SlideShare a Scribd company logo

What’s the State of Your Endpoint Security?

IBM Security
IBM Security

The document discusses the challenges facing security teams, including skills gaps in security expertise, ongoing data breaches, and a lack of timely threat intelligence. It notes that the perimeter no longer exists as endpoints extend everywhere. A survey found that 44% of organizations had an endpoint breach in the last 24 months, and it takes most over 3 hours to remediate each compromised endpoint. The document promotes the IBM BigFix solution for discovering all endpoints, fixing vulnerabilities across on and off network devices quickly, and continuously monitoring endpoints to improve security.

Related slideshows

Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient Truth
 
1 of 21
Download to read offline
© 2016 IBM Corporation George Mina, Program Director Mark Hafner, Systems Engineer What’s the State of Your Endpoint Security?
2© 2016 IBM Corporation Security teams face an onslaught of serious challenges Large skills gap in security expertise worldwide 83% of enterprises have difficulty finding the skills they need. Unfilled security positions are expected to grow to 1.5 Million by 2020.4 Data breaches continue with no end in sight Cybercrime is estimated to cost organizations $400 Billion per year1 with over 600 million records leaked in 2015.2 Lack of timely and relevant intelligence plagues security teams 80% believe if they had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack.3 1 Ponemon: Cost of a Data Breach Report 2015 2 IBM: X-Force Threat Intelligence Report 2016 3 Ponemon: Cost of a Data Breach Report 2015 4 Ponemon: Cyber Threat Intelligence Report 2015 ?
3© 2016 IBM Corporation The perimeter no longer exists It is wherever your endpoints are – both on and off the corporate network 1 SANS: State of Endpoint Security Survey 2016
4© 2016 IBM Corporation 1 SANS: State of Endpoint Security Survey 2016 Endpoints Covered by Security/IR Programs
5© 2016 IBM Corporation 1 SANS: State of Endpoint Security Survey 2016
6© 2016 IBM Corporation Remediation and Recovery 0% 5% 10% 15% 20% 25% Unknown Less.than.1.hour 1–2.hours 3–4.hours 5–6.hours 7–8.hours 9–16.hours 17–24.hours More.than.24. hours When%responding% to%an%incident,%how% much%time%(in%man5hours)% do%you%spend%(on%average)%per%compromised%endpoint? 1 SANS: State of Endpoint Security Survey 2016
7© 2016 IBM Corporation The State of Endpoint Security 44% report that one or more of their endpoints have been breached in past 24 months 55% spend 3 or more hours per compromised endpoint 70% find it difficult or impossible to determine when an incident has been fully remediated 1 SANS: State of Endpoint Security Survey 2016
8© 2016 IBM Corporation •  75% of attacks use publicly-known vulnerabilities that could be prevented by patching, but hackers know organizations can’t patch effectively.1 •  99.9% of exploited vulnerabilities were compromised more than a year after the CVE was published.2 •  The average time to detect advanced persistent threats is 256 days.3 1 CSIS: Raising the Bar for Cybersecurity 2 Verizon: Data Breach Investigation Report 2015 3 IBM: X-Force Threat Intelligence Report 2016 Ineffective patch management Major contributor to most breaches
9© 2016 IBM Corporation Architecture Complexity Resources !  Multi products, multi agents !  Siloed security & ops teams !  Resource-intensive agent(s) Why so many endpoint approaches fail !  Infrastructure & resource heavy !  Little pre-built content !  Manual tasks detracts from higher value projects !  Narrow visibility and coverage !  Slow, scan-based architecture !  Not cost-effective at scale
10© 2016 IBM Corporation Find It. Discover unmanaged endpoints and get real-time visibility into all endpoints to identify vulnerabilities and non-compliant endpoints Fix It. Fix vulnerabilities and apply patches across all endpoints on and off the network in minutes regardless of endpoint type or network connectivity Secure It. Continuously monitor and enforce compliance with security, regulatory and operational policies while proactively responding to threats IBM BigFix® FIND IT. FIX IT. SECURE IT… FAST What we do
11© 2016 IBM Corporation IBM BigFix: Bridge the gap between Security and IT Operations ENDPOINT SECURITY Discovery and Patching Lifecycle Management Software Compliance and Usage Continuous Monitoring Threat Protection Incident Response ENDPOINT MANAGEMENT IBM BigFix® FIND IT. FIX IT. SECURE IT. …FAST Shared visibility and control between IT Operations and Security IT OPERATIONS SECURITY Reduce operational costs while improving your security posture
