Post on 10-Apr-2017
transcript
.
Chris Sherman | Forrester Research, Senior AnalystGrant McDonald| Intel Security, Senior Product Manager
Rethinking Current Endpoint Security Strategies
Rethinking Current Endpoint Security
StrategiesChris Sherman, Senior Analyst
May 2016
© 2016 Forrester Research, Inc. Reproduction Prohibited
Orgs continue to struggle with targeted attacks
Publicly reported cyber incidents and breaches in the US
Source: Cyberfactors, LLC
© 2016 Forrester Research, Inc. Reproduction Prohibited 5
This Much Is Clear: Traditional
Endpoint Security Approaches
Have Failed
© 2016 Forrester Research, Inc. Reproduction Prohibited 6
We are hyper focused on the
WRONG things
© 2016 Forrester Research, Inc. Reproduction Prohibited 7
Organizations Must Refocus Their
Endpoint Security Strategies
© 2016 Forrester Research, Inc. Reproduction Prohibited 8
The Targeted-Attack Hierarchy Of Needs
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 1: An Actual Security Strategy
© 2016 Forrester Research, Inc. Reproduction Prohibited 10
Expense in Depth
© 2016 Forrester Research, Inc. Reproduction Prohibited 11
Return on Expense in Depth?
© 2016 Forrester Research, Inc. Reproduction Prohibited 12
Components of a sound strategy
› Adopt principals of the Zero
Trust model
› Data driven security not alert
driven security
› Data driven security is really
business driven security which
is supported by executives
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 2: A Dedication To Recruiting And Retaining Staff
© 2016 Forrester Research, Inc. Reproduction Prohibited 14
Double down on higher education
› There is intense
competition between the
emerging cyber programs
› Make them more
competitive; join advisory
board drive curriculum that
produces capable
graduates
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 3: A Focus On The Fundamentals
© 2016 Forrester Research, Inc. Reproduction Prohibited 16
A Focus On The Fundamentals
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 4: An Integrated Portfolio That Enables Orchestration
© 2016 Forrester Research, Inc. Reproduction Prohibited 18
Friction?
› “Create friction for the
attacker. Slow them down
and make their job more
difficult.”
› What about all the friction
we create for ourselves?
› Most orgs don’t have the
resources to automate
their InfoSec processes.
© 2016 Forrester Research, Inc. Reproduction Prohibited 19
What can you do?
› Invest in software
development staff
› Prioritize vendors that
integrate and automate
between the endpoint and
network layers
› Pay attention to vendors
who see the need and are
developing solutions.
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 5: Prevention
© 2016 Forrester Research, Inc. Reproduction Prohibited 21
Prevention is shifting
› Traditional approaches to
prevention will continue
› If you can prevent an
action, why not?
› Prevention with threat
intelligence
• Command and Control
indicators should be used to
prevent communications
© 2016 Forrester Research, Inc. Reproduction Prohibited 22
Prevention begins and ends with attack surface reduction
Photo credit: Jan Stromme, Bloomberg Business
© 2016 Forrester Research, Inc. Reproduction Prohibited 23
A combination of tools is necessary for max attack surface reduction
© 2016 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs
Need No. 6: Detection & Response
© 2016 Forrester Research, Inc. Reproduction Prohibited 25
Detection
› Detection is the only option
when dealing with higher tier
adversaries
› No single control is your
breach detection system
› Your aggregate controls and
your people are your breach
detection system
© 2016 Forrester Research, Inc. Reproduction Prohibited 26
Response
› Once you have
identified malicious
activity, how do you
respond?
› Is your remediation a
reimage?
› Time to containment
and remediation will
never improve without
automated response
© 2016 Forrester Research, Inc. Reproduction Prohibited 27
To be successful, an endpoint
security strategy must balance
prevention with detection
© 2016 Forrester Research, Inc. Reproduction Prohibited
Effective endpoint security tools orchestrate between the three key functions
Prevention Detection Control
© 2016 Forrester Research, Inc. Reproduction Prohibited
Recommendations
1. Evaluate your own endpoint sec portfolio and
identify gaps/areas of overlap
2. Restrict your attack surface with app control
and targeted patch management
3. Extend your visibility into endpoint behavior for
more effective threat detection
4. Integrate network and endpoint security
controls where possible
.
30
Integrated Protection, Detection and Correction
Grant McDonaldEndpoint Security Product Manager
.
31
Problems & OutcomesWhat do Next Generation Converged Endpoint solutions need to solve?
Problem
DesiredOutcomes
Minimize likelihood
of breach in first place…
Limit exposure and discover patient 0
threats faster…
Reduce human effort, time, and
cost to fix…
• Large amount of grey.
• Long dwell time.
• Under radar attacks.
• Across Endpoints.
Detect
101001110101010101101110001010110100111010101
01011
• Timely closed loop remediation.
• High manual effort.
• Complex workflows.
Correct
• Targeted persistent Endpoint attacks.
• Broader attack surface.
• Bypass traditional controls.
Protect
.
Module A Module B Module C Module D
Endpoint Security Platform
32
A framework to simplify today, built with the future in mind
Endpoint Security Client
Security Management
Kernel Mode Drivers
Common Components
Firewall Web Control Future ModulesTIEThreatPrevention
McAfee ePO Agent Self-Managed
.
33
A Foundation for the FutureAdaptive, integrated, automated responses to adapt faster than threats can evolve
ENS gives you better protection
and performance
and our foundation for
what is next
ENS1
Start building your own threat intelligence base
TIE2
Start hunting now with top priority use
cases in Active Response
MAR3
Coordinate defense all
inside ePO – no other solution
has this breadth in one console
ePO
.
Endpoint Migration Assistant
34
The Migration Assistant was created to educate and aid customers in migrating data to the ENS platform.
Automatic migration can create new policies and client tasks automatically, based on your current product settings, and assign them to groups and managed systems based on your current assignments.
Manual migration lets you select the settings you want to migrate and, optionally, edit them. Manual migration does not retain assignments.
Automatic Migration Manual Migration
Select what items you want to migrate:• Policies• Client tasks• Catalog (FW only)
Select what items you want to migrate:• Policies• Client tasks
Preview policy migration results
Configure policies or tasks
Migrated items are created and assigned automatically
Migrated items are created
Manually assign migrated items
Repeat to migrate additional items
.
Summary
Improved threat detection and reporting
Faster action and containment against emerging, advanced threats
Easy, intuitive insights for corrective actions
Faster performance
Management flexibility
Proven performance
Removes complexity and redundancies
Delivers an architecture for the future
Intelligent and effective with an extensible framework
35
Learn more by visiting:www.mcafee.com/nextgenendpoint
.
37
Resources
Go to the Resources Area of this webcast console to access:
• Solution Brief: Overcome the Attacker Advantage with McAfee Endpoint Security 10 Defenders
• Data Sheet: Complete Endpoint Protection—Enterprise
• Presentation Slides
Chris Shermancsherman@forrester.com@ChrisShermanFR
Grant McDonaldgrant.mcdonald@intel.com@mcdonaldgrant
.
38