In today’s Windows environment, end users are accustomed to having local administrator privileges which allow them to download a variety of applications and potentially misconfigure their PCs. While standard wisdom may be to simply solve the problem by revoking local administrator rights on users’ systems, the reality is that this may not be an option at all organizations. And removing local admin rights doesn’t address applications such as Google Chrome or browser plug-ins for which admin access isn’t required. Fortunately, there’s hope for IT administrators seeking to gain control over the Windows environment while still offering local admin rights to the user base – through application whitelisting. With application whitelisting, IT can gain power over what types of applications their users install and limit their access to under-the-hood controls that determine how well configured the machine remains.

1. How to Enable Local Admin Access - Without the Risk

2. Today’s Speakers Roger A. Grimes Security Consultant, Author and Columnist Chris Merritt Director of Solution Marketing Lumension 2

3. Today’s Agenda The Local Admin Dilemma Using Application Whitelisting to Reduce Risk Q&A

4. The Local Admin Dilemma

6. Old OS - Older Windows OS require it for features to work

7. Old Software - Legacy software requires local admin to install or run

9. Why Taking Away Local Admin Doesn’t Work Users and Senior Executives revolt Many programs won’t work without admin rights Prevents more legitimate uses than illegitimate The medicine can be worse than the disease Non-Admin users can still install software Doesn’t stop all malware In Many Cases, Doesn’t Lower Total Cost of Ownership 7

10. Doesn’t Stop All Malware Many programs, including thousands of malware programs, do not need local admin access to do their dirty work Many programs don’t require admin to install or operate For Example: Google Chrome browser Many Browser add-ons don’t require admin to install Many ActiveX controls don’t require admin Malware programs take advantage of existing, approved, installed programs (e.g. Adobe Reader, Flash, Java) Once approved program is exploited, the bad guy is free to expand influence - biggest hurdle is already passed 8

11. Doesn’t Stop All Malware Malware can do everything it needs to do without having local admin: Install malicious programs Infect files Be persistent through reboots Record keystrokes Steal passwords Crawl the network Once the bad guy is past the initial defenses, it’s game over Removing Local Admin is a binary defense 9

12. Using Application Whitelistingto Reduce Risk

13. Rethinking Local Admin Access Traditional “all or nothing” approaches don’t work Impacts productivity Doesn’t reduce risk appreciably New approach needed Provides visibility and control without impacting productivity Prevents unwanted, unauthorized or malicious apps from executing 11

14. Reducing Local Admin Risk Action Example How Lumension Stops Application Control: Easy Lockdown Trust Engine Install Applications Change Configurations Remove Patches & Uninstall Software Defeat Security Tools Regedit / Command Denied Application: cmd.exe regedit.exe Control Panel – uninstall program Denied Application: control.exe Task Manager – kill process Denied Application: taskmgr.exe 12

16. Access to authorized apps

17. Access to necessary controls

18. Eliminate unwanted or unauthorized apps

19. Time wasters (e.g., WoW)

20. Eliminate software or configuration conflicts

22. Eliminate unwanted or unauthorized apps

23. Security risks (e.g., P2P)

24. Eliminate software or configuration conflicts

25. Reduce Help Desk calls

26. Reduce re-imaging costs13

27. How Whitelisting Helps Stop playing whack-a-mole Not binary Far more granular in providing or denying access Better control coverage Prevent unapproved applications from being installed or executed Regardless of whether they require local admin or not Prevent malicious executables from being initiated if an attacker gains initial access 14

28. Other Benefits of Whitelisting Easy to find out what your end-users are trying to execute Configurable reports and alerts Easy to allow or deny an application in an emergency, without giving end-user full access Whitelisting is the single best thing you can implement to prevent malware attacks and exploitations 15

29. Q&A

31. Overview

32. www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

33. Free Demo

34. www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx

35. Free Application Scanner

36. www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx

37. Whitepaper and Videos

38. Think Your Anti-Virus is Working? Think Again.

39. www.lumension.com/special-offer/App-Whitelisting-V2.aspx

40. Reducing Local Admin Access

41. www.lumension.com/special-offer/us-local-admin.aspx

42. Reducing Local Admin Risk

43. www.youtube.com/watch?v=SPIPLxhFsC017

44. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com