12© 2016 IBM Corporation How we do endpoint security & management X üü ü IBM BigFix Server Datacenter Remote Offices T1 ISDN 56K WiFi Lightweight, robust infrastructure !  Use existing systems as relays !  Built-in redundancy !  Support / secure roaming endpoints Cloud-based content delivery !  Highly extensible !  Automatic, on-demand functionality Single intelligent agent !  Performs multiple functions !  Continuous self- assessment and policy enforcement !  Minimal system impact (< 2% CPU) Single server and console !  Highly secure and scalable !  Aggregates data, analyzes and reports !  Pushes out pre-defined / custom policies Cable / DSL 3G Real-time visibility, scalability, and ease of use Satellite Cable / DSL BigFix Content Delivery INTERNETT1 WiFiWAN
13© 2016 IBM Corporation Drowning in a sea of cyber threats. What do I remediate first?
14© 2016 IBM Corporation Prioritize risks and expedite remediation of vulnerabilities IBM QRadarIBM BigFix Real-time endpoint intelligence Enterprise-wide security analytics Provides current endpoint status Correlates events and generates alerts Prompts IT staff to fix vulnerabilities •  Improves asset database accuracy •  Strengthens risk assessments •  Enhances compliance reporting •  Accelerates risk prioritization of threats and vulnerabilities •  Increases reach of vulnerability assessment to off-network endpoints Integrated, closed-loop risk management
15© 2016 IBM Corporation Step 1 Provide continuous insight across all endpoints including off-network laptops Step 4 Expedite remediation of ranked vulnerabilities, configuration drift and irregular behavior Step 2 Enforce compliance of security, regulatory & operational policies •  QRadar correlates assets & vulnerabilities with real-time security data •  It then sends the prioritized list to BigFix administrators •  Machine Name, OS, IP Address, Malware incidents •  Provides details on physical and virtual servers, PCs, Macs, POS devices, ATMs, kiosks, etc. •  All known CVEs exposed on an endpoint •  Quarantine endpoints until they can be remediated •  Patch or reconfigure endpoints IBM BigFixIBM BigFix IBM BigFix •  BigFix sends vulnerability and patch data to QRadar, automatically ensuring that QRadar's asset database is updated with current data Extend QRadar’s reach and simplify incident response with BigFix Step 3 Prioritize vulnerabilities and remediation by risk
16© 2016 IBM Corporation Quarantine non-compliant endpoints Protect against zero day malware and vulnerability attacks until remediation is complete 1.  Automatically assess endpoints for required compliance configurations 2.  Discover and isolate out-of-compliance endpoints in network quarantine until compliance is achieved 3.  Maintain management control of the endpoint and disable all other access Server and Console X üü üü Non-compliant Endpoint
17© 2016 IBM Corporation Solution: Comprehensive security solution from IBM that helps staff secure endpoints and better detect and respond to threats across the organization. “We can now quickly, easily and accurately produce audit reports for HIPAA and meaningful use compliance. This has helped us obtain a considerable sum of meaningful use incentive dollars.�� —Eddy Stephens, Chief Information Officer, Infirmary Health System Business need: Automate and strengthen security and endpoint management to better protect data and meet HIPAA and meaningful use requirements. Expedite remediation of vulnerabilities IBM BigFix and QRadar
18© 2016 IBM Corporation •  Achieve automatic, continuous, closed-loop remediation of endpoints •  Compress patch cycle times from weeks and days to hours or minutes •  Significantly reduce operational costs while improving security posture •  Implement and enforce continuous compliance across all endpoints both on and off the corporate network Remediate Evaluate Report Find, fix and secure endpoints fast
19© 2016 IBM Corporation Website: www.bigfix.com Twitter: @IBMBigFix
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security
21© 2016 IBM Corporation BigFix Architecture •  Highly secure, highly available •  Aggregates data, analyzes and reports •  Manages up to 250K endpoints per server •  Continuous self-assessment •  Continuous policy enforcement •  Minimal system impact (<2% CPU, <10MB RAM) Flexible policy language (Fixlets) Lightweight, easily configurable infrastructure Single server and console Single intelligent agent •  Thousands of out-of-the-box policies •  Best practices for operations and security •  Simple custom policy authoring •  Highly extensible/applicable across all platforms •  Designate IBM BigFix agent as a relay or discovery point in minutes •  Provides built-in redundancy •  Leverages existing systems/shared infrastructure

More Related Content

What’s the State of Your Endpoint Security?

