Everything You Need to Know about Ivanti Security Controls

April 24, 2019

David Murray | Product Manager for Endpoint Security | Ivanti

Sara Otremba | Product Manager | Ivanti

Jason Everson | Senior Product Manager | Ivanti

Ivanti Security Controls brings together best-in-breed solutions from across the Ivanti security portfolio.

Join this webinar to learn about the patch management, privilege management, application control, and browser control features available in Ivanti Security Controls 2019.1 and discover what’s coming next.


Erica: Hi everyone. Welcome to the webinar today. We are going to get started. Just before, I wanted to let you all know, we are recording this session. So if you have to leave during part of it or want to review any of it again, we'll send you both the slide deck and of the recording of the session. Usually, sometime tomorrow is when that goes out. So you can expect then. It will also be posted on our website on the webinar's page. And so with that let's get started into our session, "Everything You Need to Know About Ivanti Security Controls." So over to you, Dave.

David: Thanks, Erica. So, hi folks. My name is David Murray, and I'm Product Manager for Ivanti Security Controls. I've been with the Ivanti for just coming up on 10 years at this stage. And with me on the call today, I got Sara Otremba, who is a Product Manager for All Things Patch at Ivanti, and also Jason Everson, who's responsible for Application Control. So I'll start working my way through the presentation. If you've got questions, as we go along, please do submit those via the chat. And we'll get to those as we proceed through or, if not, we'll pick them up at the end of the presentation.

Okay. Everything you need to know about Ivanti Security Controls or at least some of the things that you need to know about Ivanti Security Controls. Everything will probably take more than the time we've got here today. Let's start out with what is Ivanti Security Controls? So, what we're trying to do with Ivanti Security Controls is to bring together the best-in-breed from across our portfolio.

We've been Ivanti for just over a couple of years at this stage. And as Ivanti evolved over the years through the various names that we adopted along the way, we've picked up quite a lot of different security technologies. And, you know, one of the challenges we've had, of course, is that those technologies have been distributed in different areas, in different products, different former companies. And what we're doing with Ivanti Security Controls is trying to pick the best of those, and bring those together into a single platform.

So as I said on the slide, building on decades of market experience, we're trying to I guess deliver on a few different goals with Ivanti Security Controls. The first of these was to deliver a defense in-depth security solution. So, that shouldn't be a surprise to anybody. I think we all know that to deliver an effective security solution, there's no one single technology that's going to protect you against all of the bad stuff that's out there.

So, you know, we've got lots of great security technologies but no one of them on their own is going to be enough. So, what [inaudible 00:03:22] Ivanti Security Controls provides is a layered modular defense in-depth security suite to provide a solid baseline protecting against security threats.

As we sought to identify our best-in-breed solutions, we started to ask ourselves a question, "Which our technologies is best-in-breed," because we did have similar technologies in different areas. One of the aspects that we really considered is around workflow. You know, there really is no point to having a really cool security technology if nobody can actually use it. So part of our decision process and criteria we used to determine which of our solutions was truly best-in-breed was to figure out which of these solutions has a workflow that our customers can actually use. So, a simplified workflow and automation being a big part of that as well, automated security process to reduce the burden on system administrators, and also improving response time. So, we all know, you know, that there's a huge burden being placed on our security teams, on our operations teams, and anything we can do to simplified us to help automate that is gonna help you do your job.

And last but not least, security without adversely impacting user or business productivity. So, I think we all know that one of the quickest ways to get a security solution removed is if it does significantly impact on either user productivity or business productivity. So, if we're slowing the user down or stopping them doing their job or stopping the business from being productive, that security solution will get removed. So that was what we were trying to achieve with Ivanti Security Controls in terms of our goals and thought process as we brought it together.

One of the, I guess, frameworks that we message to quite a lot is the Center for Internet Security and their critical security controls. So, the Center for Internet Security has total of 20 different security controls. But the first five are seen as the fast five or the basic layers that you need to implement in order to provide an effective security solution.

What we like about the critical security controls is that they're implemented in a [inaudible 00:06:12] fashion. So, the message really from the Center for Internet Security is if you want to provide an effective defense, what you need to do is start at the top and work your way down. So these top five, starting from the top, the first one is inventory and control of hardware assets. So, if I don't know what I've got in my environment, I can't really secure it. So, the first step is let's identify everything that's out there and start to control that.

