State of endpoint risk v3

The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011

Today’s Agenda

2011 Trends in the Threat Landscape

State of Endpoint Risk 2011:Survey Results

Summary and Recommendations

Q&A

Today’s Panelists

3

Dr. Larry PonemonFounderPonemon Institute

Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE

4

2011 Threat Trends

1. State-sponsored cyber crime will become a regular occurrence

2. Social media goes deeper – increasing threats

3. Security will finally arrive for virtualization

4. Wikileaks will not go away

5. Mobile devices will come under greater attack

6. VoIP will be used as a covert channel in data breaches

7. Medicare fraud via ID theft will see explosive growth

View Paul’s entire blog at: http://blog.lumension.com/?p=3507

State of Endpoint Risk 2011Survey Results

Ponemon Institute LLC

• The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.

• The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.

• Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations. Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.

• The Institute has assembled more than 50 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.

6

Project Summary

• The purpose of this study is to determine how effective organizations are in the protection of their endpoints and what they perceive are the biggest obstacles to reducing risk.

• Our study involves 564 respondents located in the United States who are deeply involved in their organization’s IT function.

» 51 percent are managers or hold higher positions in their organizations.

» 50 percent report directly to the chief information officer (CIO).

» 21 percent report to the chief information security officer (CISO).

» 28 percent work in IT security.» 22 percent are in IT operations.» 21 percent are in IT management. 

Survey response Freq. Pct%

Total sampling frame 11,896 100.0%

Bounce-backs 1,875 15.8%

Total survey responses 782 6.6%

Rejected surveys 65 0.5%

Final sample 717 6.0%

Final sample after screening 564 4.7%

7

Industry distribution of the 564 respondents

19%

13%

11%

8%7%

6%

5%

5%

5%

4%

4%

4%

3%3% 3%

Financial services

Public Sector

Health & pharmaceuticals

Services

Retailing

Technology & software

Research & education

Industrial

Transportation

Communications

Consumer products

Hospitality

Defense

Entertainment and media

Other

8

Attributions About Endpoint Security

We have ample resources to minimize IT endpoint risk throughout our organization.

Our endpoint security operations are well managed.

Existing blacklisting technologies (anti-virus/anti-malware) are effective in managing endpoint security risks.

IT executives are supportive of our organization’s endpoint security operations.

Our IT endpoint risk management procedures and policies are well documented.

New whitelisting technologies make it easier to efficiently manage endpoint security risks.

Our IT and security personnel are qualified to execute endpoint security operations.

0% 20% 40% 60% 80% 100%

37%

38%

39%

41%

41%

42%

51%

63%

62%

61%

59%

59%

58%

49%

Agree Disagree

9

Agree = strongly agree and agree combined. Disagree = unsure, disagree and strongly disagree combined.

Is your IT network more secure now than it was a year ago?

Yes No Unsure0%

5%

10%

15%

20%

25%

30%

35%

40%36% 36%

28%

The study finds that the majority of respondents believe their organizations’ endpoints are vulnerable to attacks. 64 percent of respondents say their organizations’ IT networks are not more secure than last year percent or are unsure (36 percent + 28 percent).

10

Which of the following incidents happened during the past year?

Denial of service attack

Targeted cyber attacks

Cyber attack on mobile platform

Loss of sensitive data by a third-party

Spyware network intrusion

Botnet attack

Loss of sensitive data by an malicious insider

Loss of sensitive data by a negligent insider

Theft of desktops, laptops or other devices

Virus or malware network intrusion

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

11%

26%

37%

45%

46%

56%

61%

89%

95%

98%

Organizations face a variety of incidents that threaten the security of the endpoint. During the past year, 98 percent have had virus or malware network intrusions, 95 percent have had desktops and laptops or other devices stolen. Eighty-nine percent have lost sensitive data because of a negligent insider and 61 percent lost sensitive data because of a malicious insider.

11

Which incidents are you seeing frequently in your IT network?

Other

Rootkits

Clickjacking

Existing software vulnerability > 3 months

Spyware

Existing software vulnerability < 3 months

Zero day attacks

SQL injection

Botnet attacks

Web-borne malware attacks

General malware

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

21%

23%

25%

26%

27%

30%

34%

38%

64%

75%

92%

The most frequently encountered IT network incidents are general malware attacks (92 percent of respondents), web-borne malware attacks (75 percent of respondents), botnet attacks (64 percent of respondents) and SQL injections (38 percent of respondents).

