The next step in workspace | Simple, Scalable, Secure

Uw werkplek- en datacenterspecialistOntwerpen • Implementeren • Optimaliseren

The next step in workspaceSimple, Secure & Scalable

Agenda• 12.00 - 13.00 uur Lunch• 13.00 - 13.10 uur Welkom• 13.10 - 13.30 uur Werkplektransformatie• 13.30 - 14.00 uur Citrix• 14.00 - 14.30 uur Koffiepauze• 14.30 - 15.15 uur Nutanix• 15.15 - 15.45 uur AppSense• 15.45 - … uur Afsluiting & borrel

Even voorstellen

Harry BeekmanSr. Account Manager

Over ICT-Partners

• 80 experts• Meer dan 14 jaar ervaring• Twee vestigingen

Cultuur

• Balans• Duurzaamheid• Efficiency

ICT-Partners over ICT

Optimaliseer investeringen en investeer in innovatie

Maak van ICT een echte business-enabler

Een juist strategisch ICT-beleid omarmt technologische ontwikkelingen die de concurrentiepositie van de business versterken.

Werkplektransformatie:van paard & wagen naar Tesla

Door Frans Loth, ICT-Partners

Frans Loth

Introductie

Werkplek 0.0?

Scytale Caesar Cypher

Werkplek 0.0!

• Craftsmanship• Alleen voor de elite• Tijdrovende (re)productie• Indirecte 1-op-1 communicatie• Extreem foutgevoelig• Onveilig, opkomst cryptografie• Opkomst mechanische reproductie• Grote afstand in tijd

Werkplek 1.0

Werkplek 1.0• Alleen op kantoor beschikbaar• Eenvoudige reproductie• 1-op-1 gesproken communicatie• Introductie van mail, 1-op-n

communicatie• Minder foutgevoelig• Afstand van realtime tot uren• Diversiteit, complexiteit in beheer• Personal services• Gebruiker moet tech savvy zijn• Digitale bedreigingen

Werkplek 2.0

Werkplek 2.0• Beheersing van werkplekcomplexiteit

• Technische centralisatie (SBC, VDI, virtualisatie)• Versnelling van deployment• Toename DC complexiteit

• Internet / massacommunicatie / Information at your fingertips• Mobiliteit: werkplek op kantoor, thuis en onderweg• Generic Services• Security is een vakgebied

Ultimate WorkspaceLeef je droom!

Uw werkplek? Dat bent u zelf!

Leef je droom! Ultimate Workspace• Virtuele teams• In line vertaling• Voice command & response• Nieuwe projectietechnieken (glas, holo)• Artificial Intelligence• Virtual Reality• Augmented Reality• Instant data analyse• Volledige persoonlijke afstemming

Gas los!! Terug naar Werkplek 3.0 …

Werkplek 3.0 uitdagingen

• Reductie van technische complexiteit • Vraagfluctuatie, ongebreidelde groei• Veeleisende gebruikers en klanten

• Zelfredzaamheid, gebruikersgemak• Afgestemde, consistente user experience• Access anywhere anytime any device• Cloud Apps / Cloud integratie / Sourcing

• Snel evoluerende bedreigingen• Kosten!• ICT als business enabler & innovatie driver

SIMPLESCALABLE SECURE

Haal meer uit uw werkplek met Citrix & Nutanix!

Door Corné van Ginkel, ICT-Partners

Corné van Ginkel

Introductie

Historie van Citrix Systems

• 1995 Winframe• 1997 Metaframe 1.8• 2001 Metaframe XP• 2004 Presentation Server 3.0• 2005 Presentation Server 4.0, Access Gateway Appliance 4.0• 2006 Access Gateway Appliance• 2007 Presentation Server 4.5, Citrix Desktop Server 1.0, Citrix

WanScaler, Provisoning Server 4.5 (=Ardence), XenServer• …• 2016

Productportfolio• Citrix XenApp

• Citrix XenDesktop

• Citrix XenServer• Citrix XenClient

• VDI-in-a-box• NetScaler

• Workflow Studio

• NetScaler Gateway• NetScaler CloudBridge

• Provisioning Server• XenMobile

• Citrix Receiver

• ShareFile• GoToMeeting

• GoToWebinar• GoToAssist

• GoToMyPC

Leef je droom

De ultieme werkplek

EENVOUD voor de eindgebruiker

COMPLEXITEIT voor de ICT-organisatie

Gemiddelde omgeving

Facts• 2 x Citrix NetScaler Gateway appliances• 2 x Citrix XenDesktop Delivery Controllers• 2 x Microsoft SQL Servers• 2 x Citrix StoreFront servers• 1 x Citrix License Server