Once I know all of my hardware assets, the next step then is to understand what software is running on those. Is that software that I I want to have running in my environment? Does this software have vulnerabilities, image, and so on? So, at this stage, at the second step, we're starting to introduce technologies like application control to actually control those software assets.

As mentioned, there is poential that those software applications will have vulnerabilities on there. So, we need to conduct continuous vulnerability assessments and remediation to ensure that we don't have any vulnerabilities that can be exploited.

After that, then the fourth step is controlled use of administrative privileges. So, we all know that it's a good idea not to have users as administrators on their systems because if there are administrators on their endpoints, they can introduce malware. And if malware actors get onto systems with administrative level privileges, they can navigate around the system a lot more easily, and get to systems that have really valuable information on there.

And last of the five then is secure configuration. So standard secure configuration practices, locking down ports, etc., and technologies like device control, they come into play here as well. So the reason I include this slide is as part of developing our security strategy, we very much aligned Ivanti Security Controls with the critical security controls from the Center for Internet Security.

So what does Ivanti Security Controls include? So we've just introduced the first release of Ivanti Security Controls, 2019.1 release, back at the beginning of March just at the [inaudible 00:08:54] conference in San Francisco. And what it includes is it includes everything from our Ivanti Patch for Windows solution, which many of you may well be familiar with. This has been a market-leading patching solution from the Shavlik heritage. So, it includes everything from Ivanti Patch for Windows. Effectively, Ivanti Security Controls is the next release of Ivanti Patch for Windows. We have taken that Patch for Windows platform and built other technologies into that.

One of those is Linux patching. So, from the software or dimension heritage, we have a lot of cross-platform patching capabilities, and we started out in 2019.1 by including Red Hat Linux patching in Ivanti Security Controls. In addition to that, we've included a couple of new patching features, one of those CVE-to-Patch, and the second one, REST APIs. Sara is gonna talk about those in just a couple of minutes.

So, a pretty strong evolution of our patching capabilities, building on top of Patch for Windows. But in addition to that, within 2019.1, we've also taken application control and privilege management from our AppSense heritage, our App-Sense Application Manager solution, and we've taken both of the capabilities from there and we've integrated them with patching technology in Ivanti Security Controls.

So, just to show you kind of picture tells a thousand words, on the left-hand side here, anybody who's familiar with our existing Patch for Windows solution, this is the console that we have currently for that. And the right-hand side, Ivanti Application Control powered by AppSense. So then Ivanti Security Controls, we've now brought two of these solutions together.

So, you can see here on the homepage, we've refreshed it quite a bit. But you can see both patch management and application control represented on the homepage. And over here on the left-hand side, I'm showing the Linux patch configuration, so, showing effectively all of the new capabilities here available and accessible on the homepage.

Towards the end of the call, I will go through a brief demo of some of the capabilities in here as well so you get to see those. Okay. So, with that, I'm gonna pass it over to Sara just to talk about some of the new capabilities from a patch perspective.

Sara: Thanks, David. So I'm gonna talk about some of the new capabilities that are in the Ivanti Security Controls product in the 2019.1 release, one of those being the Linux Patch Support for Red Hats. We now support Red Hat Linux Version 6 and 7 as in OS platform for patching. The experience within the UI is very similar to Windows from an agent perspective. So from the Red Hat Patching perspective, we support agents on the endpoints and the same process that you follow for Windows with scan and deployment at the patch applies for those as well. And no separate licensing is needed to support the Linux Red Hat OSs. Those just apply like any additional machine that takes up a seat based on whether or not it has an agent installed.

In the next release that we're going to be releasing, we will have updates to some reporting capabilities as well as some additional canned reports for multi-platform support. We'll also be adding in the support for CentOS. And in the future, we will be adding in support for MacOS SUSE and we'll look at other Linux platforms as they kind of rise to the top of the priority list. Next slide.

David: Yeah. So I guess important points to make as well, Sara is, you know, with the first release of Ivanti Security Controls 2019.1 we've introduced Red Hat, but what we do have other [inaudible 00:13:45] this that we will be supporting as we move through the year. I think as well as just highlighting that point that maintaining the Windows experience, we've obviously got a lot of experience over the years patching Windows systems. So, you know, all of our existing customers obviously are familiar with that. It's a tried and tested workflow. So, it was very important to us as we introduced Linux that we maintain that consistent experience, so that both existing customers and new customers could actually adopt it quite easily.

