mitigating risk for the mobile worker: novell zenworks endpoint security management overview
DESCRIPTION
Mobility is a fact of organizational life, and administrators have a business imperative to make their end users as productive on the go as they are in the office. But mobile productivity can't come at the expense of security. Attend this session to learn about Novell ZENworks Endpoint Security Management and its role in enabling secure mobile productivity. Keeping your network safe, your data protected and you users productive is more important than ever. Learn how you do all three with comprehensive and centralized endpoint security management solutions from Novell.TRANSCRIPT
Mitigating Risk for the Mobile Worker:Novell® ZENworks® Endpoint Security Management Overview
Ross ChevalierCTO Americas, President Novell Canada Novell, Inc / [email protected]
© Novell, Inc. All rights reserved.2
Agenda
What is Endpoint Security Management?
How are you handling the market reality?
Use cases
What's in ZENworks® Endpoint Security Management today
Discussion around how to get started
Endpoint Security Management
© Novell, Inc. All rights reserved.4
It's All About Balance
Flexibility Control
© Novell, Inc. All rights reserved.5
Seeing Reality
• The workforce has become mobile– At the enterprise level, laptops have
surpassed desktop deployments– Wireless NICs are standard on new PCs
and wireless networks have proliferated– Mobility increases productivity and agility
• A polar relationship– Increased agility and productivity requires
moving data to the endpoint or providing remote access to the data, which increases risks and their associated costs.
• What is the key requirement to enable mobility?
– Remote access to data, which can be either locally stored or accessed via the Internet
© Novell, Inc. All rights reserved.6
Are Your Endpoints Secure?
How much more expensive it can be to fix a data breach than it is to invest in PCI compliance from the very start.320X
Percentage of employees who say they copy sensitive or confidential information onto a USB memory stick.1 69%
of organizations said they would never be able to prove if contents of a laptopwere encrypted if a data breach occurred.183%
Cost to replace a lost laptop (e.g., cost of data breach, lost IP, lost productivity, and legal and regulatory expenses).1 $49,0001 – Ponemon, “The Human Factor in Laptop Encryption”, December 20092 – Ponemon, “Trends in Insider Compliance with Data Security Policies”, June 20093 – Solidcore Systems, Emagined Security, Fortrex, “PCI Compliance Cost Analysis”, December 20074 – Ponemon, “The Cost of a Lost Laptop”, April 2009
© Novell, Inc. All rights reserved.7
Data Breach Sources
© Novell, Inc. All rights reserved.8
Endpoint Security Considerations
• Data - Information that is stored on and/or accessed by a computer• Access - The methods and controls for an
endpoint’s communications• Device - The settings and states of the endpoint
Data Protection + Access Control + Device Health = Endpoint Security
© Novell, Inc. All rights reserved.9
The Pieces to Consider
© Novell, Inc. All rights reserved.10
Mitigating Risk Case 1
• You have mobile users who use a variety of different network services to connect back to head office
• Wireless security training is “unheard”
• You need to be able to control both connection and in-stream security when many of these networks are not secure
• The corporate firewalls don't exist when people are remote
© Novell, Inc. All rights reserved.11
© Novell, Inc. All rights reserved.12
© Novell, Inc. All rights reserved.13
© Novell, Inc. All rights reserved.14
© Novell, Inc. All rights reserved.15
© Novell, Inc. All rights reserved.16
Mitigating Risk Case 2
• The removable storage conundrum• Users get access readily to all kinds of storage options
– Most are “invisible”
• Could result in data leakage or external infections• Turning off the USB ports is a non-starter• Need to be able to control which USB devices can be
connected and active
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634
© Novell, Inc. All rights reserved.17
© Novell, Inc. All rights reserved.18
© Novell, Inc. All rights reserved.19
Mitigating Risk Case 3
• Mobile user may install or “get installed” applications that you don't want to gain access to the system or applications you don't want to run at all
• User must retain some level of administrative authority, because it's Windows and too many things break when administrative authority is removed
• User may “help” by disabling or uninstalling critical software required by the company
© Novell, Inc. All rights reserved.20
© Novell, Inc. All rights reserved.21
© Novell, Inc. All rights reserved.22
© Novell, Inc. All rights reserved.23
© Novell, Inc. All rights reserved.24
Looking at ZENworks® Endpoint Security Management
© Novell, Inc. All rights reserved.26
ZENworks® Endpoint Security Management:Unparalleled Security
Deny:–Undesired apps–Network access for specific apps
Control: –All hw ports–Wi-fi accessEnforce VPN
Allow / deny use of thumb drives, etc.Allow only approved thumbdrivesEncrypt thumbdrive and/or disk folder
NDIS-layer Firewall Stateful with ACL supportNo end-user input req’d
Location-Aware, Self-Defending, Online/Offline Client
Application Control
Connectivity Control
Storage/Copy Control Integrity Control Advanced
Firewall Control
AD // eDirectory™ Integrated Central Control and Reporting
Ensure anti-virus, anti-spyware, etc.Enforce any custom VB or Java ScriptQuarantine via firewall block
© Novell, Inc. All rights reserved.27
Certifications
• The only endpoint security enforcement solution with both patented technology and key U.S. government and industry certifications:
– FIPS 140-2 Certified Cryptomodule– AES Encryption– Common Criteria EAL 4+ Certification (strongest in the space)– IPv6 Compliant– Microsoft WHQL Certified
> Windows Hardware Quality Labs
© Novell, Inc. All rights reserved.28
Summary of Benefits
• Increase agility and productivity while managing associated risk
• Protect data on the endpoint and accessed by the device• Protect system health–increase user up time
and productivity• Decrease overhead
– single console for configuration, management, reporting/alerts
– single agent for security enforcement• Targeted enforcement to address specific issues• Centralize security decisions• Enforcement can not be circumvented
The Other Piece of the Puzzle Network Access Control
© Novell, Inc. All rights reserved.30
Also For Consideration:ZENworks® Network Access Control
• Purpose-built network access control engine– Fast endpoint testing; minimal impact on network
• Tests all categories of end users– Internal, visitors, contractors, home and mobile users, range of
OSs and versions• Multiple endpoint testing options
– Agent-less (via RPC), ActiveX, Persistent agent• Multiple enforcement options
– 802.1x, DHCP, Endpoint-based, Inline, Cisco NAC• Testing depth: hundreds of off-the-shelf tests• Enterprise scalable
– Hundreds of thousands of endpoints
© Novell, Inc. All rights reserved.31
Network Access Control: Internal, Pre-connect Security is The Priority
• The majority of security incidents are the result of internal actions• For the majority of respondents, pre-connect NAC is a priority
over post-connect NAC
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Security Incidents
61%Internal 39%
Perimeter
Source: PricewaterhouseCoopers
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
High Priority NAC
80%Pre-Connect
20%Post-Connect
Source: Gartner
© Novell, Inc. All rights reserved.32
Flexible Testing + Flexible Enforcement= Full Coverage
Your Network
Enforcement Options
Your Network
Testing OptionsNovell® NAC
Testing and Enforcement Options for Coverage of all Endpoints
ActiveXControl
Agent-less Agent Inline (VPN)
EndpointBased 802.1x DCHP
EnforcementThrough Cisco's NAC architecture
LAN Connected Branch Office Remote-VPN, RAS Wireless Visitor/Contractor
Where to Start?
Questions and Answers
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.