11
Delivering Security with GFI MAX
Todd Haugland, Lead Sales EngineerGFI MAX US
22
Intro
Security is essential. Period
Try to lock down all levels of access
Multi layer approach for best protection
33
Why?
» Estimated cost of Cyber Crime and Cyber Espionage » $100 billion USD per year in US alone» $425 billion USD per year worldwide
» Advanced Persistent Threats (APT):» Coordinated cyber activities of criminals and state level entities» Objective of stealing information, compromising information
systems*» Criminal organizations monetise all aspects of illicit access» Foreign Intelligence Services gather Intellectual Property» APT tries to stay embedded for as long as possible» APT generally only resorts to destruction upon detection
* regular users are sometimes the most adept at this!
44
Why?
» At least 85% of the targeted cyber intrusions that Defence Signals Directorate (DSD) responds to could be prevented by following the Top 4 mitigation strategies listed in the Strategies to Mitigate Targeted Cyber Intrusions
Good News, it’s easy» Use application whitelisting to help prevent malicious
software and other unapproved programs from running» Patch applications such as PDF readers, Microsoft
Office, Java, Flash Player and web browsers» Patch operating system vulnerabilities» Minimise the number of users with administrative
privileges
55
The Good News
» “Managed Security Services Market” by Transparency Market Research
» $9 billion USD in 2012, could be worth $24 billion by 2019» Predicted market will expand at CAGR of 15.4% between 2013 and
2019
» Gartner» Security spending gets boost from mobile, social and cloud» Worldwide spending on information security will top $71 billion
USD this year• Almost 8% increase over 2013
» Data loss prevention segment recording the fastest growth at 18.9 percent
» In 2015, 10% of overall IT security capabilities will be delivered as a cloud service
» SMBs will become event more reliant on hosted security services
66
How?
Security at every level
» DEVICE (ACCESS CONTROL)
» OPERATING SYSTEM & PROGRAM – PATCHING & VULNERABILTIES
» VIRUS & MALWARE PROTECTION
» ONLINE SAFETY
» BACKUP
77
DEVICE security
88
Device Security
»Check access to machine□ Password security securing
access, strong passwords□ User awareness
> locking machines when not at desk > not having post its with passwords written
down
□ Can you account for every user?
□ Monitor failed login attempts □ User rights on PC
99
Operating System & Program Security
1010
OS & Program Security
»Close loopholes and potential code security flaws through effective installation of software patches and updates.
1111
OS & Program Security
»Critical updates for Windows Operating System and Microsoft Office□ Microsoft released 2445 bulletins in 2013 which were of low
importance or above to be considered for install on their OS or Programs
»Security patches for Internet Browsers, Internet Explorer, Google Chrome, Mozilla Firefox
»Plugins updated for Java Runtime, Adobe Flash, Adobe Acrobat Reader□ Adobe Acrobat updated from v 10.1.90 Jan 2013 to v11.0.06 Jan
2014 , 7 versions updates in 12 months in just one program
□ Java updated from v7 Update 11 to v7 Update 51 in same timeframe
1212
Virus and Malware
protection
1313
New malware over last 24 months!!
Data from AV Test institute which registers over 220,000 new malicious programs every day
1414
Virus and Malware protection
» Microsoft Security Essentials which became Windows Defender is integrated to offer some protection.
» Internet Security suite products can be bloated, slowing down machines
» Firewall inclusive products often cause more harm than good by blocking too many items, false positives
» Windows Firewall good … but not great.
» Network Firewall / UTM devices only work for LAN; sales / remote workers still able to access sites
1515
INTERNET ACCESS (ONLINE)
PROTECTION
1616
Internet Safety
» Internet Society online survey in 2012
□ Access to the Internet should be considered a basic human right.
> 83% somewhat or strongly agree> 14% somewhat or strongly disagree> 3% don't know
□ The Internet should be governed in some form to protect the community from harm.
> 82% somewhat or strongly agree> 15% somewhat or strongly disagree> 3% don't know / not applicable
□ When you are logged in to a service or application do you use privacy protections?
> 27% all the time> 36% most of the time> 29% sometimes> 9% never
1717
Multiple Layers = Multiple Problems???
1818
Multiple Layers, No problem!!!
1919
GFI MAX
Asset Tracking
Monitoring of devices / Failed login check
Patch Management
Managed AntiVirus
Web Protection
Managed Online Backup
Protect mail out in front!
2020
Asset Tracking
2121
Asset Tracking
» View Software details per device
» Run Modification Report to check on installed software since initial build
» Create Software License groups to blacklist known bad programs
2222
Pro-active Monitoring
2323
Monitoring Checks
»Failed Login Check
□ #1 customer request on ideas.gfi.com
□ More informative: Event IDs, failure reason, IP address, username
□ Respond quickly and decisively to security concerns
2424
Monitoring Checks
Event Log Checks Find the most prevalent issues automatically complete with research tool-access built in.
2525
Active Directory Users Report
2626
Pro-active Monitoring
2727
Automation
2828
Automated Maintenance and Tasks
» Integrated into the dashboard
»Deploy any type of script and execute
»Automated error and failure handling
2929
Automated Maintenance and Tasks
3030
Automated Maintenance and Tasks
3131
Patch Management
3232
Patch Management
• Replace other patch services • Uses GFI LANGuard 2012 Agent• Vulnerability Check runs daily• Lists missing patches and discovered vulnerabilities
• Alert or Report mode• Included in all Client Reports• Monthly lists all installed
• Set & Forget orManually approve and install
• Patch Overview Report for missing / installed patches
3333
Schedule ad-hoc installation of approved patches
» Implement patches immediately or schedule for 2 weeks down the road.