Sara: Another feature that we have in the latest release is something that we call CVE-to-Patch. So if you think about vulnerability vendors and having scans that go across various environments and produce a list of vulnerabilities that can be hundreds of pages long, this new feature in the product, what it does is, it allows you to import a file that contains CVEs in it. And it does a link between the CVEs and any patches found within our metadata or patch content that we have within the application.

This applies for both Windows as well as Linux, the OSs that we currently support. And what this does is it automatically looks at the file and extracts the CVEs out and does a match with the patches that are found to be associated with those CVEs. Any CVEs that it doesn't find an associated match with, it'll provide it in a list so that that can be output and used to do additional research. And with this, you can create a patch group that's associated with the patches associated with the CVEs and then scan and deploy those patches and basically have a way of outputting to your operations and security team the effective installation and remediation of those vulnerabilities.

So, one of the things that we've seen through talking with customers, and as well as some demos that we've done, is you're having situations where take one machine, for example, where you have a vulnerability scan that's run and you have 1,200 vulnerabilities that are reported on that machine. We were able to pull in that file, associate the CVEs to patches, and in the end installed 5 patches and reduced to the vulnerabilities or the CVE count that was associated from that vulnerability vendor down from 1,200 to 20.

So, in that, it really kind of resonates with the amount of time saving that you have from this feature, but it also does that bridging of the gap between security and operations and really helps have an easier workflow, and a way to reduce the noise that occurs between various teams when it comes to identifying and mitigating risk.

David: Yeah. I mean, this is a feature I think we've seen from those when we've presented the roadmap previously. As we were developing Ivanti Security Controls as soon as we got to describing this feature, you know, there was immediate questions on the call. Wow. This is great. When this is going to be available? When can I get this? Because I think the points you've made around the huge time savings, really important. We've seen everything from hours to days of time savings per month because, obviously, this is a repetitive exercise every month.

Sara: Absolutely. Next slide. Okay. And finally, one of the additional adds in this latest release is the REST API functionality. So, previous to this, we supported PowerShell APIs, but now we've added REST API support, which pretty much allows a broader ground for you to use remote commands and be able to access various functions and features within the product.

One of the benefits with the REST API is it allows for broader integration and automation with other products including Ivanti automation, as well as others like Chef and Puppet and, you know, any other kind of automation tool that supports calling REST API commands.

It's also available to support common languages that are used throughout a lot of development organizations. We do provide some detailed code examples to use with the various APIs that are available in this latest release. We support 16 major functional areas in the patch process, and we'll be adding more as future releases come out.

David: Okay. Thanks, Sara. And so at this point, I'm gonna ask Jason Everson to jump on and to talk about Application Control.

Jason: Cheers, David. So Application Control. So, as David alluded earlier, Application Control is really comes from the AppSense history. It's a product that's been around for probably 15 to 20 years now. And as you can see by this kind of screenshot on the screen now, this is what it used to look like. This is what the product looks like now. And what we've done is, in the new product, as we done the integration, we've kept a lot of the similarities for the configuration. So any uses of the old products will find it really...they'll be at home in the new product.

Now, the product contains three main features, kind of Privilege Management, Executable Control, and Browser Control. Privilege Management, I think David has alluded to earlier. This is the control that allows you to set up kind of the management of any privileges for your users. Executable Control, that's associated with allowing or denying certain applications to run. We have a browser control feature. This allows you to do URL redirection. So, if you don't want users to be able to navigate to a particular web page, for example, you can prevent them and allow them to navigate to a page of your choosing.

Worth mentioning about the Event Viewer, we're gonna mention this in a bit more detail probably on the next slide. So, I'll probably skip that one now, and I'll probably skip the other ones as well. They're just there really to show you all the bits and pieces that we've actually included in 2019.1. One of the things to mention is that we have probably completed probably 70% to 80% of the features that are currently in the old Ivanti AC products or the AppSense products. We've still got a little way to go. And in upcoming versions of Security Controls we'll be making a lot of headway on that.

Dave, if you wanna move on. Yeah. So, just to mention on the kind of one of the key features of 2919.1 for Application Control was the Event Viewer. Now, just to give you a complete history of events, so, when certain things occur on an endpoint, for example, like they launch an application or an application is blocked by Application Control, an event is generated. And the data associated with that event is sent back up to a central database. This Event Viewer allows you to query that database and pull out all the events across all your different endpoints.

