Autonomic Software, Inc.

1
Autonomic Software, Inc.
Securing Cross-Platform Networks - Autonomically
Pat Sebers 408-891-1460 pat_at_appliednetsec.com www.
appliednetsec.com
2
Autonomic Software, Inc.Patch and Vulnerability
Management Webinar

3
What Our Technology Does
Patch and Asset Management, Software/Application
Distribution
These applications are high visibility, and
critical to enterprise management
Our Goal
Initial suite of tools makes asset management,
patch management, and software/application
distribution autonomically driven, transparent,
background utilities.
4
AGENDA

• Impact and Costs of Vulnerabilities
• Costs of Manually Deploying Patches
• Microsoft SUS Deficiencies
• Compliance Requirements
• The Autonomic Software Advantages and
  Differentiation
• Demonstration of the Autonomic Solution for
  Patch, Asset, and Software Distribution
  Management
• Product Roadmap
• Evaluation Proposal

5
Impact of Vulnerabilities

• Cybersecurity Liability Seen Increasing
• WASHINGTON (Reuters) - Hackers, viruses, and
  other online threats don't just create headaches
  for Internet users -- they could also create
  prison sentences for corporate executives,
  experts sayif effective, available methods are
  in place to secure networks, and were not acted
  upon.

6
Recent Press around Patch and Vulnerability
Management

• Federal CISOs Rank Patch Management As Biggest
  Obstacle - Nov. 22, 2004
• Survey by Intelligent Decisions indicates that
  patch management leaves less time for chief
  information security officers to work on
  improving overall security.By George V. Hulme
• Patch management is the biggest problem facing
  many federal chief information security officers,
  shows a study released today. The survey by IT
  consulting firm Intelligent Decisions Inc. was
  conducted with the participation of 25 government
  CISOs. Their concerns over patch management
  outweighed unease about network compromises,
  compliance with the Federal Information Security
  Management Act, cyber attack preparedness,
  critical infrastructure protection, and the
  impact of downtime of their business-technology
  systems.
• "Patch management ranked so high because it
  touches every part of their infrastructure, and
  there are so many patches coming out that
  everyone is worried whether or not they're
  keeping up," says Ted Ritter, director of
  cybersecurity for Intelligent Decisions.
• http//www.informationweek.com/story/showArticle.j
  html?articleID53701321

7
Vulnerabilities Reported - CERT
Total vulnerabilities reported (1995-3Q 2004)
15,629
8
Enormity of Vulnerability Management Problem

• The increase in reported information systems
  vulnerabilities has been staggering, especially
  in the last 3 years. General Accounting Office,
  9/10/2003
• Successful attacks on unpatched software
  vulnerabilities have caused billions of dollars
  in damage. GAO 9/10/2003
• While patches, or software fixes, for these
  vulnerabilities are often well publicized and
  available, they are frequently not quickly or
  correctly applied.

9
Patches Were Available Ahead of Time
10
Security Budgets Rising
11
High Cost of Manually Patching Systems
12
Prohibitive Cost of SneakerNet

• Manual patch costs
• (Hours x Administrator Rate x of Systems)
  (Patch Failure )
• x (Hours x Rate x Systems) Cost to Patch
• Case Study KMPH TV 2 Television Station,
  Fresno, CA
• Number of Machines (primarily Windows) 600
• Time to patch 15 minutes per machine per month
• Labor Rate 40 per hour
• Total Monthly Labor Cost 6,000.00
• Total Yearly Labor Cost 72,000.00
• Patch Management ROI Savings in Year 1 - 57,000,
  Year 2 - 69,000, Year 3 - 69,000
• Payback Period 4.8 months
• CFO Decision Move forward and budget based on
  ROI.

13
Microsofts Solution Software Update Services.
You Get What You Pay For

• SUS updates only the critical patches needed for
  Windows operating systems.
• SUS does not provide updates for applications.
• SUS does not have the flexibility to move across
  platforms.
• SUS does not scan and report assets or keep
  inventory of whats been installed, so how can
  you patch what you dont know you have?
• SUS does not have a way to tell whether a patch
  has been installed or not. This requires time
  from the IT staff to read through log files.
• SUS requires valuable IT resources to use
  effectively as a Patch Management tool.
• SUS has reporting inaccuracies which is a common
  complaint amongst its users. It says something
  has been installed when it hasnt and vise versa.
  Huge time waster.
• SUS requires users to manually reboot their
  computers. This includes teaching end-users that
  they need to reboot in order for their updates to
  take effect.
• SUS service is a Pull process, not Push.
• SUS is for Windows 2000 Professional and Windows
  XP Home/Pro only.
• SUS doesn't allow any interaction with the
  Automatic Updates user interface for non-admin
  users, and the only way to install updates for
  non-admin users is to configure Automatic Updates
  to do scheduled installs.
• With SUS, once Automatic Update is in an install
  pending state, all other Automatic Update related
  activity ceases and no further detection or
  downloading occurs. The only way around this is
  to disable AU and then re-enable it which causes
  AU to discard anything that it's already
  downloaded and do a new detection/download cycle.
• SUS requires administrators to constantly monitor
  registry settings to detect problems associated
  with Automatic Updates and SUS conflict.
• SUS requires rebooting IIS every few weeks. This
  is a know problem.
• SUS isn't intended as a complete automation
  solution.
• SUS has authentication problems in a Windows 2000
  domain.
• A SUS server can host only one policy - all
  systems which update from it are updated in the
  same way. This means that it is not possible to
  have multiple sets of clients with each set
  picking up a different set of updates (unless you
  run multiple servers). This makes it difficult to
  trial updates in advance of deploying them more
  widely.
• SUS has bandwidth problems, especially with
  deployments of large updates like Windows XP SP2.
• A computer that has been turned off for a long
  period of time will connect to the SUS server to
  download and install available updates at some
  point after it is turned back on. However, there
  can be delays in this process, which leaves your
  computer vulnerable to many network security
  risks.

