Endpoint Security: Secure Enterprise Endpoints from Data Leakage and Malware

Application Whitelisting Prevents Unauthorized Applications and Malware from Executing

Traditional approaches to endpoint protection have become ineffective in today’s dynamic computing environments. To escape this mode of always falling one step behind emerging threats, organizations need a new endpoint security model.

An application whitelisting solution provides the means to take charge of your information environment by making the shift from focusing only on what you know is bad to allowing only what you know to be good. Simply put, any executable – whether a business application, a video driver, or a web browser plug-in – not specified on the whitelist cannot load and run.

By implementing a whitelist, you can effectively prevent:

• Any of 5.49 million unique samples of malicious software found in 2007 from harming your network or business information ¹
• Unauthorized applications from continuing to run rampant throughout your network
  • External proxies not supported by IT were present in 80% of the surveyed sites ²
  • Web-based file transfer and storage applications were detected in 30% of the sites ²
  • Google applications are used at 60% of the sites ²
  • Webmail was found in 95% of the sites, IM use was found in 100% of the sites ²

The lack of visibility and control over applications makes it very difficult to effectively manage risk on corporate networks. Getting an accurate view of your environment is the first step to developing an application whitelist which puts you in control of your information and your business.

Lumension Security Endpoint Protection Solution Ensures Trusted Change via Application Whitelisting

Lumension Security Endpoint Protection Solution controls exactly which applications can run on each computer and keeps information secure while offering many other benefits, such as:

• Increased performance and stability - When only authorized applications can run on a computer, there is far less chance that inappropriately installed programs or hardware drivers will corrupt an operating system.
   
• Control of computer and network utilization - Whitelisting offers a way to keep bandwidth consuming software such as junkware, games and peer-to-peer programs from interfering with business operations.
   
• Decreased IT support costs - With no viral attacks to thwart, malware to hunt down, or incompatible applications to invoke the blue screen of death, IT can spend more time and resources on improving operations instead of constantly fixing computers.
   
• Increased data security and compliance with privacy laws - Preventing programs not on the whitelist from running on any computer obviates the chance for spyware, keyloggers, and sniffers to steal passwords, address books, customer files, or other sensitive data from otherwise physically secure computers.

1 – www.av-test.org
2 – The Application usage and Risk Report, Palo Alto Networks, April 2008-

Protection Against Malware, Spyware, Viruses and Zero-Day Threats

The security landscape is shifting from large, widespread malware outbreaks to targeted, quiet threats. Traditional solutions cannot provide adequate protection against malware as evidenced by Gartner’s prediction that 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses¹. Furthermore, 70 percent of all computer attacks, IT security breaches and data thefts are generated from within the firewall ², proving that endpoints are the likeliest entry point for malware, spyware, viruses and zero-day threats. And the threats are not slowing - a leading anti-virus vendor recently said that in the last two months of 2006, 70,000 unique malware fingerprints were created with expectations of reaching 400,000 recorded threats by early 2008. This figure does not cover all threats ‘in the wild’ today.

Traditionally, all forms of malware, viruses, worms, etc. were solely introduced via rogue executables downloaded off the Internet, but now these can also be introduced via removable devices. If an audio player, flash drive or USB stick becomes infected, the user could plug it into the corporate network and unknowingly unleash a crippling virus. Recent examples of this include:

• The SillyFD-AA worm, which spreads by copying itself from infected machines onto removable drives such as USB memory sticks before automatically running when the device is next connected to a computer.
   
• TomTom’s announcement that an isolated amount of GO 910 devices were shipped with a virus pre-installed. Infected versions of the GO will try to copy the malicious software to a PC when connected.
   
• McDonald’s recalling MP3 players it offered as a prize, after discovering that the prizes were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed the QQpass spyware Trojan after claiming a Flash MP3 player.
   
• Apple’s announcement that a small percent of Video iPods -- pocket-sized devices that can play music and video clips -- left its contract manufacturer carrying the virus RavMonE.exe, which affects computers running Microsoft Windows operating system.

Lumension’s Endpoint Security Software Protects 100% Against Malware, Spyware, Viruses and Zero-Day Threats

Lumension’s Endpoint Security software is comprised of Sanctuary Application Control and Sanctuary Device Control, which protect against targeted threats and enable only authorized applications and devices to execute or connect to a network server, terminal services server, thin client, laptop or desktop. Sanctuary simplifies the discovery phase so that administrators can uncover all of the applications that are executing on the endpoints. Once known what applications are on the network, a policy can be established and enforced.

Sanctuary enables administrators to rapidly identify applications and to assign permissions for applications to users, user groups or a particular computer. Once these access rights have been set, any executable not on the authorized list will simply not be able to run. Detailed audit capabilities log all application execution attempts, as well as any administrator actions, including changes of any application policy authorizations.

The final result is a network free of malware.

Lumension’s Endpoint Security Software Protects Against Malware, Viruses and Zero-Day Threats by:

• Enforcing policies that do not allow known and unknown threats to execute, such as malware, viruses, spyware and zero-day threats
   
• Providing a detailed audit trail of all device and application execution attempts
   
• Identifying organizational security holes in the protection of sensitive information through comprehensive auditing capabilities
   
• Safeguarding against network security breaches where confidential data could be exposed to fraud
   
• Disabling suspicious executables that are locally authorized on too many computers

1 - Gartner Research, “Gartner’s Top Predictions for IT Organizations and Users, 2007 and Beyond,”, Daryl C. Plummer, December 1, 2006
2 - Yankee Group Security Leaders and Laggards Survey, 2005

Prevent Data Leakage and Costly Security Breaches

Data leakage caused by removable media, spyware and malware, and the resulting regulatory compliance issues remains at the top of enterprise IT challenges. Most data leaks and targeted attacks – inadvertent or intentional – occur at the endpoint and many of these are generated internally. Unmanaged removable media and applications can easily open the floodgates for data to escape into the wrong hands.