  • 1. © 2016 IBM Corporation George Mina, Program Director Mark Hafner, Systems Engineer What’s the State of Your Endpoint Security?
  • 2. 2© 2016 IBM Corporation Security teams face an onslaught of serious challenges Large skills gap in security expertise worldwide 83% of enterprises have difficulty finding the skills they need. Unfilled security positions are expected to grow to 1.5 Million by 2020.4 Data breaches continue with no end in sight Cybercrime is estimated to cost organizations $400 Billion per year1 with over 600 million records leaked in 2015.2 Lack of timely and relevant intelligence plagues security teams 80% believe if they had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack.3 1 Ponemon: Cost of a Data Breach Report 2015 2 IBM: X-Force Threat Intelligence Report 2016 3 Ponemon: Cost of a Data Breach Report 2015 4 Ponemon: Cyber Threat Intelligence Report 2015 ?
  • 3. 3© 2016 IBM Corporation The perimeter no longer exists It is wherever your endpoints are – both on and off the corporate network 1 SANS: State of Endpoint Security Survey 2016
  • 4. 4© 2016 IBM Corporation 1 SANS: State of Endpoint Security Survey 2016 Endpoints Covered by Security/IR Programs
  • 5. 5© 2016 IBM Corporation 1 SANS: State of Endpoint Security Survey 2016
  • 6. 6© 2016 IBM Corporation Remediation and Recovery 0% 5% 10% 15% 20% 25% Unknown Less.than.1.hour 1–2.hours 3–4.hours 5–6.hours 7–8.hours 9–16.hours 17–24.hours More.than.24. hours When%responding% to%an%incident,%how% much%time%(in%man5hours)% do%you%spend%(on%average)%per%compromised%endpoint? 1 SANS: State of Endpoint Security Survey 2016
  • 7. 7© 2016 IBM Corporation The State of Endpoint Security 44% report that one or more of their endpoints have been breached in past 24 months 55% spend 3 or more hours per compromised endpoint 70% find it difficult or impossible to determine when an incident has been fully remediated 1 SANS: State of Endpoint Security Survey 2016
  • 8. 8© 2016 IBM Corporation •  75% of attacks use publicly-known vulnerabilities that could be prevented by patching, but hackers know organizations can’t patch effectively.1 •  99.9% of exploited vulnerabilities were compromised more than a year after the CVE was published.2 •  The average time to detect advanced persistent threats is 256 days.3 1 CSIS: Raising the Bar for Cybersecurity 2 Verizon: Data Breach Investigation Report 2015 3 IBM: X-Force Threat Intelligence Report 2016 Ineffective patch management Major contributor to most breaches
  • 9. 9© 2016 IBM Corporation Architecture Complexity Resources !  Multi products, multi agents !  Siloed security & ops teams !  Resource-intensive agent(s) Why so many endpoint approaches fail !  Infrastructure & resource heavy !  Little pre-built content !  Manual tasks detracts from higher value projects !  Narrow visibility and coverage !  Slow, scan-based architecture !  Not cost-effective at scale
  • 10. 10© 2016 IBM Corporation Find It. Discover unmanaged endpoints and get real-time visibility into all endpoints to identify vulnerabilities and non-compliant endpoints Fix It. Fix vulnerabilities and apply patches across all endpoints on and off the network in minutes regardless of endpoint type or network connectivity Secure It. Continuously monitor and enforce compliance with security, regulatory and operational policies while proactively responding to threats IBM BigFix® FIND IT. FIX IT. SECURE IT… FAST What we do
  • 11. 11© 2016 IBM Corporation IBM BigFix: Bridge the gap between Security and IT Operations ENDPOINT SECURITY Discovery and Patching Lifecycle Management Software Compliance and Usage Continuous Monitoring Threat Protection Incident Response ENDPOINT MANAGEMENT IBM BigFix® FIND IT. FIX IT. SECURE IT. …FAST Shared visibility and control between IT Operations and Security IT OPERATIONS SECURITY Reduce operational costs while improving your security posture
  • 12. 12© 2016 IBM Corporation How we do endpoint security & management X üü ü IBM BigFix Server Datacenter Remote Offices T1 ISDN 56K WiFi Lightweight, robust infrastructure !  Use existing systems as relays !  Built-in redundancy !  Support / secure roaming endpoints Cloud-based content delivery !  Highly extensible !  Automatic, on-demand functionality Single intelligent agent !  Performs multiple functions !  Continuous self- assessment and policy enforcement !  Minimal system impact (< 2% CPU) Single server and console !  Highly secure and scalable !  Aggregates data, analyzes and reports !  Pushes out pre-defined / custom policies Cable / DSL 3G Real-time visibility, scalability, and ease of use Satellite Cable / DSL BigFix Content Delivery INTERNETT1 WiFiWAN