• 3 x Citrix Provisioning Services

• 12 componenten in een ‘minimale’ setup (enkelvoudig datacenter)• Hoog kennisniveau vereist door complexe stack• Nog geen rekening gehouden met:

• Enterprise Mobility Management (Citrix XenMobile)• Enterprise File Sharing (Citrix Sharefile)

Complexiteit verminderen door…

…introductie van Citrix Cloud

ServiceavailablenowServiceavailablesoon

Secure Browserservice

LifecycleManagement

AppDNAExpress IoT

Automation3rd PartyServices

Hybrid Cloud | Private Cloud | Any Public Cloud | Any Hypervisor

XenApp andXenDesktop

service

XenMobileservice ShareFile

NetScalerGatewayService

Cloud-Based Delivery Fabric Unites and Deploys all Workspace Technologies

Fast

Flexible

Simple

•Fastest way to adopt core Citrix technology•Instantly integrate Citrix services – XA, XD, XM, SF

•Deploy onto Any cloud, infrastructure, location•Preserve existing HW investments

•Less to install•No More upgrades

Secure • IP located where you want it•No Data handled by cloud management

ANewApproachtoAddingCustomerValue

Simplicity: All Services Are Pre-Integrated …. So customers don’t have to

XenAppandXenDesktopserviceThepowerofsecureaccesstovirtual

Windows,Linux,Webappsanddesktops

XenMobileserviceEnd-to-endmobileapp

deliveryanddevicesecurity

ShareFileShare,syncandsecurecontentfromcloud&on-premisestorageservices

LifecycleManagementBlueprint,automateandmanagethedesignanddeploymentofenterpriseworkloads

SecureBrowserserviceSimple,secure,high-performanceremoteaccesstoanyinternalorexternalwebapp

Customer Value of Citrix Cloud Subscriptions

CitrixOperatestheplatform

Platformisall-inclusive

Fewerserverstoown/operate

Transparentupgrades

Citrixintegratestheservices

Inherentmulti-sitecapable

Maintenanceandsupportincluded

Connectivityincluded

Complexiteit verminderen door…

…introductie van Citrix Cloud…van Citrix Provisioning Services naar Machine Creation Services

Citrix Provisioning Services

Citrix Provisioning Services

• Stream van ‘image’ (vDisk) naar meerdere machines tegelijkertijd• Maakt gebruik van PXE boot technology

• Sterke afhankelijkheid van goede netwerk-setup, DHCP• Sizing is van groot belang (minimaal twee additionele servers)

• Ardence

Citrix Machine Creation Services

Citrix Machine Creation Services

• Functionaliteit van PVS• Eenvoud van MCS

• Geen afhankelijkheid van PXE en DHCP• Sizing niet van belang• Geen additionele servers vereist

Vragen


Door Bart Donders, ICT-Partners

Bart Donders

Introductie

EvolutionofEnterpriseInfrastructure

Scale-Out

Scale-Up

Server

App

Storage

Server

App

Storage

1990s Today

Storage Controller

Storage Controller

Storage Controller

Storage Controller

Server Server

Virtualization

App App

Storage Controller

Storage Controller

BUYPurchase in big increments, incur prediction risk, overprovision

MANAGEMultiple management panes, manual operations

DEPLOYDeployment takes weeks to months --complex, big footprint

SCALEDifficult to grow quickly

SUPPORTMulti-hop support, lack of end-to-end visibility, firefighting

Legacycausescomplexityateverystep

Storage Controller

Storage Controller

Storage Controller

Storage Controller

Server Server

Virtualization

App App

Storage Controller

Storage Controller

Ontwikkelingen binnen IT-organisaties

• Infrastructuur geen focus meer• Van specialisten naar generalisten

• Transformatie van beheer- naar regieorganisatie• Van uitvoerend naar regisserend

• Outsourcing infrastructuur• Iaas, PaaS

• Self-Service• Flexibel op- en afschalen• Automation

The Cloud Era Is Well Underway

“I deployed my applicationin five minutes.”

Rapid Time to Market

“No more time spent on low-level infrastructure

management.”

One-Click Simplicity

“I use and pay for just what I need only when I need it.”

Fractional IT Consumption

“New capabilities are available on a regular basis.”

Continuous Innovation

Why Not Cloud For All Workloads?

