Post on 24-Dec-2015
Norman Enterprise Security Suite
Increased control reduce TCO
For an average enterprise, indirect cost elements may contribute 50% or more of the overall TCOGartner, Inc.
Calculating endpoint TCO
• Technology procurement
• Staff maintaing the technology
• Upgrades
• Reimaging
• Replacements
• Management systems
• Security systems
• Security incidents• Potential loss value
Endpoint TCO Increasing Due to Malware
Malware Related Costs:
– IT Effort To Enforce Endpoint Security Policy
– Cost To Reimage Computers
– Cost To Upgrade Computers
– Cost To Replace Computers
– Cost of Increased Help Desk calls
– Decreased User Productivity
4
Malware Signatures
Malware Related Costs
Traditional Endpoint Security
Effectiveness
2007: 250K Monthly
Malware Signatures Identified
2013: 2M+ Monthly
Malware Signatures Identified
Fame to ProfitExponential
GrowthIncreasing
Sophistication
The Endpoint is the main Attack Vector
Browsers, Apps and OS all have known vulnerabilities• 2/3 of apps have known
vulnerabilities.
• Average patch install delay -> 45 days (corporates)
Rogue USB • Injecting malware: Conficker,
Stuxnet Etc.
• Data loss/removal
Virus/Malware• 3 Million malware is added to the
AV signature files per month
• Average 100 000 new malware per day
Industry-wide operating system, browser, and application vulnerabilities, 1H10–2H12
Source: MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 14
Unique computers reporting different types of exploits, 3Q11–4Q12
Source: MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 14
Vulnerability disclosures for Microsoft and non-Microsoft products, 1H10–2H12
Source: MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 14
Microsoft takes care of Microsoft
Who takes care of all the other applications?
Windows update is a good tool,
but...
... generates frustrating
restarts
Additional update agents needed
All these agents generates:• Memory footprint• CPU usage• Additional reboots
Growing Endpoint Complexity
Many Consoles
Disparate Architecture
ManyAgents
Multiple Consoles• 3-6 different management consoles on average
for endpoint security and management
Agent Bloat• 3-10 agents installed per endpoint
• Memory and CPU load
• Decreased network performance
Lack of Control• 54% of IT security professionals cite managing
the complexity of security as their #1 challenge
• 43% of existing access rights were either excessive or should have been retired
Increasing TCO of Point Technologies• Integration & Maintenance
Many Vendors | Many Consoles | Many Agents
Solution Strategy
Defense in Depth Endpoint Strategy
Patch & Config.Mgmt.
Reduce IT risk by gaining control over unknown and unwanted applications
48% of IT departments report that operating expenses are increasing with the main driver tied directly to increasing malware incidents.
Norman Platform Advantage
ManyProducts
ManyConsoles
Disparate Architecture
ManyAgents
One Partner One Platform Many Solutions
• Single Console
• Agile architecture
• Single Agent
Modular Agent
• Single common agent delivers and manages many capabilities via pluggable services
• Provides single, integrated communication mechanism between the NESEC agent and the server
• Monitors and secures NESEC modules on the endpoint
15
Patch and Remediation
Application Control
Client Transport
SecurityCO
MM
Eve
nt
Qu
eu
e
NESEC Platform Architecture
Norman Enterprise Security Server
Corporate HQ
Remote Offices & Subsidiaries
DMZ
Online-Offline Continuous Policy Enforcement
Norman Distribution Server
Norman Distribution Server
VulnerabilitiesPatches
Hashes
Unified Compliance Framework
Application Integrity Services
AV Signatures
Configurations
Systems Management
WAN
Norman Distribution Server
Norman Distribution Server
Unified Content and Integrity Services
Mobile Endpoints
Internet
Patch & Remediation
Vulnerability Management Should Be Easy, Right?