» Override the schedule or use as the schedule
• Replace other patch services • Windows and Third party
patches/updates• As manual or as automatic
as you want• Approve as needed• Schedule deployment for
later
3434
Update Release Cycle
» We aim to support Microsoft updates within hours of Patch Tuesday
» Out of band patches (Microsoft and non-Microsoft) within one working day
» LANGuard checks for updates between 1am and 5am GMT and around DSC
» Incremental differences for non-Microsoft update databases
» Download Microsoft update database direct from microsoft.com
» Patches are downloaded directly from vendors’ web-sites
» Patches are downloaded when they need to be installed
» Use Site Concentrator to cache patches once per site
» Switch off Windows Updates?
3535
Patch Approval Lifecycle
» ALL patches must be approved before they can be scheduled for installation□ Approval can be manual or automatic based on severity
» We only report updates as missing if they are required» We report all updates installed, even if we didn’t install them
□ If there is no install date/time listed, it was not installed by us
3636
More information
»Supported Microsoft Products□ http://www.gfi.com/lannetscan/msappfullreport.htm
»Supported Microsoft Patches□ http://www.gfi.com/lannetscan/msfullreport.htm
»Supported non-Microsoft Products□ http://kb.gfi.com/articles/SkyNet_Article/KBID003469
»Supported non-Microsoft Patches□ http://www.gfi.com/lannetscan/3pfullreport.htm
3737
Managed AntiVirus
3838
Managed AntiVirus
3939
Managed AntiVirus
» Deployed directly through Dashboard
» Automatically install if no A/V present
» Automatically remove other products
» Complete management with protection of end point device
» Policy based approach that can be applied from one to many devices
» Automatic Signature update if/when Daily Safety Check detects old defs
4040
Manage Quarantine
» Reports menu, Managed Antivirus, Quarantine Report
4141
Web protection
4242
Web Protect
» Web Security» Stop users from visiting malicious sites
» Web Filtering» Web browsing policies for the workplace
» Bandwidth Monitoring» Be alerted about excessive bandwidth
activity» Policy configuration» Reporting
4343
Web Security
• Divided by categories • Known sites that have the
potential to do actual harm to a computer> Malware> Spam URLs> Phishing> Etc.
4444
Web Filtering
Website access can be controlled based on the URLs categorisation
4545
» All websites are categorized. If in multiple categories, most restrictive wins
» Use schedules to allow access to social media etc. out of office hours
Web Filtering
4646
Web Protect
So how do the priorities work together?
Does Security trumpFiltering?White list
OverBlack?
4747
Web Protect
So how do the priorities work together?
Does Security trumpFiltering?White list
OverBlack?
4848
Bandwidth Monitoring
» Receive an alert when downloads exceed threshold
4949
Overview Report
» Weekly overview of Web Security, Filtering, and Bandwidth at client» Ratio of allowed to blocked requests» Top blocked categories» Top visited sites» Noisiest devices
» Monitor trends and spot exceptions
5050
Report Builder
» If overview report shows an increase in blocked requests to category or site» Show me requests to specific category or site from all devices at client
» If irregular activity is suspected» Show me all requests from specific device
5151
Web Protect
» Employing an internet usage policy for customers will need them to ensure they have made their employees aware.
» http://www.gfi.com/pages/sample-internet-usage-policy
» Data we do hold is kept securely, 2FA and dashboard logins only.
» Citizens Advice - Your employer can legally monitor your use of the phone, internet, e-mail or fax in the workplace if:
> the monitoring relates to the business> the equipment being monitored is provided partly or wholly for
work> your employer has made all reasonable efforts to inform you that
your communications will be monitored.
As long as your employer sticks to these rules, they don't need to get your consent before they monitor your
electronic communications
5252
Additional Protection
5353
Backup
• Software solution for backing up to Cloud
• Stand-alone distribution with central console
• Multi-platform
• RM flavor: Managed Online Backup
5454
Managed Online Backup
Managed Online Backup allows you to easily backup customers data
• Disk to Disk (via LocalSpeedVault) to Cloud (D2D2C)• True Delta technology ensures only changed file blocks are backed-up• All data encrypted with 128 bit AES encryption before sending
With Cryptolocker, it is likely that the only way to recover data is from a backup
5555
Mobile Device Management
Protect against business critical data being compromised via loss or theft of company or employee owned mobile device
• Set Passcode• Locate device• Lock device• Remote Wipe
5656
MailProtection
» BUILT-IN CONTINUITY» Ease of deployment and ease of use» Reliability via redundant systems in multiple
datacenters» Scalability» Little or no ongoing maintenance» No capital investment and no risk of
obsolescence» Immediate, no-risk trial» Integration –security, continuity, and archive » High margins for partners with built-in recurring
revenues
Email Security Email Continuity
5757
MailArchive
» BUILT-IN CONTINUITY» Ease of deployment and ease of use» Affordability – no startup costs; low price
point; per-mailbox activation» Immediate, no-risk trial» Flexible retention policies with archive» Locally-based technical support» Integrated solution encompasses
security, continuity, and archive -- all through a single interface
Email ContinuityEmail Archive
5858
Dashboard considerations
» Ensure all dashboard users have specific logon» Do not use the Primary Access Key to access Dashboard
» Restrict access via IP Address
» Two Factor Authentication
5959
are the last line of defense
or me!!
Remember
YOU
6060
Conferences.gfimax.com/app
Questions? Please come to the Sales Engineer Table!