Predictable Workloads

Elastic Workloads25%

75%

Balance Owning and Renting For Today’s Enterprise Workloads

Spin up and down resources on the public cloud

Lower costs with private cloud infrastructure

HowShouldInfrastructureBeDelivered?

Privacy and control without significant overhead

Predictable capacity growth with consumption-based pricing

No specialized skills required to operate

Provisioning in hours, not days or weeks

Secure Scale-out

SimpleAgile

SolutiontotheVirtualizationProblem

Built-in Virtualization and Integrated Management

Virtualization

App App

Storage Services

Storage Services

Virtualization

App App

Storage Controller

Storage Controller

Storage Controller

Storage Controller

Server Server

Storage Controller

Storage Controller

Scalable Distributed System Design

VM VM VM CVM

Hypervisor

VM VM VM CVM

Hypervisor

Tier 1 Workloads(running on all nodes)

Nutanix Controller VM(one per node)

VM VM VM CVM

Hypervisor

Distributed Storage Fabric

ü Snapshots ü Clones ü Compression ü Deduplicationü Locality ü Tiering ü Erasure Coding ü Resilience

Node 1 Node 2 Node N

X86 X86 X86

Nutanixplatformhardware

• NX-1065(S)• ROBO

• NX-30x0• CPU-intensief,ideaalvoorVDI• OptioneelGrid-kaarten

• NX-60x0• Storage-Heavy/Storage-Only

• NX-8000• High-Performance• Exchange/Databases

Eliminate Complexity…

Integrated Consumer-Grade Management

IntuitiveBeautifulInsightful

Acropolis Hypervisor (AHV)

• Gebaseerd op KVM• Wordt gratis meegeleverd met de Nutanix software

• VM beheer geïntegreerd in Prism• API driven (acli, Powershell, REST)

Disaster Recovery & Data Protection

• Metro Availability• Synchrone replicatie naar tweede Nutanix cluster• (Ultimate licentie benodigd)• (Maximale roundtrip latency 5ms)

• Asynchrone replicatie• Tijdsinterval > 1 uur

• Local snapshots• Geen performance impact• ‘Ongelimiteerd aantal snapshots’

Disaster Recovery Scenario’s

Acropolis Block Services

• Block Storage middels iSCSI• Guest virtual machines• Bare metal servers

• Use Cases• Exchange op vSphere (Microsoft support)• Shared disks voor clusters (Microsoft, Oracle Rac)• Licenties issues (Oracle)

Waarom Nutanix?

• Inspanningen voor beheer zijn minimaal• Rolling upgrade zonder downtime• Self-healing platform

• Flexibel en schaalbaar• Per node uitbreidbaar• Lineaire performance

• Goede performance• All-flash of hybride

• Uitstekende support• Support voor de gehele stack, inclusief hypervisor en (enkele) applicaties

Vragen


Layered Approach to Desktop Virtualization

Compute and Storage (HW)

Hypervisor

Control and Access Layer

Desktop Layer

User Layer

Infrastructure (Studio, file, AD, SQL, License)

Nutanix Acropolis Hypervisor / Vmware ESX / Microsoft Hyper-V

Desktop Delivery (XD) & Image Controllers (MCS)

Access Controllers (StoreFront) and Networking (NetScaler)

Profile management, golden image, and apps

Nutanix Xtreme Computing Platform

User type and end-points (Receiver)Citrix ShareFile and file services

Numberofvirtualdesktops

SANPerformance

MCSonatraditionalSAN?

SolutiontotheVirtualizationProblem

Built-in Virtualization and Integrated Management

Virtualization

App App

Storage Services

Storage Services

Virtualization

App App

Storage Controller

Storage Controller

Storage Controller

Storage Controller

Server Server

Storage Controller

Storage Controller

MCS on distributed storage benefits?

FurthersimplifyingtheMCSarchitecture!

Simpler configuration in XenDesktop Studio makes your life easier:

Multipleimagecopies

Maintainmultipledatastores

IOissuesandhotspots

More MCS on distributed storage benefits!

