Presentation is loading. Please wait.

Presentation is loading. Please wait.

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.

Published byBaldwin Weaver Modified over 9 years ago

Similar presentations

Presentation on theme: "This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner."— Presentation transcript:

1

2 This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2010 Gartner, Inc. and/or its affiliates. All rights reserved. Terrence Cosgrove Security and Management Convergence on the Desktop

3 Defending Against Targeted Attacks Find and fix system vulnerabilities Shield vulnerable applications Network defenses Find and fix application vulnerabilities Shield vulnerable systems Steal data Compromise accounts Target User Install malware Surveillance Steal user's credentials Compromise servers Compromise applications Perfect defenses not achievable

4 Malware Trends Volume increasing -+ 138,000/month, accelerating Infection rates increasing -3% to 5% of enterprise PCs Web-enabled Easily customizable Ransomware Trojans Lower level (BIOS, RAM, driver) Conflicker was an exception, not the trend Unique Malware Threats (in Millions) Source: Symantec Threat Report, 2009

5 Security and IT Operations: Dependent but Different Service Quality Lower TCO Risk Identification Risk Mitigation Compliance Desktop Lockdown Configuration Standards SW/Patch Distribution Infrastructure HW/SW Inventory Operations Security Compliance Different Goals … But Common Methods

6 90% of successful attacks occurred against previously known vulnerabilities where a patch or secure configuration standard was already available. Fix the Root Cause of Security Problems Apps installed Patches installed Settings /configurations Agents/Services Block apps Deploy patches Change mis-configured settings Reinstall missing agents Reduce the attack surface Reduce the time to security Rogue apps Missing patches Configuration errors Encryption not installed

7 The Mobile User: A Growing Security and Management Problem Issues : They are beyond the perimeter Visibility: Will they get patches; how do I ensure compliance? They probably have admin rights Organizations often have separate security metrics for notebooks and desktops Mobile PC Unit Share, 1Q03-4Q11 Telework Growth: 27% of U.S. workers telework at least one day per month By 2011, 46.6 million employees globally will telework at least one day a week, and 112 million will telework at least one day per month Source: "Dataquest Telebriefing: Preliminary PC Forecast and Market Scenarios, 3Q09" (G00170798) Source: "Gartner's Telework Action Plan Is Key to Successful Implementations" (G00162349)

8 Vulnerability Management Weak Spots: Patch Management Strategy Tightly manage configuration diversity Automate quality assurance (QA) testing Network isolation and deployment of intrusion prevention technology Invest in monitoring technology (breach discovery) Patch management over the Internet (a few products support it) Activate and manage personal firewalls, consider host intrusion protection software (HIPS) Encrypt laptop data Strategy Not accessible for rapid patching from the internal network Threat exposure (outside perimeter protection) Loss exposure (sensitive data) Mobile PCs

9 Patch Management: A Maturing Discipline Group Responsible for PC Patch Management Maturity LevelCharacteristics 1Awareness Inconsistent standardization Ad hoc testing Crisis/deadline driven Results ~80% 6-8 weeks 2Committed Some standardization Resources assigned, but not dedicated Results: ~85% patched in 6 weeks 3Proactive Standardization Formal testing Ongoing assessments Few crises 95% patched in 2-3 weeks 4Business Aligned Service orientation Proactive assessment No crises Continuous business assessment for risk Source Gartner 2010 Patch Management Maturity Analysis

10 Security Configuration Assessment Group Responsible For Security Configuration Assessment Early, but moving over to desktop Many do Security Configuration Assessment within both Security and Ops Source Gartner 2010 Why It's Needed Vulnerability reporting not oriented toward remediation. The root cause of many vulnerabilities can be eliminated through changes in provisioning and administration processes. Advice Security orgs should orient mitigation initiatives with IT ops around security configuration assessments (as opposed to vulnerability assessments).

11 Endpoint Protection and Operations Integration: Why? Group Responsible for Antivirus Deployment and Management Source Gartner 2010 Rapid benchmark capability What assets do we have? What software is on them? -Is the software malicious, nonproductive, unlicensed, redundant, nonstandard, vulnerable? Is the software/machine configured correctly? Are we compliant with the regulation du jour? How do we move seamlessly from problem detection to remediation?

12 User Owns and Manages PC Company Owns PC Application Control PolicySettings No Control Basic Application Control Software Control No app control Only blacklisted apps can't run Per-app system resource control Only permitted apps use network No policy Written policy Technology- enforced policy Users can change any settings Users cannot change certain settings Users cannot change any settings Users can add any software Users can add and run apps not on blacklist Users cannot add software Users can add and run apps on whitelist Per-app port control Only whitelisted apps can run Full Control Windows Application Control Solutions: An Alternative to Desktop Lockdown

13 Lock Down Most, but Not All, Users Through 2015, IT organizations will continue to deploy lockdown policies on the majority of PCs. Reasons this will be true: 52% of organizations increasing the number of locked-down users; 31% keeping the same levels "Standard user" increasingly recognized as best practice Apps are increasingly written to run as a standard user Reasons this will be false: Mutiny: the new generation of worker will not allow it Application control tools will do a better job of locking down the PC while giving users some freedom User's workspace will be hosted in the data center; we don't care what's on the device

14 Data Leakage Threats: Encrypt Data, Track Usage and Disposal Source: www.crimereduction.gov.uk/graphics/burglar1.gif Source: www.leics.gov.uk/kiosk.jpg hard drive Group Responsible for the Operations of PC Data Encryption

15 Convergence: Host Intrusion Prevention, Configuration Management, Software Distribution Vulnerability Assessment Security Inventories Operational Configuration Policy Anti-spyware Operational Inventories Security Configuration Policy Audit Personal Firewall Antivirus Software Distribution HIPS Patch Management Consolidated Inventory Endpoint Suites PC Intrusion Prevention (AV, AS, HIPS, PFW, Others) PC Intrusion Prevention (AV, AS, HIPS, PFW, Others) Software Distribution (Including Patches) Software Distribution (Including Patches) Configuration Management Vulnerability Assessment Endpoint Suites

16 Security and Operations — Integrated Processes with Segregation of Duties Identity and Access Policies Security Configuration Policies Threat/Vulnerability Assessment Security Network and System Compliance Audit Monitor Privileged Access Implement Configuration Changes Software Distribution/Patch Install Network Operations System Administration Desktop Support Availability/Change Management Provision Systems Privileged Users Database Administration Internal Audit/Compliance

17 Recommendations Actions are set in italics. Adopt a process-centric approach to security. Develop mitigation processes on the assumption that content and software will be: -Used in unexpected ways -Abused -Stolen -Attacked by outsiders and insiders Move routine security processes to IT operations groups. Balance spending among mitigation, shielding and monitoring based on practical limitations of mitigation for specific IT components.

18 Resources More information about “Convergence”: www.microsoft.com/windows/Convergence www.microsoft.com/windows/Convergence For upcoming and previously live webcasts: www.microsoft.com/webcast www.microsoft.com/webcast Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781 http://go.microsoft.com/fwlink/?LinkId=41781

Download ppt "This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner."

Similar presentations

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google