12

Have your malware incidents increased over the past year?

Yes, major increase

Yes, but only slight increase

No, they stayed the same

No, they have decreased

Not sure0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

43%

22%

15%

9%11%

43 percent of respondents say there has been a major increase in malware attacks and 22 percent say there has been a slight increase over the past year. Only 9 percent of respondents believe malware attacks have decreased over the past year.

13

How many malware incidents does your org deal with monthly?

< 5 5 to 10 10 to 25 25 to 50 > 500%

5%

10%

15%

20%

25%

30%

35%

40%

6%

11%

21%

27%

35%

35 percent of respondents say they have had more than 50 malware attempt incidents each month. Another 27 percent believe their organizations encounter between 25 to 50 malware attacks each month. On average, that means that there can be one or more malware attacks per day.

14

Where is the greatest rise of potential IT risk? (Top 3 choices)

Our data centers

Removable devices and/or media

Within operating systems

Network infrastructure environment

Smart phones (Blackberry, iPhone, Android)

Cloud computing infrastructure and providers

Virtual computing environments

Our server environment

Insider risk

Across 3rd party applications

PC desktop/laptop

Mobile/remote employees

0% 10% 20% 30% 40% 50% 60%

9%

10%

11%

11%

14%

18%

20%

32%

37%

39%

48%

50%

Only 11 percent say the network infrastructure environment (gateway to endpoint) and vulnerabilities within their operating systems are driving greater potential IT risks. 10 percent say removable devices such as USB sticks and/or media such as CDs and data centers are contributing to IT risks.

15

Which one incident represents your biggest headache?

Spywar

e

Botne

t atta

cks

Clickja

ckin

g

Existin

g so

ftwar

e vu

lner

abilit

y < 3

mon

ths

Existin

g so

ftwar

e vu

lner

abilit

y > 3

mon

ths

SQL in

jecti

on

Zero

day a

ttack

s0%

10%

20%

30%

40%

2%5%

8%11%

16%

23%

35%

The top three incidents that present the most difficult challenges for respondents are zero day attacks (35 percent), SQL injections (23 percent) and the exploit of existing software vulnerabilities greater than three months old (16 percent).

16

 Which are the greatest IT security risks next year? (Top 3 concerns)

Lack of coordination between security & operations

Increasing sophistication of cyber attacks

Application risk & vulnerabilities

Insufficient IT budget & resources

Cloud computing

Negligent insiders

Increasing number of cyber attacks

0% 10% 20% 30% 40% 50% 60% 70%

36%

40%

46%

47%

49%

50%

61%

The below chart lists in descending order what respondents perceive as the seven most serious security risks their organizations will face in the near future. Respondents predict the top three IT security risks in the next 12 months will be:

17

Which endpoint technologies does your org use?

Device control (USB, removable media)

Application whitelisting (endpoint)

Data loss prevention (DLP)

Endpoint management & security platforms

Application control firewall

Configuration management

Network access control (NAC)

Vulnerability assessment

Patch & remediation management

File or disk encryption

Intrusion detection

Endpoint firewall

Anti-virus & anti-malware

0% 20% 40% 60% 80% 100% 120%

26%

29%

33%

40%

47%

49%

49%

51%

53%

56%

57%

60%

98%

Nearly everyone (98 percent) has anti-virus and anti-malware technologies in place followed by endpoint firewalls (60 percent) and intrusion detection systems

18

Which endpoint technologies are most effective?

Intrusion detection

Data loss prevention (DLP)

Patch & remediation management

Configuration management

Application whitelisting (endpoint)

Network access control (NAC)

File or disk encryption

Application control firewall

Anti-virus & anti-malware

Device control (USB, removable media)

Endpoint firewall

Endpoint management & security platforms

Vulnerability assessment

0% 10% 20% 30% 40% 50% 60% 70% 80%

19%

23%

38%

39%

44%

46%

51%

52%

57%

57%

59%

61%

70%

Respondents reveal what we refer to as the gap between the technologies used and the technologies considered most effective.

19

Is your IT organization’s operating cost increasing?

Yes 48%

No 41%

Unsure 11%

20

What are the main cost drivers to increasing IT OPEX?

