Security Imperatives in a New Workplace

Partnering to Protect Digital Information in the 21st Century

Presented by Michael Ferris, Alaska Enterprise Solutions

Today’s rising security threats come in various forms, in varying degrees of severity:

2

While others can be extreme… … Such as the Stuxnet virus that paralyzed Iran’s nuclear research facilities.Some occur undetected but are much more severe…

…Such as malicious software, or “malware,” that’s unintentionally installed by a computer user and which causes the user’s computer to conduct illicit tasks via the network on behalf of the malware’s owner.

Some security breaches are obvious but relatively harmless…

… Receiving spam messages, for example.

The real costs of a security breach:

Digital information makes up 49% of an organization’s value.*

•Average cost of each compromised record per breach: $214**.

•Average organizational cost of a data breach is $5.5 million**.

*2012 state of information survey.

**Source: “2010 Annual Study: US Cost of a Data Breach.” The Ponemon Institute, LLC, March 2011.

3

By addressing security proactively, organizations can reduce per record cost of breaches by $80**.

Security Policies

Security Breach Costs

End points are connected on networks with increasing risk velocity.

4

Changing Threat Landscape

Devices Go Undetected on the Network

Controlled Network

Today’s MFPs are complex embedded network devices with many potential security vulnerabilities:

Some MFPs have:

• An operating system with a direct external interface

• A proprietary operating system

All MFPs have:

• One or more operating systems

• Network controller and firmware

• One or more hard disk drives

• Web server

• Hardware ports

• Page Description Language interpreters (PS & PCL)

5

MFP Security cannot be an afterthought!

• In a December, 2011 lecture, “Print Me If You Dare,” a research team from Columbia University was able to design malware with capabilities that include:

• Port scanning

• Network exploration

• Exfiltration data from print-jobs

• Security Levels

6

3 Levels of Security

•Perimeter•Machine •Documents

7

Security at the Perimeter

• McAfee Embedded Security

• Cisco TrustSec

• Service Technicians

8

What you need to protect information on the network:

1. “Hands-off, self-protecting” devices that are resilient to new attacks.

2. Compliance with the most up-to-date security standards and regulations.

3. Complete visibility on the network.

9

Hands off Protection: McAfee Whitelisting Technology

10

• Known users• Approved software

Unknown files and software

Normal usage

Attacks

Alerts

• Unknown users• Malicious acts• Polymorphic

zero-day attacks

Known files and software

Whitelisting technology allows only approved software to run

• Email

• Management Tools

• McAfee ePO

McAfee Integrity Control

• Proactive/Always active even if mismanaged

• Security is managed at the end point in addition to the network

• Permits secure use of advanced MFP features — user permissions, scanning without fear

• Turns the unknown (bad) into known (good)

11

Compliance: Integration with Cisco TrustSec

• Gain complete visibility on the network

• Automatically identifies printer and MFP devices on the network

• Monitors device activity, similar to PC on the network.

• Reports any suspicious activity and alerts IT administrators.

• Virtually every device is TrustSec compliant – more than any other vendor

12

Service Technicians

• Technicians

• Laptops

• Thumb Drives

• Software

13

14

Protecting the Perimeter: Multilayered Approach

NetworkManagementConsoles

User Endpoints

TrustSec Access Protection

MFPs

Security at the Machine Level

• Common Criteria Certification– HIPAA

– Sarbanes Oxley

• Fax / Network Isolation

15

Security at the Document Level

• Disk/Image overwrite

• Encrypted Hard Disk

• Audit Log

• Secure Print

• Standard Accounting

• Secure Watermark

• Password protected PDF

• Smart Card technology

• Secure Access

• Follow you Print

• Hard Disk Retention

16

The New Security Standard for a New Age

• Security cannot be an afterthought

• Information is an increasingly valuable intellectual property

• Firewalls aren’t enough; security policies must be holistic and ubiquitous

• Protection for embedded devices is now an integral part of today’s security imperative

17