#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks - PowerPoint PPT Presentation

#MicroFocusCyberSummit

Securing Your Devices and Data with ZENworks Darrin VandenBos Jason Blackett #MicroFocusCyberSummit

Agenda Security threats in today’s world How do you protect your endpoints? Key takeaways 3

Security Threats in Today’s World

Malware Attacks on the Rise Ransomware, viruses, worms, coinminer attacks, and more More to come? Worms — self-spreading malware — enjoyed their heyday around the turn of the century…Until May 2017, it seemed unlikely that another threat could cause global disruption in the same way. That all changed with the arrival of WannaCry and Petya/NotPetya … Although the vulnerability had been Just a few of the more notable attacks patched several months previously, there was enough unpatched computers online for both threats to cause serious disruption. Attackers will no doubt have noticed how effective both threats were… It’s likely we’ll see an increase in threats self-propagating using these techniques. Symantec Internet Security Threat Report March 2018, Volume 23, Page 85

Software Patches Increasing in Number and Frequency Approximate number of patches released in 2017* Microsoft Red Hat Apple SUSE 2600 1500 2000 50 Mozilla Google Oracle Adobe 50 70 120 30 * Released into ZENworks Patch Management

Diverse Platforms, Operating Systems, and Applications

Increasing Numbers of Laptops and Mobile Devices …on the move …carrying sensitive data It can happen to anyone  One laptop is stolen every 53 March 16, 2017 - A laptop belonging to a Secret seconds Service agent was stolen on Thursday reportedly  80 percent of the cost of a lost exposing details about laptop is from data breach Donald Trump, the Trump Tower, and an investigation  70 million smartphones are into Hillary Clinton’s emails, lost each year, with only 7 according to ABC News. The percent recovered laptop was stolen from a female agent’s vehicle in  4.3 percent of company-issued New York City during a smartphones are lost or stolen break-in. every year Kari Paul, The Secret Service’s stolen laptop is a reminder to us all to secure devices March 2017 Kensington IT Security & Laptop Theft report July 2016

Employees Doing Their Jobs 2017 Top 5 Threats  Running unauthorized or vulnerable applications to IT Security  Connecting to unsecure networks 1. End Users  Accessing sensitive data from hotspots 2. Lack of Security Patching 3. Lack of Security Software  Transferring sensitive data via non-encrypted and Hardware removable drives 4. Inadequate Backup and Planning  Shutting down security-related applications that are 5. Stagnate IT Staff “interfering” with their work  Performing personal and work tasks on the same device Shawn Pate, Senior Technical Advisor WorkSmart (worksmart.com) 9

Shrinking IT Staff and Budgets 2017 Top 5 Threats to IT Security 1. End Users 2. Lack of Security Patching 3. Lack of Security Software and Hardware 4. Inadequate Backup and Planning 5. Stagnate IT Staff Shawn Pate, Senior Technical Advisor WorkSmart (worksmart.com)

How do you protect your endpoints?

Securing the Network Perimeter …is not enough Exposure Risk Every endpoint device, whether internal or external to your network security perimeter, opens a window to your organization’s data and resources Security Information and Event Management (SIEM) 12

Securing Endpoints Requires Multiple Layers of Protection Software Patching Antimalware/Antivirus Personal Firewall Wi-Fi and VPN Software Application Control Mailbox Protection Data Encryption Data Backup User Education

Start with Patching ZENworks Patch ZENworks Configuration Management Management Patch Management Configuration Management Expert Advice  Windows, Linux, and Mac  iOS and Android  Patching of OS via native “Patch frequently.  Servers and workstations mechanisms Patch everything.”  OS vendor applications and  Patching of applications via MATTHEW PASCUCCI, Cyber Security Specialist third-party vendor applications ZENworks application & Privacy Advocate at Front Line Sentinel deployment  Rules-based policies for “Install security updates as automating patch deployment early and as often as  Staged patch rollout via possible, and try to avoid automated testing-to- using any software that is production process no longer supported and no longer receives security  Scheduled patch deployment updates.”  Dashboards and reports for BRIAN DONOHUE, Technology Journalist showing device compliance Covering Network Security @ Cyber4Sight 14

Encrypt Endpoint Data ZENworks Full ZENworks Endpoint ZENworks Configuration Disk Encryption Security Management Management Full Disk Encryption Endpoint Security Expert Advice  Windows  Windows  UEFI/GPT and BIOS/MBR  Encrypt any drives that “Encryption works best if it is enumerate as removable ubiquitous and automatic. It  Encryption of whole disk or drives should be enabled for disk partitions everything by default, not a  Utilizes BitLocker encryption  Optional pre-boot feature you only turn on authentication via a secured when you’re doing Linux kernel Configuration Management something you consider worth protecting.”  Help for PBA password  iOS and Android recovery  Dependent on MDM BRUCE SCHNEIER, American cryptographer and privacy specialist  Emergency recovery disk for capabilities of device unbootable devices 15

Separate Work Life from Personal Life ZENworks Mobile Workspace Control the company workspace on mobile devices Expert Advice  iOS and Android  Restrict access to the workspace if the mobile device does not “Smartphones and other  Isolate sensitive company data meet requirements portable devices are from personal data among the easiest attack  Allow access to company  Encrypt data with dedicated, vectors for hackers… documents, email, and calendar banking-grade encryption We need to emphasize  Separate work contacts from  Require two-factor that these devices hold personal contacts authentication for access to the key to our lives – both workspace corporate and individual. Because they are always  Wipe the company workspace close to us, in our pockets, if a device is lost or an users experience a false employee leaves perception of security. ” ONDREJ KREHEL, CEO & Founder, LIFARS 16

Protect Employees from Themselves ZENworks Endpoint ZENworks Configuration Security Management Management Endpoint Security Configuration Management Expert Advice  Windows  iOS and Android  Location aware  Enforce passwords, inactivity “People often represent timeouts, and device wipes  Control application execution the weakest link in the security chain and are  Control access to features  Secure wireless access chronically responsible for such as cameras, games,  Enforce VPN usage the failure of security application installation, and  Control USB connectivity systems.” account settings BRUCE SCHNEIER, Secrets and Lies  Restrict communication  Much, much more… hardware “ Security is always excessive  Enforce firewalls until it's not enough.”  Control storage device access ROBBIE SINCLAIR, Head of Security, Country Energy, NSW Australia  Extend location awareness and security to 3 rd party software via scripting 17

Takeaways

Mitigating Threats with ZENworks Security Threat Mitigation Method ZENworks Solution Malware attacks or network attacks Patch, quarantine, personal firewall Patch Endpoint Security Management Management Lost or stolen laptops or mobile devices Encryption Endpoint Security Configuration Full Disk Encryption Management Management Transferring sensitive data via non- RDD controls and encryption encrypted removable data drives (RDD) Endpoint Security Management Running unauthorized or vulnerable Application controls applications Endpoint Security Configuration Management Management Connecting to unsecure networks or Wireless and VPN controls accessing sensitive data from hotspots Endpoint Security Management Performing personal and work tasks on Mobile device management the same device Configuration Mobile Management Workspace 19

Micro Focus ZENworks Configuration Management Secure Unified Endpoint Management Endpoint Asset Security Management Reporting Disk Service Encryption Any Device Any Device User Centric Mobile Desktop Workspace Containers Patch IT Service Management Management 20

Want to learn more? Drop by the Demo Lab Come to the ZENworks hands-on workshop Thursday at 1:30 21

#MicroFocusCyberSummit Thank You.

#MicroFocusCyberSummit