Incr

easin

g he

lp d

esk c

alls

Reim

agin

g of

end

poin

ts

IT st

aff b

andw

idth

cons

umpt

ion

Lost

empl

oyee

pro

ducti

vity

0%

10%

20%

30%

40%

50%

60%

70%

31%35%

40%

64%

The two main cost drivers are lost employee productivity (64 percent) and IT staff bandwidth consumption (40 percent). With respect to bandwidth, this has become a critical issue as IT and end-users access Internet sites that provide rich content such as videos.

21

Does your org have application installation and usage policies?

Yes, we only allow IT sanctioned applications to be used and have the means to enforce this policy

Yes, we only allow IT sanctioned applications to be used but we cannot enforce this policy

No, we allow any applications to be used

0% 10% 20% 30% 40%

29%

38%

33%

They are, however, leaving their endpoints vulnerable by allowing the indiscriminate use of applications or not enforcing policies governing the appropriate use of applications. As shown below, 38 percent of respondents have policies regarding application installation and usage but do not enforce them and one-third of organizations allow any applications to be used.

22

Endpoint apps - what are the greatest challenges? (Top 3 choices)

Identifying and managing application usage

Scanning and cleaning applications for malware

Ability to “sandbox” applications and analyze their behavior

License metering and reporting

Discovering what applications that are trafficking on the IT network

Restricting what applications enter the IT network through the gateway

Ensuring that vulnerable applications are patched

Discovering what applications are residing on the network

Preventing applications from being installed or executing on our endpoints

0% 10% 20% 30% 40% 50% 60%

17%

20%

23%

30%

32%

34%

42%

47%

55%

The top 3 challenges with respect to their endpoint applications are: preventing applications from being installed or executing on their endpoints (55 percent), discovering what applications are residing on the network (47 percent) and ensuring that vulnerable applications are patched (42 percent).

23

What application management capabilities does your org have?

Ability to discover all applications in use on the IT network

Ability to block use of specific applications across roles, departments, groups

Ability to restrict application executable files from running on endpoints

Ability to force encryption of files and content types (SSN, bank acct no., etc.) onto removable devices (USB, CD, DVD etc.)

Ability to filter, restrict, and encrypt content based on context (SSN, bank acct no., etc.)

Ability to limit access to specific applications functionality (read access, write access, file transfer)

Ability to detect virus and promptly clean infected systems

0% 10% 20% 30% 40% 50% 60% 70% 80%

33%

35%

36%

41%

43%

49%

71%

Respondents say they have the following capabilities in place or plan to implement in the next 12 months:

24

Which Web 2.0 challenges are of greatest concern?

Impact on IT network resources

Increasing risk of data loss/theft

Impact to user productivity

Increasing malware introduction

Increasing risk of inadvertent exposure of confidential data

Ability to identify applications in use across the IT network

0% 10% 20% 30% 40% 50% 60% 70%

20%

39%

42%

48%

51%

59%

The concern respondents have about negligent and malicious insiders is reflected in their response to how Web 2.0/social media will affect their information risk environment. The top Web 2.0/social media challenges facing respondents’ organizations are: ability for IT to identify applications in use across the IT network (59 percent), ability to manage the risk of inadvertent exposure of data (51 percent) and increasing malware (48 percent).

25

Are any of these applications forbidden by policy or blocked?

Yes 49%

No 45%

Unsure 6%Web applications Pct%

Mozilla Firefox 2%

Apple apps 8%

VMware 14%

Apple/Mac OS 15%

WinZip 19%

Oracle applications 39%

Microsoft OS/applications 44%

Google Docs 46%

Adobe 54%

3rd party applications outside of Microsoft 58%

When it comes to IT security, which applications concern you the most in terms of increasing vulnerabilities and IT risk?

26

Do you have a dedicated team for patch/vulnerability management?

Yes Not yet, but we are planning to create one

No0%

10%

20%

30%

40%

50%

60%

33%

15%

52%

Twenty-six percent have not changed their priorities regarding patch/vulnerability management. Fifty-two percent say they do not have a dedicated team for patch/vulnerability management. One-third of respondents say they do have a dedicated team and 15 percent are planning to create one.

27

Summary of Findings

•Current approaches to endpoint security are ineffective and costly.

•Organizations do not feel more secure than they did last year. » This is mainly due to the use of ineffective technology solutions when better,

more effective/efficient technologies exist but are not heavily implemented.

• IT operating expenses are increasing and a main driver of those costs is tied directly to an increase in malware incidents. » 59 percent of respondents consider malware a significant factor in those cost

drivers.

•Malware is on the rise with attack vectors focused more on third-party and web-based applications.

28

Q&A

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

[email protected]