14
Compliance Driving Vulnerability Management

• Sarbanes-Oxley
• HIPPA
• Banking Compliance (OCC OCT)
• Insurance Compliance
• Government Compliance
• Academic Compliance
• Business Software Alliance

15
Company At-A-Glance

• Customers
• Case Studies
• Testimonials
• Partners
• References

• Starting 3rd Year of Operation
• Seasoned Management Team
• Venture Capital Funded
• Production Version Released
• November 03

16
Vulnerability Management Lifecycle

• Asset Discovery
• Detect cross-platform assets
• Identify Patch
• Vulnerabilities
• Identify License
• Vulnerabilities
• Maintain Compliance

• Patch Monitoring
• 7/24 Global Update
• Repository
• Spider Cache
• Patch Validation
• Create and Manage
• policy rules

Monitor
Discover
Persistent Updating
Deploy

• Patch Testing
• Scan assets
• Pre-test patches within 12 hours of release

Test

• SW Distribution
• Test Patch
• Apply policy
• Deploy Patches, scripts,
• hot fixes, service packs, custom applications

17
Autonomics Dramatic Advantage

• Technology Generations ahead of Client/Server
• NTier Technology fits well in the 21st Century
• Agents are Auto Deployable
• Built on and Leverages Microsoft .NET Framework
• XML and Web Services
• Simple to Set up and Use
• Easy Integration into ANY Network of Computing
  Devices, Regardless of Platform or Directory
  Structure

18
ANSA patented modular agent design handles
machine and network resource overhead much
better than conventional agents
19
Results are dramatic, savings are immense

• Our Technology Virtually Eliminates Costly
  Projects and Implementation Cycle
• Software Costs are a Fraction of What Clients
  Expect
• We are about as close to instant ROI as you can
  get

20
CASE STUDY OPENWAVE

• Multiplatform, over 7,000 Desktops and Servers
• Eliminated over 500,000 in Project Cost
• Reduced Software Cost by 300,000
• Less than a Week to Deploy and Operate

21
CASE STUDY Monster.Com

• New Acquisitions, mostly Microsoft
• Project Time A couple of days
• Software Costs Less than 25 of anyone else

22
Importance of N-Tier Architecture

• N-Tier Allows Universal Cross Platform
  Capability
• and Directory Independence

Layer 1 Presentation Layer
ANSA Server
Layer 2 Business Logic
Layer 3 Database Management

• Very Scalable

• Effective Utilization of Network Resources

• Secure

• Flexible Layers
• Over Existing
• Infrastructure

Mac OS X
Linux
Windows 95/98/ME
Windows XP
Windows 2000
Windows NT
Unix/Solaris

• Streamlined and Designed for Multiple
  Applications

Single Agent for Multiple Tasks Patch
Management Asset Management Software
Distribution Anti-Spyware (Q1) Anti-Virus (Q1)
23
ANSA Small to Mid Market Network Integration
Internet
Autonomic-Hosted Global Update Repository
Patch Update via PORT 80
Web Console
Cached Patches
ANSA Server
Communication Network
ANSA Cross-Platfom Agents
LAN, VPN, Dial-up, etc.
24
ANSAs Distributed Architecture for Enterprise
Organizations
ANSA Servers Windows 2000 or 2003 Server, SQL
Server (on one box), IIS .NET Framework
Web-services mgmt. console Single/Multiple
interfaces
Encrypted TCP-IP 128-bit SSL
Cross-Platform ANSA Agent
Server
Workstation
Desktop
Laptop
Linux RedHat Mandrake Slackware
Solaris HP-UX AIX BSD
Windows 98 - 2003
Mac OS X
Bold is Currently Released Platforms
25
Product Roadmap

• Anti-Spyware Deployment and Centralized
  Management Q1
• Virus Scan and Centralized Management Q2
• Port Block and Machine Quarantine Q2
• Configuration Management Q3

26
Contact info

• Pat Sebers
• 408-891-1460
• pat_at_appliednetsec.com
• www.applienetsec.com