© 2008 McAfee, Inc.

“Endpoint” Security

Defining the endpoints and how to protect them

2

04/18/23

Agenda

• What are “endpoints”?• Securing the “endpoints”• Managing access• Securing the data• Layers of protection

3

04/18/23

What are “endpoints”?

4

04/18/23

What are “endpoints”?

More than just a desktop PC today• Servers (application, web, storage)• Laptops• PDA’s/cellular phones• VPN connected devices• Vendors• Contractors• Virtual clients/services• COOP sites• Emergency communications• Video/surveillance• All IP enabled devices

— Sensors— Meters

5

04/18/23

Securing the endpoints

• Each type of device creates some level of specialized requirement

• Standard Anti-virus• Host Intrusion Prevention• Encryption• Data Loss Prevention• Compliance enforcement• Security policy enforcement• Mobile device controls• Network Access control

6

04/18/23

Securing the endpoints

• And why do we secure the endpoints? To protect the data!

7

04/18/23

…against all threats

Last 2 years vulnerabilities exceed

the number of the 10 years before it3

45%2 increase of spam per email message for the

last 6 years

66%1 increase for the last 5 years

Over 685K+1 unique malware today and nearly 1M (est.) by

end of 2008

HIPSAntivirus AntiSpyware AntiSpam

Malware

Spam

Vulnerabilities

Potentially Unwanted Programs

1 Avert Labs2 Message Labs3 National Vulnerability Database http://nvd.nist.gov/statistics.cf

8

04/18/23

Managing access

More than just NAC• Is the person and the device allowed to connect?• Does the device meet all of the defined security policies?• Which policies apply to which types of devices?• How do I remediate a device to comply to policy?• What if the device is outside of my jurisdiction?• Should NAC be based upon network policy or security

policy?

9

04/18/23

Network Access Control (InformationWeek 7-08)

• 23% of all respondents have no NAC plans. Everyone else is in some phase of planning

• #1 reason for NAC: compliance • #2 reason for NAC: access to specific

networked resources

Source: http://www.informationweek.com/news/security/NAC/showArticle.jhtml;jsessionid=WO0KGJJPGVML4QSNDLPCKHSCJUNN2JVN?articleID=208808356

Allowing access from what, to what, by whom and why?

10

04/18/23

Managing access

• Requires a comprehensive network and security based framework

• Must follow specific security policies for the device and the end user

• Must bring value in the way of continuous compliance checks

• Should require no end user involvement

11

04/18/23

Securing the data

So, if the person and the device meet our policies, everything is good, right?

• Now data protection becomes critical…• Just because someone is granted access doesn’t mean

the will use that data according to policy!• Should data be encrypted when at rest?• And how should I protect it at the device level when in

motion?• How do I know when data is not being used properly?

12

04/18/23

Data protection requires various considerations

Data must be protected regardless of:

Easy to Lose Enticing to StealEasy to Transfer

AccessUsage DeviceLocation

Cybercrime “Black Market” Value$98

$490 $147

$147®

13

04/18/23

Securing data may also require encryption…

NETWORK SECURITY DEVICE SECURITY INTERNET SECURITY

File and Folder Encryption

Virtual Container Encryption

Entire Harddisk Encryption

Port & Device Management

Application Management

Secure USB Storage

Email Gateway Encryption

14

04/18/23

In closing

• The definition of endpoint has changed and will continue to do so.

• Protecting the data on each of these endpoints is critical.• Compliance for security is also critical to protecting the

devices holding the data.• No single endpoint strategy will protect various devices.• Endpoint security must be comprised of layers that

support the overall requirements.• Even with strong endpoint security and access controls,

data must still be protected from misuse.

15

04/18/23

Endpoint Security

Thank you for your time and attention!

John Bordwine

McAfee, Inc.John_bordwine@mcafee.com