So, as you can see here, we have different views. The views here allow you to do things to sort by different event types. So, as you can see, here, we've got the 9,000, 9,004, 9,005, and 9,017 different event types. There are plenty more of them than that. I can show you. I don't want to go into too much detail, but just to let you know that you can create different sets of event types for a particular query.

It also allows you to set a time range, specify user or machine to filter the query even further, and it allows you to do saves and save different types of queries. So, you can save a copy of a particular query if you want to come back to a later time, and it allows you to create new queries.

One thing to mention here is the Summary Only chat box. If you tick that, then what tends to happen is you get an aggregated view of your data. So, if you look at the path column, what this does is it aggregates all of the data associated with the path. So, in this particular case, the first row indicates there were actually 15 different raw events with that same path output. And what it does here is it actually aggregates them in terms of the count, so you can see how many events there were. And it also allows you to see how many users were affected, so end users were affected by that particular event.

Great for prioritization. This allows you to go in and prioritize the events. So, you can actually attack or investigate the ones that are affecting most users or causing the most events first. One other one just to mention at the end, there's a little button on the bottom left. So, if you do, you want to export your data and do any further kind of processing on it, there's a facility to do that as well. We can move on, David.

Yeah. So, just to mention a couple of differences between the 2, 2 products at the moment, so in scalability, ISeC or security controls has a kind of upper limit at 10,000 nodes at the moment. We're looking to increase this up in future versions, whereas Ivanti AC doesn't have that limit at the moment.

Licensing. So, from a licensing perspective on security controls, it's an add-on license at the moment. We're looking to make this a full-featured license, so AC can become a standalone product. But at the moment, most of our customers are patch-centric. So, it should be a simple upgrade for those customers that are kind of patch-centric. So, would be good to get your feedback if you're actually looking to...actually you want to use AC only to this product.

And then the last thing is when to adopt security controls or Application Control. So, at the moment, if you only need AC only then it's really an application control. For larger customers, obviously, as I mentioned before, around the 10,000 node mark, you need to use Ivanti Application Control. And there are certain kind of other cases where there are certain key features and could enterprise great features. So these will probably be for customers that have a larger customer base anyway. So, for example, like for multiple admins, VDI support, and change tracking and failover.

David: Okay. Thanks, Jason. So, I guess tkey points on this is where we have two very strong application control solutions right now. So, if you are considering application control, I just want to give you some sense of, you know, which of these you should be looking at over time but yes, Ivanti Security Controls, Application Control will continue to evolve. But right now, there is probably some situations where you may want to consider going with the standalone Ivanti Application Control.

Okay. So, just a couple of other points, first of all on trials. So, if you're interested in trialing the product for new customers, we have something in the product called a keyless trial or in-product trial. And what that allows you to do is just simply download the software installers and you can activate that end-product trial directly. That does include both patch and Application Control. You can see the trial modes icon there on the right-hand side. And that defaults to 50 server seats and a 60-day duration, so a good opportunity to trial the product. And obviously, the patch licenses include support for both Windows and Linux.

If you're an existing Patch for Windows customer or if you already looked at ISeC and are using the patch capability in there, you can also get an additional trial for Application Control. So, there's a page you can go to there and get a trial key sent out, so you can activate the Application Control functionality.

On the order process side, really the key point I wanna make on this slide is we've tried to follow the same approach for our customers over the years in terms of ordering either patch or Application Control. So, from a patching perspective, it's really the same structure as per Patch for Windows, our prestige product from a patching perspective. So we have both server and workstation SKUs. So you just buy many however many servers and workstations that you need to patch.

In the case of Application Control, the model we've had with Ivanti Application Control from the AppSense side are what we call named and concurrent users. So named users is just the user-base licensing. Concurrent users are where you would potentially have systems that would have multiple users using those systems like Kiosks or those types of systems.

I want to talk a little bit about migration. So, you know, as we've developed Ivanti Security Controls, the reason we've developed it is to bring together the best-in-breed from across our portfolio. As I mentioned earlier, as we've got a very strong offering coming together in Ivanti Security Controls with the question we get asked by customers and, you know, some of you on the call, and maybe customers of some of our existing solution, the question they ask is, "Well, what's happening to my current solution? I'm using, you know, Patch for Windows or I'm using EMSS from the software side. What's happening to those solutions?" And the good news is that there's nothing happening or nothing negative happening to those solutions. They continue to have roadmaps of their own. We've actually just released a new version of Heat EMSS or Ivanti Endpoint Security as it's now called.

