Why Application Control is Vital for IT Security

The Case for Application Control

With Jeff JamesSecurity Columnist, Windows IT Pro

Meet our Expert

Jeff James is industry news analyst for Windows IT Pro. He was previously editor in chief of Microsoft TechNet Magazine, was an editorial director at the LEGO Company, and has more than 15 years of experience as a technology writer and journalist.

What is Application Control?

Windows Server 2008 and Windows 7 are the most secure versions of Windows ever. Yet even with aggressive patching and updating of server and client OSes, far too many third-party and “rogue” apps create security vulnerabilities.

An effective IT security posture needs to include avoidance of dangerous apps and effective management of approved third-party applications.

“Microsoft: Windows is Secure, Applications Not So Much” – Paul Thurrott, Windows IT Pro

Application Control Growth

“Organizations are looking to application control solutions to augment signature-based antivirus protection and to exert more control over endpoints. Although this space has been dominated by the smaller vendors, larger endpoint protection and management providers are entering the market.” -- Gartner Analysts Neil MacDonald and Michael A. Silver

Application Control Tips

1. Embrace Patch Management2. Limit Admin Rights and Privileges3. Leverage Windows 7 User Access Control (UAC)4. Explore Windows 7 AppLocker5. Consider Whitelisting Software6. Bonus Tip: Use Data Protection

Tip #1- Embrace Patch Management

Keeping your OS, clients, and third-party applications patched an updated is a must. Here are some IT patch management tips from Windows IT Pro author Orin Thomas:

•Determine which updates have already been deployed•Prevent update traffic from saturating WAN links•Prevent update installation from interrupting end users' computer use•Test updates before deployment

Resource: “Solve 4 Common Patch Management Problems” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 103599

Tip #2 - Limit Admin Rights and Privileges

Limit the rights assigned to administrator accounts as much as possible, and use restricted groups policies to restrict membership of sensitive groups. Configure accounts to expire on a regular basis.

Tip #3 – Leverage Windows 7 User Access Control (UAC)

UAC – when managed properly – can be a helpful tool in an IT administrator’s application control toolbox.

Tip #4 - Explore Windows 7 AppLocker

Applocker – a feature found in Windows 7 Ultimate and Enterprise -- can be used to prevent unlicensed software, stop users from running unauthorized applications, and only allow users to run approved applications and software updates.

Resource: “AppLocker in Windows Server 2008 R2 and Windows 7” by Jan DeClercq - www.windowsitpro.com - InstantDoc ID 104625

Tip #5 – Consider Whitelisting Software

Anti-virus (AV) and anti-malware software are important parts of any IT security toolbox, but the reality is that traditional signature-based AV doesn’t provide effective protection by itself in today’s threat environment. In addition to AV, implement an application white listing solution such as Microsoft AppLocker or a more robust and comprehensive third-party solution.

Resource: “Comparative Review: Application Restriction Products” by Orin Thomas - www.windowsitpro.com - InstantDoc ID 129350

Bonus Tip - Use Data Protection

Create and enforce policies that outline best practices for data use and protection, including encryption usage and policies for removable media. Enforcing these policies will decrease the likelihood of manually-delivered malware and other malevolent software from attacking your network.

Security Resources

Windows IT Pro Security pagehttp://www.windowsitpro.com/categories/category/Security.aspx

Windows IT Pro Security Bloghttp://www.windowsitpro.com/blogs/security.aspx

Russell Smith’s Least Privilege Security Bloghttp://leastprivilegesecurity.blogspot.com

Q & A

For follow up information, contact Jeff James at [email protected] or on Twitter at @jeffjames3.

Thank You!

Lumension® Intelligent Whitelisting™

Integrated Endpoint Protection usingLumension® Endpoint Management and Security Suite

Chris Merritt, Solution Marketing

Changing Role of IT

15

Enabling the Use of New Technology

» Major Shift For IT Security

» It’s now IT’s job to say YES!

Growing Application Centric Risk

» Social networking applications were detected in 95% of organizations.

» 78% of Web 2.0 applications support file transfer.

» 2/3 of applications have known vulnerabilities.

» 28% of applications were known to propagate malware.