Proactively managing your vulnerabilities eliminates 90% of your risk…
“Over 90% of cyber attacks exploit known security flaws for which a remediation is available”
- Gartner
18
Norman Patch & Remediation
Comprehensive and secure Patch Management
• Rapid, accurate and secure patch and configuration management for applications and operating systems:
– Support for Windows and Non-Windows OS– 3rd Party application support– Avoid patch drift– Granular deployment control for Server and Desktop
environments• Systems management capabilities
RHEL 3 x86RHEL 4 x86SLES 9 x86
SLES 9 x86_64SLES 10 x86
SLES 10 x86_64Solaris 8-10 SPARC
Solaris 10 x86Solaris 10 x86_64
HP-UX 11.00-11.23AIX 5.1-5.3Mac OS X
Adobe Acrobat ReaderAdobe Flash Player
Apple iTunesApple QuickTime
Apple iLifeApple Safari
Mozilla FirefoxRealPlayer
Sun JRECitrixSkype
WinZipVMware ESX Server
VMware ServerVMware Player
VMware Workstation
Windows 2000 SP3Office 2000
PowerPoint 2000Project 2000
Word 2000Excel 2000
Access 2000Office XP
Visual Studio .NETInternet Explorer 5.5
ISA Server 2000Content Management
Server
Content Beyond Windows Update
Windows 8Windows 7Windows VistaWindows Server 2008Windows XPWindows Server 2003Windows 2000 SP4SQL Server 2000 SP4 - 2005Exchange Server 2003 - 2007.NET FrameworkMDACInternet Explorer 5.01 SP4 - 9ISA Server 2004SharePointOffice BrowsersOffice 2003, Office 2007Office XP SP2+DirectXWindows Defender
Windows Update
Legacy Content
3rd Party Apps
Addt’l Platfo
rms
Delivering more than just patching…
• Systems Management:• Inventory:
– Software– Hardware– Services
• Software Distribution• Remote Desktop• Power Management
– Policy Setting / Enforcement– Wake on LAN
• Configuration setting / enforcement– Disable 3rd party vendor auto
update, Adobe, Java• Compliance Controls
Device Control
The USB challenge
• Unintentional Data loss
• Intentional data removal
• “Any USB stick is to be considered as the open Internet” (Kongsberg Maritime)
• Rouge USB portable storage devices may inject malware to the PC at insertion
Today’s most wanted criminal.....
... in the hands of your most trusted employee
How we lose our data
Un-intentional data loss
Intentional data leakage
Norman Device Control
– Policy-Based Data Protection and Encryption• Granular Policy Management:
– On all ports and removable media devices plugging into the endpoint:
» Bi-Directional file copy shadowing
» File type filtering
» Data copy restrictions
• Encrypting sensitive data
• Meet compliance mandates
Norman Device Control
PCMCIA
WIFI
COM
FIREWIRE
Bluetooth
IrDA
USB
LPT
LAN
Controls access to any plug & play device regardless of connectivity type
World of Devices
Application Control
Norman Application Control
Proactive Protection Against Malware and More
– Visibility and Control:
• Control local admin rights
• Deny unwanted / unapproved application
• Easy Audit
• Easy Lockdown
• Automated whitelist with rules based trust engine:
» Trusted Updater» Trusted Publisher» Trusted Path» Local Authorization
Reduce Local Admin Risk with Application Control
Control Panel – uninstall program
Task Manager – kill process
Regedit / Command
Action Example How Norman Stops
Install Applications
Change Configurations
Remove Patches & Uninstall Software
Defeat Security Tools
control.exe
Denied Application:
Denied Application:cmd.exeregedit.exe
taskmgr.exeDenied Application:
Application Control:Easy LockdownTrust Engine
Return of investment
Customer stories
• «Number of full time IT maintenance employees reduced from 4 to 1.5»
– Freed up 2.5 to other tasks
• «Marginal return of over 90%»– Per $ 1.00 spent - avoiding $1.91 in endpoint
related cost
• Average experienced ROI: 15,4 months
Strategic direction
By investing in the neccesary software and automation, IT resources can be freed up to work on strategic initiatives that drive the bottom line
Thank you!