We're just about to come out with a release of Ivanti Application Control in just a couple of weeks. And I think in the June timeframe, we're coming out with a new release of Ivanti Device and Application Control. So, you know, we have no retirement plans for these platforms, but they continue to have their own roadmaps. However, we do get questions from customers about whether they will be able to migrate to Ivanti Security Controls either now or in the future. And that's really what I wanna cover on this slide.

So, as I said earlier, Ivanti Security Controls is effectively the next release of Ivanti Patch for Windows. So ,we fully expect all of those customers will upgrade to that next release and avail of the new capabilities, at least from a patching perspective, and, you know, possibly from Application Control and privilege management perspective. So, those customers, that's the logical operate or migration path for them.

In the case of Ivanti Endpoint Security or Heat EMSS solution, we actually have a program on your way right now to allow those customers that are using patch and Application Control on the EMSS platform to migrate to Ivanti Security Controls. So, we've actually gone on some communication with those customers and said, "We've now got a solution which has both patch and Application Control. You're already using patch and an Application Control in EMSS. So, if you wanna move, these are your licenses. You can go ahead and move."

Ivanti Security Controls is gonna be the path where we're going to be making the bulk of our investment going forward. It's gonna be where the true innovation is. So we're expecting over time that more and more customers would want to migrate there. So, we're looking to facilitate that.

In the case of Ivanti Application Control, the former AppSense solution, we're not planning any active migration at this point. As Jason pointed out on the earlier slide, you know, we've taken probably, you know, 75%, 80% of the capabilities from Ivanti Application Control, and we've brought them into our [inaudible 00:32:09]. But we've still got a bit more work to do, so, we don't want those customers moving across and starting to miss certain features that they currently have. So, at this point in time, we're not planning any active migrations.

So, Ivanti Security Controls that talks primarily around the patch and Application Control and privilege management feature sets. We do have some other best-in-breed technologies, particularly around device control, but also around antivirus. And over time, we will be adding those capabilities into Ivanti Security Controls. Once we've done that, then some of our other solutions like Ivanti Device and Application Control, we will give the option for those customers to migrate to Ivanti Security Controls, but not at this point because we don't have those capabilities areas.

Okay. Before I go into the demonstration part of it, I just want to kind of switch gears a little bit and talk about something we refer to as the Security Attainment Model. And this is something we've used internally quite a lot over the past couple of years to map out the journey between effectively having no security solutions and getting to Unified IT, that Level 5 at the top.

So, for customers, particularly those customers that are using Ivanti Patch for Windows today, they're going to be at this level to cracking level and what we're trying to do or what we're doing with Ivanti Security Controls is helping customers move up a level on that journey on that security attainment model and adding privilege management to the Application Control.

So, if you're one of those customers, you know, you're already using patching solution, but you're not using either Application Control or privilege management, you know, maybe you've got to a point right now where you recognize that patching alone isn't enough. You know, you've seen frameworks like the critical security controls from the Center for Internet Security, and you can see that you've got some gaps in your security environment.

So, you recognize that there's a need, but maybe in the past, you've already tried Application Control. You've tried privilege management. But you've struggled because maybe you've implemented some solutions that were inflexible or maybe they were immature or maybe you got to a point where you introduced this and you saw some productivity issues or your concerns about that balance and achieving that balance between security and productivity.

So, if you're that person listening on this call, you know, I think we're at a point now where, you know, we do have a solution that definitely you can take a look at again. So, if you do want to move beyond patch, you know, this is the journey as we map it out, and you can slice and dice this in different ways. We're showing the starting point at Ivanti Security Controls Patch or Patch for Windows. So, obviously, if you don't have any of our solutions today, you know, you should, obviously, be patching your operating system and your applications.

The next step on the journey would be reducing or removing local admin rights. After that, zero-day protection with Application Control. You could swap those around and do either or first. And the folks that would journey here are the third step in the journey from patch I'm showing as data loss prevention with device control. Now, right now, that's not a part of Ivanti Security Controls. It's a separate solution called Ivanti Device Control or Ivanti Device and Application Control.