VMMovability

ReducedBoottimes

Betterscalability

Linearly Scaling Virtual Desktop Infrastructure

VM

s (D

eskt

ops)

• Scale incrementally one node at a time

• Protect infrastructure investment by eliminating forklift upgrades• Scale storage capacity & performance linearly

Pay-as-you-grow

Number of Nodes

0

0,2

0,4

0,6

0,8

1

1,2

1,4

1,6

1,8

300 600 1200 1500 3000

Seco

nds

Number of Virtual Desktops

Relative Application Performance

Consistent response time while incrementally scaling blocks

Truly Linear ScalabilityPredictable performance for 300 to 3000 desktops

HP, Dell, Cisco, Lenovo

Cisco, HP, Arista, Mellanox

Qlogic, Emulex

EMC, NetApp, HP, Dell, HDS

Cisco, Brocade

VMware, Microsoft, XenServer

Cisco, HP, Arista, Mellanox

VMware, Microsoft

Simplifying the XenDesktop Infrastructure Stack

Network

Scale out compute and storage

Virtualization

Network

Virtualization

Compute

SAN Fabric

Storage

AHV

Nutanix

Built on a Hyperconverged Architecture

Eliminates SAN and NAS

arrays

Workload Mobility and Hypervisor

Choice

Virtual Desktops(running on all nodes)

Nutanix Controller VM(one per host)

Node 2

VM VM VM CVM

X86

Node N

VM VM VM CVM

X86

Node 1

VM VM VM CVM

X86

Local + Remote(Flash + HDD) Distributed Storage Fabric

intelligent tiering, VM-centric management and more…

ü Snapshots ü Clones ü Compression ü Deduplication

Acropolis App Mobility Fabric

Acropolis Hypervisor



CitrixXenDesktop/XenApponNutanixAHV

VM VM VM

VM VM VM

VM

VM

VM

VM

AHV

Nutanix AHV is

Citrix XenApp/XenDesktopCitrix NetScaler VPX*Citrix ShareFileCitrix Cloud

CitrixStoreFront

XenDesktop Delivery Controller

AHV

Citrix Sharefile & File services

SQL Server & Infra /network services

Citrix Studio, Director

VM

CitrixNetScaler VPX

Native Citrix Studio Integration

Citrix– NutanixIntegrationProduction

ReadyforAHVIntegratedManagement FastProvisioning

NovTax torunCitrixonNutanix FullyintegratedwithDesktopStudioUI

Highspeedimageupdatesandoperations

IncludesNutanixstandardbenefits• Shadowclonesandboot-stormhandling• Rapidtroubleshootingandclearopsline-of-sight• Linearscalingandpay-as-you-growconsumptionmodel

MCSarchitecturewithNutanixAHVCitrixStudio

CitrixServices

ProvisioningSDK

PSCmdlets

MCS–AHVinterface

Nutanix AHVpluginneedstobeinstalledonallXDcontrollers

RESTAPI

Services:BrokeringHost

MachineCreationADIdentity

snapshot

CloningID

PowerManagement&Provisioning

XenDesktopController

Goingdistributedsimplifiesthings..Before After

Werkplek 3.0: maximaal beheersbaar & veilig

Door Jaap-Sander de Vries, AppSense

“SET THE USER FREE” e n d p o i n t s e c u r i t y s i m p l i f i e d

AppSense now part of the LANDESK family

“Set the User Free”

Simplicity Flexibility

User ExperienceSecurity

Productivity

Mobile

VIRTUALPHYSICAL AND

UNMANAGEDMANAGED AND

BYODCOPE AND

PERSONAL APPSCORPORATE APPS AND

PERSONAL DATACORPORATE DATA AND

IT’S NEVER OR

I.T. MANAGED

USER MANAGED

Delivering a secure and cost effective workspace has become very complex.

• Endpoint manageability• Profile management• Reducing overhead, IT

Ops time and effort• Reducing user

inconvenience and IT helpdesk calls

• Improving operational efficiency

• User analytics

Simple Desktop IT Administration• Ransomware, phishing,

social engineering• Unnecessary privileges• Eliminate vulnerabilities• Audit & Compliance• Increase visibility• Holistic approach and

ecosystem

Effective Endpoint Security

• Performance• Flexibility & control• Consistency• Availability – no downtime or disruptions

Excellent User Experience

Deliver Productive, Secure Cost Effective Workspace

Users want to Personalize their workspace and access their Data. IT wants to manage Policy, Privilege, Performance and Analytics for each user.

Combined, these elements define User DNA™

Workspace Management

IT Settings

User Settings+

= User DNA™

AppSense unlocks User DNA™

so IT can manage it independently.

Personalization

Policy

Privileges

Performance

Data Access

Analytics

User DNA™ is stored, managed and distributed from a central AppSense database, leveraging the AppSense platform. IT gets granular, contextual control allowing User DNA™ to follow the user, creating a seamless workspace experience.

