security imperatives in a new workplace partnering to protect digital information in the 21st...
TRANSCRIPT
Security Imperatives in a New Workplace
Partnering to Protect Digital Information in the 21st Century
Presented by Michael Ferris, Alaska Enterprise Solutions
Today’s rising security threats come in various forms, in varying degrees of severity:
2
While others can be extreme… … Such as the Stuxnet virus that paralyzed Iran’s nuclear research facilities.Some occur undetected but are much more severe…
…Such as malicious software, or “malware,” that’s unintentionally installed by a computer user and which causes the user’s computer to conduct illicit tasks via the network on behalf of the malware’s owner.
Some security breaches are obvious but relatively harmless…
… Receiving spam messages, for example.
The real costs of a security breach:
Digital information makes up 49% of an organization’s value.*
•Average cost of each compromised record per breach: $214**.
•Average organizational cost of a data breach is $5.5 million**.
*2012 state of information survey.
**Source: “2010 Annual Study: US Cost of a Data Breach.” The Ponemon Institute, LLC, March 2011.
3
By addressing security proactively, organizations can reduce per record cost of breaches by $80**.
Security Policies
Security Breach Costs
End points are connected on networks with increasing risk velocity.
4
Changing Threat Landscape
Devices Go Undetected on the Network
Controlled Network
Today’s MFPs are complex embedded network devices with many potential security vulnerabilities:
Some MFPs have:
• An operating system with a direct external interface
• A proprietary operating system
All MFPs have:
• One or more operating systems
• Network controller and firmware
• One or more hard disk drives
• Web server
• Hardware ports
• Page Description Language interpreters (PS & PCL)
5
MFP Security cannot be an afterthought!
• In a December, 2011 lecture, “Print Me If You Dare,” a research team from Columbia University was able to design malware with capabilities that include:
• Port scanning
• Network exploration
• Exfiltration data from print-jobs
• Security Levels
6
3 Levels of Security
•Perimeter•Machine •Documents
7
Security at the Perimeter
• McAfee Embedded Security
• Cisco TrustSec
• Service Technicians
8
What you need to protect information on the network:
1. “Hands-off, self-protecting” devices that are resilient to new attacks.
2. Compliance with the most up-to-date security standards and regulations.
3. Complete visibility on the network.
9
Hands off Protection: McAfee Whitelisting Technology
10
• Known users• Approved software
Unknown files and software
Normal usage
Attacks
Alerts
• Unknown users• Malicious acts• Polymorphic
zero-day attacks
Known files and software
Whitelisting technology allows only approved software to run
• Management Tools
• McAfee ePO
McAfee Integrity Control
• Proactive/Always active even if mismanaged
• Security is managed at the end point in addition to the network
• Permits secure use of advanced MFP features — user permissions, scanning without fear
• Turns the unknown (bad) into known (good)
11
Compliance: Integration with Cisco TrustSec
• Gain complete visibility on the network
• Automatically identifies printer and MFP devices on the network
• Monitors device activity, similar to PC on the network.
• Reports any suspicious activity and alerts IT administrators.
• Virtually every device is TrustSec compliant – more than any other vendor
12
Service Technicians
• Technicians
• Laptops
• Thumb Drives
• Software
13
14
Protecting the Perimeter: Multilayered Approach
NetworkManagementConsoles
User Endpoints
TrustSec Access Protection
MFPs
Security at the Machine Level
• Common Criteria Certification– HIPAA
– Sarbanes Oxley
• Fax / Network Isolation
15
Security at the Document Level
• Disk/Image overwrite
• Encrypted Hard Disk
• Audit Log
• Secure Print
• Standard Accounting
• Secure Watermark
• Password protected PDF
• Smart Card technology
• Secure Access
• Follow you Print
• Hard Disk Retention
16
The New Security Standard for a New Age
• Security cannot be an afterthought
• Information is an increasingly valuable intellectual property
• Firewalls aren’t enough; security policies must be holistic and ubiquitous
• Protection for embedded devices is now an integral part of today’s security imperative
17