  • 13. 13© 2016 IBM Corporation Drowning in a sea of cyber threats. What do I remediate first?
  • 14. 14© 2016 IBM Corporation Prioritize risks and expedite remediation of vulnerabilities IBM QRadarIBM BigFix Real-time endpoint intelligence Enterprise-wide security analytics Provides current endpoint status Correlates events and generates alerts Prompts IT staff to fix vulnerabilities •  Improves asset database accuracy •  Strengthens risk assessments •  Enhances compliance reporting •  Accelerates risk prioritization of threats and vulnerabilities •  Increases reach of vulnerability assessment to off-network endpoints Integrated, closed-loop risk management
  • 15. 15© 2016 IBM Corporation Step 1 Provide continuous insight across all endpoints including off-network laptops Step 4 Expedite remediation of ranked vulnerabilities, configuration drift and irregular behavior Step 2 Enforce compliance of security, regulatory & operational policies •  QRadar correlates assets & vulnerabilities with real-time security data •  It then sends the prioritized list to BigFix administrators •  Machine Name, OS, IP Address, Malware incidents •  Provides details on physical and virtual servers, PCs, Macs, POS devices, ATMs, kiosks, etc. •  All known CVEs exposed on an endpoint •  Quarantine endpoints until they can be remediated •  Patch or reconfigure endpoints IBM BigFixIBM BigFix IBM BigFix •  BigFix sends vulnerability and patch data to QRadar, automatically ensuring that QRadar's asset database is updated with current data Extend QRadar’s reach and simplify incident response with BigFix Step 3 Prioritize vulnerabilities and remediation by risk
  • 16. 16© 2016 IBM Corporation Quarantine non-compliant endpoints Protect against zero day malware and vulnerability attacks until remediation is complete 1.  Automatically assess endpoints for required compliance configurations 2.  Discover and isolate out-of-compliance endpoints in network quarantine until compliance is achieved 3.  Maintain management control of the endpoint and disable all other access Server and Console X üü üü Non-compliant Endpoint
  • 17. 17© 2016 IBM Corporation Solution: Comprehensive security solution from IBM that helps staff secure endpoints and better detect and respond to threats across the organization. “We can now quickly, easily and accurately produce audit reports for HIPAA and meaningful use compliance. This has helped us obtain a considerable sum of meaningful use incentive dollars.” —Eddy Stephens, Chief Information Officer, Infirmary Health System Business need: Automate and strengthen security and endpoint management to better protect data and meet HIPAA and meaningful use requirements. Expedite remediation of vulnerabilities IBM BigFix and QRadar
  • 18. 18© 2016 IBM Corporation •  Achieve automatic, continuous, closed-loop remediation of endpoints •  Compress patch cycle times from weeks and days to hours or minutes •  Significantly reduce operational costs while improving security posture •  Implement and enforce continuous compliance across all endpoints both on and off the corporate network Remediate Evaluate Report Find, fix and secure endpoints fast
  • 19. 19© 2016 IBM Corporation Website: www.bigfix.com Twitter: @IBMBigFix
  • 20. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security
  • 21. 21© 2016 IBM Corporation BigFix Architecture •  Highly secure, highly available •  Aggregates data, analyzes and reports •  Manages up to 250K endpoints per server •  Continuous self-assessment •  Continuous policy enforcement •  Minimal system impact (<2% CPU, <10MB RAM) Flexible policy language (Fixlets) Lightweight, easily configurable infrastructure Single server and console Single intelligent agent •  Thousands of out-of-the-box policies •  Best practices for operations and security •  Simple custom policy authoring •  Highly extensible/applicable across all platforms •  Designate IBM BigFix agent as a relay or discovery point in minutes •  Provides built-in redundancy •  Leverages existing systems/shared infrastructure