AppSenseDatabase

Physical Virtual Cloud

Workspace Management

Creating a Balanced Portfolio

PatchManagement

Endpoint SecurityConfiguration Management

Physical, Virtual& Mobile

ServiceManagement

AssetManagement

User Environment Management

Security

An

aly

tics

an

d D

ash

bo

ard

s

EnvironmentManagement

PrivilegeManagement

ApplicationControl

File & ProfileMigration

A Balanced Approach- Gartner Model of PC Lockdown

Endpoint Security Best Practices

Getting breached is inevitable

Threat Landscape has changedSoftware vulnerability exploitation continues to be a primary vector for attack, malware become more sophisticated and a revenue-generating activity for attackers.

The perimeter is no longer your best defense“De-perimeterisation” of networks now extends to on-premise, public cloud, private cloud, Software as a Service (SaaS), Infrastructure as a Service (IaaS) and the biggest headache of all is these hybrid networks have to be accessed anywhere, anytime and using any device.

Business enablement & AgilityContinuous emphasis on business enablement as

well as user productivity & experience

Endpoints & User BehaviorThe endpoint is the new perimeter and negligent, careless employees not following policy are IT’s biggest threat

Windows desktops, Mac’s and Apps are multiplying

Efficient workspace management in complex / heterogenic IT environments

Where are we today?

Internal Pressures External Pressures

Changing Threat Landscape

Changing Demands on Communication & Collaboration

By Workforce

Network Perimeteris Dissolving

Increasing Regulatory Demands

Business Enablement, Innovation & Agility

User Productivity & Security Awareness

IT Security &

User

Today’s Challenges

“Well-planned application control deployments are effective at blocking malware infections and targeted attacks, and have the additional benefits of reducing the operational burden of uncontrolled application sprawl” – Gartner

“The Time Is Now To Protect Your Digital Workforce With A Reinvigorated Endpoint Security Strategy” – Forrester

“Adopt a least privilege strategy and strictly enforce access control” –Forrester

“Application control can be useful — particularly for stopping advanced attackers and securing unsupported operating systems” – Securosis

De-Perimeterisation –The Endpoint Is “The New Perimeter”

Common Security Weakness

§ Almost all forms of attack use privilege escalation when installing malware that needs administrative privileges.

§ Phishing, which continues to be the most common front end for damaging attacks, is used to obtain user credentials from which to start the escalation, and phishing succeeds because of poor hygiene in application and privilege management.

85% of all Critical vulnerabilities documented in the report can be mitigated by removing admin rights *2015 Microsoft Vulnerabilities Report

99.5% of all vulnerabilities reported in Internet Explorer in 2015 could be mitigated by removing admin rights *2015 Microsoft Vulnerabilities Report

86% of reported vulnerabilities come from 3rd party applications. *National Vulnerability Database

In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications. *HP Cyber Risk Report 2016

Malware Monetization and Application Vulnerabilities

The average ransom discovered to date in 2016 stands at US$679, up from $294 in 2015 *ISTR Ransomware & Business, Symantec

Feb 2016, the Hollywood Presbyterian Medical Center(HPMC) paying the attackers’ demand of US$17,000

Missing Patches

• Third Party• MS Office• Adobe• Java

01Dangerous Applications

• Media• Runtimes• Web browsers

02

Misconfigured User Access

• Admin rights• Least Privilege• Password

Management

03

Unprotected Data

• Sensitive Data• Unencrypted• Multiple

Storage

04

Endpoint Security Threats

Patching

• Clear visibility on all endpoints

• Effective Detection

• Automatic Policy Enforcement

• Single Management Console 01

Unhazardous Applications

• Minimize exposure

• Automatic uninstall

• Application Whitelist/Blacklist

• EPC for remote connections02

Proper User Access

• Remove Admin rights

• Determine Least Privilege

• Automate Elevation

• User self-service Portal

03

Data Protection

• Enable Data Encryption

• Automated Scans

• Protect External

Media• Backup and

Recovery

04

Endpoint Security Best Practices

By AppSense

CATCHPATCHMATCH

Strategic Approach & Benefit

MITIGATES AT LEAST

OF TARGETED CYBER INTRUSIONS• National Security Agency, Information Assurance Guidance, www.nsa.gov/ia/mitigation_guidance/• Australian Government Department of Defence, Strategies to Mitigate Targeted Cyber Intrusions,www.asd.gov.au/infosec/mitigationstrategies.htm

PATCHApplications and Operating System

CATCHMalicious software with

a Whitelist

MATCHThe Right People with

the Right Privileges

Control 5 & 14

‘Center for Internet Security’

Continuous Vulnerability Assessment & Remediation – Strong Patch Management

Application Control & Privilege

Management

CSC version

6

Control 4

SANS Institute Critical Security Controls

For a complete copy of the SANS Institute report, “Updates to the CSCs: More Effective Threat Protection with Privilege Management and Application Control,” visit http://bit.ly/1TsYvFB

No business disruptionOR huge increases in

help desk calls as legitimate software and business-critical access

are blocked.