Source: Palo Alto Networks Application Survey, 2010

16

Using Lumension Intelligent Whitelistingto Mitigate Application Risk

Defense-in-Depth Against Malware

Typical Approach • Multiple layers

» Antivirus» Patching

18


Typical Approach • Multiple layers

» Antivirus» Patching

However, both are: • Reactive• Negative security model • Straining to deal with pace and sophistication of today’s financially- and politically-motivated attackers

19


For real defense-in-depth • Additional layer needed• Fundamentally different approach

Application Whitelisting• Proactive• Positive security model

20

Malware

Application Whitelisting

Authorized•Operating Systems•Business Software

Known• Viruses• Worms• Trojans

Unauthorized•Games•iTunes

•Shareware•Unlicensed S/W

Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware

ApplicationsU

n-T

rust

ed

21

Intelligent Whitelisting

Lumension Endpoint Management and Security Suite

L.E.M.S.S.

Discovery & Agent DeploymentRole Based Access ControlHW/SW Inventory Assessment

Enhanced Wake-on-LANActive Directory SynchronizationCentralized Reporting

Scalable | Single Extensible Agent | Modular Products | Secure

22



L.E.M.S.S.




Device Control

•Control Removable Devices•Enforced Encryption for Removable Storage•Filename Tracking & Full File Shadowing Audits

23



L.E.M.S.S.

Patch & Remediation

•Heterogeneous Support•Broadest 3rd Party Vulnerability Content •Automated Baselines•Advanced Patch Deployment and Reboot Control




Device Control

•Control Removable Devices•Enforced Encryption for Removable Storage•Filename Tracking & Full File Shadowing Audits

24



L.E.M.S.S.

AntiVirus

•Comprehensive Malware Signature Database•Variant and Exploit Detection •Sandbox Analysis•Run-time Scanning

Patch & Remediation





25



L.E.M.S.S.

AntiVirus

•Comprehensive Malware Signature Database•Variant and Exploit Detection •Sandbox Analysis•Run-time Scanning

Application Control

•Application Whitelisting•Simplified Whitelist and Policy Creation•Automated “Trust Engine” whitelist maintenance•Deny unwanted Applications

Patch & Remediation





26

Better Visibility and Control

• Easy Lockdown - discovers all local applications and creates a local whitelist

» Discovers everything» Accounts for all variations

• Application Library - aggregates all snapshot discovery results centrally

» Central visibility» Flexible application grouping with details (hash,

name, certificate, path, etc.)

• Application Event Log - provide intelligence around how applications are being used, how they were introduced, and how prevalent they are

• Easy Auditor - identifies change control policy violations through real-world analysis

29

Eliminate Unwanted Applications

•Easily stop unwanted, unsupported or risky applications and plug-ins» Immediate and simple risk mitigation

» Does not require “whitelisting enforcement”

Denied Application Policy prevents unwanted applications even if they are already installed

Easily remove unwanted applications with Lumension Patch and Remediation

30

Reduce Local Admin Risk

Control Panel – uninstall program

Task Manager – kill process

Regedit / Command

Action Example How Lumension Stops

Install Applications

Change Configurations

Remove Patches & Uninstall Software

Defeat Security Tools

control.exe

Denied Application:

Denied Application:

cmd.exeregedit.exe

taskmgr.exe

Denied Application:

Application Control:Easy LockdownTrust Engine

31

The Efficiency of Antivirus

Lumension Intelligent Whitelisting


The Flexibility and Ease Of Use

The Effectiveness of

Application Control

32

Multiple Consoles• 3 – 6 different management consoles (avg range)

Agent Bloat• 3 – 10 agents installed per endpoint (avg range)• Decreased network performance

Lack of Control• 54% of IT security professionals cite managing

security complexity as their #1 challenge• Decreasing visibility and disparate data• Ad hoc monitoring of security posture• 43% of existing access rights were either excessive

or should have been retired

Increasing TCO of Point Products• Integration and Maintenance

Endpoint Protection Complexity

33

With Lumension Device Control, You Can …

34

Defense-in-Depth with Intelligent Whitelisting

Known Malware

Unknown Malware

Unwanted, Unlicensed, Unsupported applications

Application Vulnerabilities

Configuration Vulnerabilities

AntiVirus X X

ApplicationControl

X X

Patch & Remediation

X X

Security Configuration Management

X

35

A Complete Defense With Lumension

Intelligent

Whitelisting

Fir

ewal

l /

IPS

An

ti-M

alw

are

Pat

ch M

anag

emen

t

Physical Access

36

Next Steps

• Lumension® Intelligent Whitelisting™ » Overview

• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx

» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx

• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.

• www.lumension.com/special-offer/App-Whitelisting-V2.aspx

» Using Defense-in-Depth to Combat Endpoint Malware• l.lumension.com/puavad

» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx

37

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

[email protected]

http://blog.lumension.com

Why Application Control is Vital for IT Security

Technology

security resources windows

windows server

application control

application control

security vulnerabilities

security toolbox

application risk

privileges leverage