As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary – but not sufficient – layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term. View these slides to learn the recommended steps to check unknown executables on your endpoints as we dive into a technical discussion of what the critical items to address: * Prepare – properly laying the groundwork for implementing application whitelisting is crucial to ultimate success. * Lockdown – preventing unwanted or dangerous changes while providing necessary flexibility to support business needs. * Manage – maintaining the environment as application, end user and business needs develop.

1. Developing Best
Practices for
Application
Whitelisting
An In-Depth Technical Webcast

2. Today’s Agenda
Introduction
Augment Your Defenses to Mitigate Zero-Days,
with Lessons Learned from the Field
• Laying the Groundwork
• Creating Policies
• Protecting Endpoints
• Managing the Environment
Q&A

3. Today’s Panelists
Douglas Walls David Murray
Chief Information Officer Sr. Product Manager
EMSolutions, Inc. Lumension
3

4. Why Application Whitelisting Is Important
AVERAGE detection rate after 30 days = 62%
Today’s Endpoint Security Stack Sources of Endpoint Risk
AV 5%
Zero-Days
Device
Control 30%
Application Missing Patches
Control
65%
Patch & Configuration
Management Misconfigurations
4

5. Benefits of a Solid Whitelisting Process
Malware Costs Money Controlled Change is Good
© Creative Commons / Kevin Dooley
5

6. Application Whitelisting Best Practices
Laying the
Groundwork
Application
Managing the Creating
Whitelisting
Environment Policies
Process
Protecting
Endpoints
6

7. Laying the Groundwork

8. Groundwork | Policies | Lockdown | Management
Clean
Avoid End User Disruption
• No need to reimage
• Off-hours, thorough scan to
remove known malware
8

9. Groundwork | Policies | Lockdown | Management
Scan
9

10. Groundwork | Policies | Lockdown | Management
Organize
10

11. Groundwork | Policies | Lockdown | Management
Denied Apps
Eliminate unknown or
unwanted applications on
your endpoints
User Endpoint View
Admin Console View
Prevent applications from executing
even while endpoints are in monitor
mode only
11

12. Creating Policies

13. Groundwork | Policies | Lockdown | Management
Trusted Updater
Automated whitelist maintenance reduces workload
13

14. Groundwork | Policies | Lockdown | Management
Trusted Publisher
Automated whitelist maintenance reduces workload
14

15. Groundwork | Policies | Lockdown | Management
Trusted Path
Automated whitelist maintenance reduces workload
15

16. Groundwork | Policies | Lockdown | Management
Monitor
Stabilize Whitelist Maintenance
• Full visibility into unaccounted for
changes (good and bad)
• Accommodate variations
• Reduce maintenance workload
16

17. Groundwork | Policies | Lockdown | Management
Local Authorization
Effectively Balance Security
and Productivity
• End user flexibility
• “Third Way” between Monitor
and Lockdown
Admin Console View
User Endpoint View
17

18. Protecting Endpoints

19. Groundwork | Policies | Lockdown | Management
Enforce
Easy Transition
• Minimize disruption
• Provide flexibility
• Minimize workload
19

20. Groundwork | Policies | Lockdown | Management
Fine-Tune
Think Globally, Act Locally
• Harmonize where appropriate
• Anticipate future needs
20

21. Managing the Environment

22. Groundwork | Policies | Lockdown | Management
Control Is this a
Known Bad?
Should my Is this a
users have this? Known Good?
What is trying
to install this?
Is this
Unwanted?
Who wrote
this?
Where did this
come from?
22

23. Groundwork | Policies | Lockdown | Management
Adapt
Develop processes
• Changes in environment
• Changes in end user needs
• Changes in business needs
Create flexibility to balance
security with productivity across
entire organization
© Creative Commons / Bruce Tuten
23

24. Q&A

25. More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Application Scanner – discover all the apps http://www.lumension.com/
being used in your network intelligent-whitelisting/buy-now.aspx#7
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Intelligent Whitelisting™
» Online Demo Video:
http://www.lumension.com/Resources/
Demo-Center/Endpoint-Security.aspx
» Free Trial (virtual or download):
http://www.lumension.com/
intelligent-whitelisting/free-trial.aspx
25

26. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com