PRODUCTIVITY

Preventing attackers from using

Administrative privileges or user

access rights, raising the bar against both installing/executing

software and reading/modifying

sensitive data.

PREVENT

Actively managing which executables can run on a PC or

server presents a high barrier to malware.

PROTECT

Application Control / Whitelisting &

Privilege Management should

be seen as high-payback, quick win

ROI

Critical Security Controls - Need PayOff

Introducing…AppSense Endpoint Security

§ Privilege Management§ Application Control with Trusted Ownership™§ Granular Exceptions§ Prescriptive Security Analytics § Automated Patch Management

APPLICATION CONTROL

& PRIVILEGE MANAGEMENTPragmatic Endpoint Security that Puts Users First


Application Control (Control 5) & Privilege Management(Control 5 & 14)

Kernel - level Physical &Virtual

Online & Offline

Malware (Ransomware)

Protection/ Application

Control

Context-basedApplication

Access

LeastPrivilege

Management

A Practical Means To Protect Your Attack Surface

Regain Control of ApplicationsRegain control of applications running across the business without locking down your users

Use cases – Security and beyond

• Deploy all users as standard users

• Assign privilege to individual applications based on user roles and needs

• Prevent execution of unauthorized applications

PROTECTProtects against zero-day attacks by preventing malicious software from executing

CONTROL EXECUTIONApply precise control over how authorized applications execute and whether applications can launch other applications to prevent stealth rootkits from infiltrating your enterprise systems.

RANSOMWARE CONTINUOUS TO RISERansomware is not going away any time soon, because the business model offers high reward for minimal effort. Compared to 2015’s 29 ransomware families, 79 new families already emerged this year

PREVENTPrevents malware from running when your host system reboots. Also locks down the registry until rights are approved by the IT administrator

01

02

03

04

Protect Against Ransomware

Source: TrendLabs 2016 Security Roundup

Detection name: Trojan.Cryptolocker.AFRansom amount: 0.5 to 1 bitcoin ($200 to $400 on February 2016 rates)Discovery: February 2016Known infection vectors: Spam campaigns, Neutrino exploitkit, Nuclear exploit kit

Locky Ransomware

Stop applications carrying possible risks and ones unsuitable for business networks:• PokerStars had Odlanor Trojan malware (Win32/Spy.Odlanor

), • Trillain IM a strain of the Reveton ransomware family – Pony

Stealer and • Kickass Torrents is so full of malware that Chrome and

Firefox now block it.

Do not allow non-trusted, unsupported /unpatched or risky applications and plug-ins without requiring ‘whitelisting enforcement and automated patching:New skype malware (2016, April 25); trojan dubbed T9000 that can record video calls, audio calls and chat messagesAdobe Air ; This particular product from Adobe is a cross-platform system used for building desktop and mobile apps. In 2015 no less than 17 vulnerabilities have been identified in this piece of software. And it’s not the only one on your computer!’

01

02

Eliminate Unwanted Applications

Productivity & Security

Control Panel –uninstall program

Task Manager –kill process

Regedit / Command

Action Example Solution

Install Applications

Change Configurations

Remove Patches & Uninstall Software

Defeat Security Tools

control.exeDenied Application:

Denied Application:

cmd.exeregedit.exe

taskmgr.exeDenied Application:

Application Control:

Downtime costsTime IT spends on

troubleshooting and malware-related issues

DatalossLoss of company records, customers’ personally identifiable information (PII), or intellectual property, reputational damage

RansomThe average ransom demand has more

than doubled and is now $679, up from $294 at the end of 2015

Financial costsHelpdesk, incident response and other security-related solutions in response to ransomware.

Legal & Regulatory costso Wet Meldplicht Datalekken penalty max €820.000 or 10%

previous year bookings, o EU GDPR penalty lower threshold €10M or 2% Global

Annual Turnover

Sustainable workplaceStandard workspace cost and exceptions to the build / management

Cost Effectiveness

System Level Visibility

System Level(ActiveX controls, VBscripts, batch files, MSI packages and registry configuration files, .exe,

.dll processes, App launches, binaries created, drivers, etc.)