Recent examples include

• 320,000 sensitive files were allegedly transferred to a thumb drive by a Boeing employee and leaked to the Seattle Times ¹
   
• 8,000 Texas A&M Corpus Christi students’ personal information, including social security numbers were lost in Madagascar when a professor vacationing off the coast of Africa took the data with him on a flash drive ²
   
• Thumb drives that contained intimate details on everything from US soldiers to secret informants were sold in Afghanistan by teenagers for $40 a piece ³
   
• Wilcox Memorial Hospital on Kauai warned 130,000 former and current patients about the disappearance of a thumb drive containing personal medical information ⁴
   
• Data thieves breached the systems of credit card processor CardSystems Solutions and made off with data on as many as 40 million accounts affecting various credit card brands, according to MasterCard International ⁵
   
• Confidential medical records were on a USB memory stick, which was then repackaged and sold as new to a real estate agent ⁶

75 percent of Fortune 1000 companies fell victim to accidental and/or malicious data leakage ⁷. The cost to recover when corporate data was lost or stolen - companies spent nearly an average of $5 million in 2006, which is 30% more than in 2005 ⁸. Furthermore, virus attacks, unauthorized access to networks, lost/stolen laptops and mobile hardware, theft of proprietary info or intellectual property accounted for more than 74 percent of financial losses ⁷.

Lumension’s Sanctuary Protects Against Data Leakage, Theft or Loss

Lumension’s Sanctuary Application Control and Sanctuary Device Control provide the necessary controls to manage the data flowing to and from network endpoints and audits the use of applications and devices. Sanctuary ensures the confidentiality and integrity of sensitive data by enforcing encryption when copied to removable media. Sanctuary also provides detailed audit information that shows successful and unsuccessful attempts to connect a device or execute an application on a protected machine.

By employing a whitelist approach, Sanctuary is uniquely capable of enforcing application and device usage and control policies, which enables only authorized applications and devices to run or connect to a network, server, terminal services server, laptop, thin client or desktop – facilitating security and systems management, while providing necessary flexibility to the organization to easily enable the use of new/upgraded applications or devices.

Lumension Prevents Data Leakage and Security Breaches by:

• Safeguarding the confidentiality, integrity and availability of sensitive data
   
• Providing a detailed audit trail of all device and application execution attempts, by tracking data that is copied to and from removable devices and by controlling what data is allowed to be copied to a device at the file level
   
• Controlling and monitoring the flow of inbound and outbound data
   
• Identifying organizational security holes in the protection of sensitive information through comprehensive auditing capabilities
   
• Preventing spyware and keyloggers originating at an endpoint
   
• Protecting against network security breaches where confidential data could be exposed to fraud

1 – “Boeing Employee Charged with Stealing 320,000 Sensitive Files”, Information Week, July 11, 2007
2 – “Professor loses student data”, www.caller.com, June 16, 2007
3 – “Stolen Military Data for Sale in Afghanistan”, MSNBC, April 13, 2006
4 – “Hospital loses patient data”, Star Bulletin, October 21, 2005
5 – “Credit card breach exposes 40 million accounts”, CNET News.com, June 17, 2005
6 – “For Sale: Memory Stick Plus Cancer Patient Records”, The Register, March 14, 2003
7 - 2006 CSI/FBI Computer Crime and Security Survey
8 - Ponemon Institute's 2006 Cost of Data Breach Study

USB Security and Data Encryption

Safeguarding your data is critical to running your business and protecting the privacy of employees and customers. The news is rife with reports of data being lost or stolen from laptops left in cars, USB flash drives dropped in airports, or unencrypted CDs and DVDs lost in the mail.

What’s at risk - employee information, patient medical records, credit card numbers, corporate intellectual property and much more. All can be lost or misused in an instant, unless you have complete control over how data is stored, copied, and transported and whether or not it is encrypted. In fact 53% of organizations would never know what data was on a lost USB device ¹.

Blocking USB devices or port access hinders the flow of business, so enforcing a flexible policy that puts controls over the movement of information, but does not altogether ban it is imperative. In order to effectively protect your information, you have to know where your current risks reside. Take the first step by downloading the free Lumension Security Device Scanner to find all of the USB devices that have ever been connected to your network.

Lumension Security Data Protection Solution Delivers USB Security and Encryption of Data Moved onto Removable Devices

Lumension Security Data Protection Solution eliminates data loss or theft by enforcing USB device use policies to:

• Identify all devices, past and present, ever connected to network assets. Each device is identified by type (e.g., USB thumb drive, CD burner, smart phone), manufacturer, model number, and MAC address (if applicable).
• Control and manage any removable devices through ports, including USB, FireWire, WiFi, Modem/Network NIC, and Bluetooth.
   
• Enforce encryption of information transferred to any removable media, including USB sticks, CDs and DVDs. Encryption is self-contained on the device, allowing only those with an encryption key to copy to an unmanaged computer. If the device is lost or stolen, the data remains safeguarded against unauthorized access.
   
• Provide detailed forensics on device usage and data transfer by person, time, file type, and amount. By monitoring and creating shadow logs of file transfers, you can replicate the actual files or just record file name, type, and ownership.

1 - Ponemon Institute, 2006 Cost of Data Breach Study