory Discovery Tool Antivirus Blacklisting Configuration Auditing SIM Microvisor Security Application Control Endpoint Analysis File Integrity Monitoring Predictive Threat Modeling Secure File Transfer Threat Intelligence Wireless Intrusion Prevention Whitebox Testing Endpoint Visibility Host Intrusion Prevention Application White Listing Firewall Application Wrapping Data Execution Prevention Just Enough Administration JIT Administration Intrusion Detection Systems Database Activity Monitoring DDoS Mitigation Forensics Continuous Vulnerability Assessment Network Intrusion Prevention Web Application Firewall Network Access Control Antispyware Email Proxy Vulnerability Scanner Privileged User Monitoring Network Encryption File Activity Monitoring Digital Rights Management Big Data Analytics Sandboxing Patch Management Blockbox Testing Systems Hardening

Make sense of endpoint security. Report key takeaways: Endpoint security is critical to defend against data breaches. Security pros seek to balance prevention and detection. Consolidating technologies leads to more effective suites. For Forrester TechRadar­­: Endpoint Security, Chris Sherman, a senior analyst at Forrester, examined past research, surveyed experts, and experimented with endpoint security products to determine the following about those products: Current business value Potential business value (overall trajectory, from minimal to significant success) Current market maturity (“ecosystem phase”) Time to next stage of maturity Key takeaways from the report include: Endpoint security is critical to defend against data breaches. Security pros seek to balance prevention and detection. Consolidating technologies leads to more effective suites. Source: Forrester TechRadar™: Endpoint Security, Q1 2017, by Chris Sherman, January 27, 2017

Focused strategies lead to strategic IT success. Provide defense in depth. Integrate the environment to discover the breadth of risk. Provide tech that reduces the attack surface. Analyze data for insight into issues. Take action to solve problems. Balance security with user needs. Learn about users and discover their needs. Provide security without interfering with jobs. Silently provide service through upgrades and risk evasion. Increase productivity with the right tools. Sherman and a great many others champion a more focused solution—carefully selecting the right integrated solutions to provide: A complete view of the network environment Comprehensive security that pinpoints issues anywhere in your organization Threat mitigation while protecting and even boosting user productivity

Our approach to security Discover Provide insight Take action Easily find and quantify the assets you need secured. Clearly identify risk. Use best-in-breed tools to act swiftly. Integrated, easy-to-use security offering

Our defense-in-depth solutions Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Patch and secure the OSes and 3rd-party apps that you can. Prevent all other apps from running while practicing the principles of least privilege. Add advanced anti-malware and AV capabilities, device control, and global policy for all devices. Marry security capabilities with workflows and asset management processes to complete a secure lifecycle. Patch management Vulnerability management Application control Privilege management Device control Anti-malware Threat alerting Asset management Service management Secure configuration management What do we mean by discover, provide insight, and take action? First? Know what’s in your environment—because you can’t protect (or defend against) anything you don’t know is out there. Next? Patch the OS and the applications that support patching. Block the applications that don’t. Add advanced anti-malware and AV capabilities, device control, and global policy for all devices. And marry security capabilities with workflows and asset management processes to complete a secure lifecycle. Discovery

Tie it all together with real-time dashboard reporting. Cut through the mass of information to the critical insights that matter. Pre-built connectors for nearly every tool you use Customized connectors too No coding, business intelligence gurus, spreadsheets, or data silos And, finally? Know your results. Since you have no real defense without real insight into your environment, Xtraction turns reporting into a checkbox, with data on demand and the ability to easily create new dashboards and reports to get the right data into the hands of executives, directors, and line-of-business (LOB) and application owners. Pre-built connectors for nearly every tool you use (service desks, monitoring and ITAM toolsets, phone systems, etc.)—mean no coding, business intelligence gurus, or spreadsheets—and no data silos. And Xtraction can be customized to connect to even more, so everyone can view their data enterprise-wide in context—cutting through the mass of information to the critical insights that matter—to make smarter, faster decisions with ease.

Our defense-in-depth products Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Ivanti Patch for Endpoints Ivanti Patch for Servers Ivanti Patch for SCCM Ivanti Application Control for Endpoints Ivanti Application Control for Servers Ivanti Application Control for SCCM Ivanti Endpoint Security Ivanti Server Security Ivanti Service Manager Ivanti Asset Manager Discovery

Security Compliance

Critical Security Controls (CSC) The Center for Internet Security Critical Security Controls ensure a more secure environment. Prioritized list of focused actions Compliant with all industry and government security requirements Based on experience with actual attacks Block initial compromises and detect compromised devices A sophisticated, multi-layered approach to security can effectively mitigate the otherwise devastating effects of ransomware and other malware. Cyber watchdogs like the Center for Internet Security (CIS) agree, and are contributing their knowledge and expertise to identify, validate, promote, and sustain the adoption of cybersecurity's best practices.

The first 5 controls CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly reduce security threats. Inventory of authorized and unauthorized devices Inventory of authorized and unauthorized software Secure configuration Controlled use of administration privileges Continuous vulnerability assessment and remediation The CIS Critical Security Controls CSC 1 through CSC 5 establish a solid foundation for radically improving an organization’s security posture. They refer to these as “Foundational Cyber Hygiene.” Inventory of Authorized or Unauthorized Devices* Inventory of Authorized or Unauthorized Software* Secure Configuration of End User Devices Continuous Vulnerability Assessment and Remediation Controlled Use of Administrative Privileges How important are these controls for your organization? Configuring IT systems in compliance with CIS benchmarks has been shown to eliminate 80–95 percent of known security vulnerabilities. (Source: Center for Internet Security.) Here’s just one example. In November 2013 Fazio Mechanical, a small heating and air conditioning firm in Pennsylvania, suffered a breach via malware delivered in an email. In that intrusion, the thieves managed to steal the virtual private network credentials that Fazio’s technicians used to remotely connect to Target’s network. This allowed attackers to penetrate the network, where they were able to eventually place malware on unpatched POS devices and steal 40 million credit and debit numbers. Target later hired consultants from Verizon to help them identify weaknesses in their environment that led to the breach. The conclusion? Weak and default passwords and inconsistent patching. ALL FIVE of the controls listed address those findings. *“Inventory of auth and unauth devices” includes 1) asset inventory, 2) making sure new hardware doesn’t make it onto your network, and 3) patching the hardware. “Inventory of software” includes 1) inventory, 2) application blacklists, 3) whitelisting, and 4) patching.

Our defense-in-depth solutions Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Patch and secure the OSes and 3rd-party apps that you can. Prevent all other apps from running while practicing the principles of least privilege. Add advanced anti-malware and AV capabilities, device control, and global policy for all devices. Marry security capabilities with workflows and asset management processes to complete a secure lifecycle. Patch management Vulnerability management Application control Privilege management Device control Anti-malware Threat alerting Asset management Service management Secure configuration management Ivanti provides a comprehensive, targeted portfolio that addresses the Top 5 and other CSC controls and helps best meet customer cyber security needs. Discovery

Ivanti in Action Now that you know more about what Ivanti does and why, let’s take a closer look at exactly how we help organizations protect themselves from attack.

Rob Juncker Vice President, R&D rob.juncker@ivanti.com