Intelligence



Application Control by :Trusted Ownership – IT Admin or Service AccountWhite / BlacklistingDigital Signatures

Control



Application Control by: Trusted Ownership – IT Admin or Service AccountWhite / BlacklistingDigital Signatures

Network Access Control - Application TerminationApplication Control - URL Redirection - Rights Management – Self Elevation –

Win Store App Control

Prevent & Awareness



Application Control by means of Trusted Ownership – IT Admin or Service AccountWhite / BlacklistingDigital Signatures

Quarantine Block Warn Dialogue Monitor Educate

Network Access Control - Application TerminationApplication Control - URL Redirection – Privilege Management – Self Elevation –

Granular Exceptions & Contextual Aware - Win Store App Control (Win8/8.1/10)

Response



Application Control by: Trusted Ownership – IT Admin or Service AccountWhite / BlacklistingDigital Signatures

Quarantine Block Warn Dialogue Monitor Educate

Auditing / Monitoring Advanced Reporting Application Admin Rights Discovery Evidentiary Forensics License Management

Network Access Control - Application TerminationApplication Control - URL Redirection - Rights Management – Self Elevation –Granular Exceptions & Contextual Aware - Win Store App Control (Win8/8.1/10)

PATCH & PROTECTSimplified OS & Application Patch Management


Control 4: Continuous Vulnerability Assessment & Remediation –Strong Patch Management

Automated Patch Management Value Proposition

Increase security, reduce costs

• Look for unpatched systems

• Solve the patch management problem

• Add security to native email apps

• Decrease overpayment of unused software

Easy-to-use solutions for enterprise problems

• Simple point solutions with maximum power

• Easy to install, configure, and use

• Protect data center, endpoints, and virtual environments

Maximize the value of SCCM

• Increase functionality of Microsoft System Center Configuration Manager (SCCM)

• Add third-party patching

• Add software asset and license management

MicrosoftoperatingsystemsandapplicationsnotpatchedbyWSUS

Patch&Protectcoversalloftheseapplications(1.800andmore…)

• 7-Zip• AdobeAcrobat,Flash,Reader• AdobeAIR,Bridge,Illustrator,In-Design,

Photoshop,ShockwavePlayer• ApacheTomcat• AppleAppSupport,iTunes,QuickTime• Autodesk360andAutoCAD• Citrix• SalesforceChatterDesktop

.NETFrameworkAccess2000Excel2000,ExcelViewerFrontPageServerExtensionsHyper-VInternetExplorerforXP*InternetInformationServicesExpressions

• ClassicShell• FileZilla• MozillaFirefox• GoogleChrome,ChromeFrame• GoogleDesktop,Earth,Picasa,Talk• Sun/OracleJava• RealPlayer,RealVNC FreeEdition• Safari

Publisher2000SharePointSkyDriveProVisio,VisioViewerWindowsMediaPlayerWindowsXP*Word2000,WordViewer

Andmore…

• LibreOffice• Notepad++• SeaMonkey• Opera• VMwareESXi• Winamp,WinRAR,WinZip• Wireshark• YahooMessenger

WSUS/SSCMonlycoverscurrentMicrosoftOS’sandapplicationsLync2010,2013BizTalkServerSQLServer2000,2005,2008,2012VisualStudio2005,2008,2010,2012,2013OfficeCommunicator2007Office2002,2003,2007,2010,2013

SilverlightSystemCenter2012SkypeForeFrontBing

Windows7,8,8.1,RT,RT8.1,VistaWindowsServer2003,2008,2012WindowsLiveWindowsEssentialBusinessServerExchangeServerActiveDirectoryRightsManagementServer

FASTSearchServerFrontPageMSNMessengerOffice2000OfficeCommunicator2005OneNoteOutlook2000,OutlookExpressPowerPoint2000Project2000

* PatchdataprovidedifthecustomerenrollsinMicrosoft’sextendedXPsupportprogramaswellasShavlik’s custompatchsupportprogram.

ComprehensivePatchManagement

Security EcosystemVisibility, Simplicity and Control

Visibility, Simplicity & Control

Microsoft System Center

Native plug-in to the SCCM console for comprehensive MS & Third-Party patching

Business Intelligence for IT

Consolidate data from multiple datasources to provide an end-to-end view of your

business

SIEM / Analytics

Fully documented Reporting Views with our product to allow you to extract data from Protect to pull into solutions like Splunk, Reporting Services, Archer,

Crystal Reports, etc.

