Avecto

Page 1

Avecto | Presentation

Leaders in Windows Privilege Management Presentation to <insert name> Presented by <insert presenter name>

Presented to: | Presented by: Paul Kenyon & Mark Austin

Š 2013 Avecto Ltd

Agenda What is Least Privilege?

Problem and Solution The Least Risk Windows 7 Desktop Benefits Customer Examples Demonstration

avecto.com

Š 2013 Avecto Ltd

What is Least Privilege? Company Background “The least privilege principle requires that each subject in a system be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error or unauthorized use”

Department of Defence Trusted Computer System Evaluation Criteria (Orange Book)

avecto.com

© 2013 Avecto Ltd

The Challenge – All or Nothing

Problem Applications

Standard Applications

Basic Admin Tasks

Standard Applications

Software Installation

Standard User Admin User High Support Costs

High Support Costs

High Security Risks

Less Productive Users

Compliance Issues

Poor User Experience

avecto.com

© 2013 Avecto Ltd

The Privilege Guard Solution

Admin User Standard User

Deploy all users as standard users Prevent the execution of unauthorised applications

Standard Applications

Assign privileges to individual applications based on user roles and needs

Problem Applications

Centrally managed through Active

Directory Group Policy

Basic Admin Tasks

Software Installation

avecto.com

Privilege Guard

Detailed auditing and reporting

Š 2013 Avecto Ltd

The Least Risk Windows 7 Desktop

Privilege Guard is the most effective way to deliver the least risk Windows 7 desktop - all users operate under a standard user account and application whitelisting further protects the environment.

Making the Most of Windows 7 Security, 24th August 2010 – Dan Blum

avecto.com

Š 2013 Avecto Ltd

Reduced Support Costs

Implementing Privilege Guard can flatten the cost curve at its lowest point. User self-service form a secure stand user account reduce the load on the help desk

avecto.com

Š 2013 Avecto Ltd

Improved Business Efficiency Applications are delivered to users based on demand Universal demand – required by all users - part of standard image

Number of users requiring the application

High demand – applications packaged for distribution Low demand – not cost effective to package, virtualize or remotely install via support

Demand

The current ‘sweet spot’ for economically packaged applications is up to this point.

Costly to satisfy delivery of low demand applications

10

avecto.com

X

Applications

Y

© 2013 Avecto Ltd

Strategies to Mitigate Advanced Targeted Attacks Mitigation Strategy Effectiveness Ranking for 2012 (and 2011)

Mitigation Strategy

Overall Security Effectiveness

1 (4)

Application whitelisting of permitted/trusted programs, to prevent execution of malicious or unapproved programs including .DLL files e.g. using Microsoft Applocker.

Essential

2 (1)

Patch applications e.g. PDF viewer, Flash Player, Microsoft Office and Java. Patch or mitigate "extreme risk" vulnerabilities with two days. Avoid Adobe Reader prior to version X.

Essential

3 (2)

Patch operating system vulnerabilities. Patch or mitigate "extreme risk" vulnerabilities within two days. Avoid continuing to use Microsoft Windows XP or earlier versions.

Essential

4 (3)

Minimise the number of user with domain or local administrative privileges. Such users should user a separate unprivileged account for email and web browsing.

Essential

Once organisations have implemented the top four mitigation strategies, firstly on computers used by employees most likely to be targeted by intrusions and then for all users, additional mitigation strategies

5 (17)

Disable local administrator accounts to prevent network propagation using compromised local administrator credentials that are shared by several computers.

Excellent

Source: Australian Dept. of Defence, Intelligence & Security

avecto.com

Š 2013 Avecto Ltd

Regulatory Compliance

avecto.com

Š 2013 Avecto Ltd

Customer Examples Banking

Government

Energy

Manufacturing

Aerospace/Defence

Other

avecto.com

Š 2013 Avecto Ltd

Privilege Guard Benefits Mitigate Malware Threats

Reduce Operating Costs

Combat Insider Threats

Increase User Productivity

Reduce Operational Risk Achieve Compliance

avecto.com

Š 2013 Avecto Ltd

Avecto | Presentation

Demo

Presentation to <insert name> Presented by <insert presenter name>

Presented to: | Presented by: Paul Kenyon & Mark Austin

Š 2013 Avecto Ltd

Scalable Management Framework Privilege Guard ePO Edition

Privilege Guard Administrators

Policy Management, Auditing & Reporting (McAfee ePO)

Managed Desktops & Servers

Privilege Guard Active Directory Edition

Policy Management (Active Directory)

Privilege Guard Administrators

Managed Desktops & Servers Auditing & Reporting (SQL Server and Reporting Services)

avecto.com

Š 2013 Avecto Ltd

End User Experience

avecto.com

Š 2013 Avecto Ltd

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.