Vulnerability Assessment

Automate the process of the latest vulnerability assessment being imported into the next batch

of patches

Management Center & Insight

Control all aspects of the user from a central location, deploying and managing tailored policy

and user personalization settingsDrive better decision-making through actionable

intelligence..

6 Simple Reasons Why this Approach Works

PRODUCTIVITY & SYSTEM STABILITYJust because an application is not malware doesn’t mean it is good. Efficient patching helps improve productivity, reduce downtime, malware, increase performance

PRACTICAL & EFFECTIVE SECURITYTrusted application & least privilege management /

automated Patching to fix security vulnerabilities

VISIBILITY & CONTROLHolistic approach to endpoint security by connecting to SIEM and to automate the process of the latest vulnerability assessment being

imported into the next batch of patches

IMPROVE USER AWARENESSRather than blindly enforcing policies, AppSense uses electronic notifications to educate employees as to why their actions were blocked in the first place.Simple explanation can actually decrease the volume of policy violations by up to 90%.

COST EFFECTIVEBridges the endpoint gap between IT Ops

and security to reduce operational costs while improving security posture

COMPLIANCYFailure to comply to local and international laws &

regulations can result in losing opportunities, incurring legal and financial penalties or even losing

your business.

AppSense Endpoint SecurityAllows desktop and InfoSec teams to protect endpoints and enable regulatory compliance without degrading the user experience.

ProtectionIdentify and block unauthorized applications from runningAutomate Microsoft and third-party application patch assessment and deploymentEnforce software licensing and ensure complianceDetect suspicious endpoint behaviour

User Experience & ProductivityManage user privileges and policies at a highly granular levelAllow user self-elevationMonitor admin rights and self-elevation trends

Thank youContact UsJorrit van EijkJaap-Sander de Vries

Entrada 501, 1096 EH Amsterdam

0031 (0)20 3701282

facebook.com/appsensebnl

@appsense

De vertaling naar een uitvoerbare roadmap

Door Frans Loth, ICT-Partners

Workspace roadmap

SIMPLESCALABLE SECURE

Afsluiting

Door Harry Beekman, ICT-Partners

UserSettings

Apps

UserSettings

Apps

UserSettings

Apps

UserSettings

Apps

UserSettings

Apps

Onze oplossingen

ICT-Partners helpt u succesvol te zijn met uw ICT. Wij ontwerpen, implementeren en optimaliseren ICT-omgevingen met de nieuwste

technologieën, die bijdragen aan continuïteit, stabiliteit en kostenbesparing.

Vier segmenten:

• Management

• Front-end

• Back-end

• Datacenter

Kernwaarden ICT-Partners: balans, duurzaam, innovatie

Behe

erw

aard

e: v

eran

twoo

rdel

ijk, b

ehee

rsba

ar, s

chaa

lbaa

r, aa

npas

baar

Gebruiksw

aarde: functionaliteit, toegankelijk, gebruikersgemak, flexibel

Bedrijfswaarde: beschikbaar, integer, veilig

Front-end

Management

Back

up&

Dis

aste

r Rec

over

y Se

rvic

es

Syst

em m

anag

emen

t Ser

vice

s

Secu

rity

Serv

ices

Use

r man

agem

ent S

ervi

ces

Back-end

Datacenter

Management

User Device Services Desktop Delivery Services

Application Delivery Services Data Delivery Services

User Workspace Management Services

Application Services Data Services

Server Services Infrastructure Services

Compute Services Network Services

Storage Services Housing Services

Architectuurplaat

Optimalisatiepad

scansworkshops

adviesrapport

vernieuwingstraject

overdracht verbeterplan

Klanttevredenheid

Organisatiescans• Gebruikersscan• Processcan

Infrastructuurscans• Applicatiescan• Desktopscan• Netwerkscan• Beveiligingsscan

Workshops• Visie & Scope• Desktopvirtualisatie• Desktopdeployment• Uservirtualisatie• Functionaliteiten Skype for Business• Windows 7, 8 of 10• Office 2016 of Office 365• Applicatievirtualisatie• Beveiliging

Partners

Referenties

Bedankt!

ICT-PartnersVosselmanstraat 27311 CL ApeldoornT 055 528 22 22E [email protected]

Hoofdweg 2909765 CN PaterswoldeT 050 364 31 02E [email protected]

The next step in workspace | Simple, Scalable, Secure

Technology