The reason I mention it in this journey is our next step on Ivanti Security Controls, we're going to be adding the device control capability from Ivanti Device Control and bringing that into Ivanti Security Controls. So, if the thing that you're interested in is device control, if you implement that solution, you will have a very easy migration path in the future.

Okay. So, actually Jason, why don't you take us through the next couple of slides just talking about removing the admin rights and Application Control as well.

Jason: Yeah, no problem, David. Yeah. So this slide is really just around illustrating that there are two different approaches to managing kind of the admin rights for your esstate. The first kind of approach is the one that's probably most noted is the one that you remove or change all your kind of admins and make them standard users. And then you use the privilege management products like security controls to them provide elevated privileges for the features that those users are allowed to do.

There is an alternative approach and potentially could be a little bit quicker for some customers. It allows you to kind of restrict the local admins. So instead of to keep the local admins you've got in your estate, but you then start locking them down, so that to actually stop them doing certain features. Either approach is valid, and by Ivanti Security Controls and Ivanti Application control support, both approaches.

David: I think that's quite an important value as part of this solution because, you know, for many customers, when we speak to them about privilege management it's like, "Yeah, I recognize it's a good thing to do to convert my users, the standard users. But I think it's just gonna be too much of a political battle to face." And, you know, the great thing about the solution that we offer is it doesn't really matter. You can start from either end. You can leave them as admin users and you can restrict them or you can convert them to standard users and elevate them and effectively meet in the middle.

Jason: Okay. So this will be about executable control. And what it does is it allows you to protect against the kind of zero-day attacks and your advanced system threats. So, one thing, we've chosen the AppSense kind of historic product over the other AC products that Ivanti currently has. And the reason we've kind of done this is for the management of the product. it's very much simpler than the other products we have. And this is down to really kind of the trusted ownership model.

Now, trusted ownership allows you to block a number of 60 to 70% of the files out that you need to block and manage without having to create rules for them. This greatly simplifies the configurations you need to generate over a traditional kind of whitelisting approach. And what it does is it checks the owner of a Windows file and using that data, it then determines whether the file is trusted or not. And then you can set up a list of the owners that are trusted, so, you can configure that independently.

One other thing that's been introduced with the Event Viewer in security controls, as well, but also a kind of the operational simplic side of things, is the ability to take the Event Data and generate new configuration rules from it simply by dragging and dropping. This isn't in the Application Control products. It's just in security controls.

David: Okay. Thanks, Jason. And I'll just show you a demo of those in just a couple of minutes, so you can see how these work. Okay, so I mentioned device control. So, just to kind of finish up on this piece of it, this is not part of Ivanti Security Controls. This is a separate product right now. But starting from about the middle of this year, we're going to be rolling device control into the product as well. So, that's, hopefully by around the end of this year, you will start to see some of that coming into the product and, you know, into next year will be releasing that as well.

So, what device control allows you to do a couple of things. Really, first of all, it eliminates USB sticks or portable hard drives or kinda CD drives, DVD drives, as an attack vector for malware, so, stopping people introducing malware into the environment by connecting devices. And probably, you know, a more important use case in some respects with the growing legislation in this area is preventing accidental or malicious data loss by removable media. it can do this in a few ways just by simply saying you can't connect at all a USB stick or hard drive or whatever. But we can also allow, so we can restrict, data transfers. You may be allowed to copy from a USB stick but not to or maybe you can copy to a USB stick but only a certain amount of data. We can also enforce data encryption. You can copy to a USB stick, but only if it's encrypted so that we know if it gets lost at least the data won't be compromised.

And we also have a shadowing feature, a bi-directional shadowing feature, so that if you are copying data, if I'm allowing you to copy data to a USB stick, I'll keep a copy or maybe I'll just keep a name depending on the configuration. I'll keep a copy of the file so that if [inaudible 00:42:38] not only do I know it's encrypted, but I also know what was on that USB stick. And that makes conversations with, you know, data protection officers, etc. an awful lot easier.

Okay. Before I move to the demo for this, there is a couple of advertising slides. And the first is we do want to talk to either existing or potential customers about their needs, their use cases in this area. So if you are willing to talk to us, talk to our developers, our product managers, around what it is that you need from your security solution. If our existing security solutions, even if they do meet your needs, we'd like to understand that. We'd like to understand what you're using. If they don't meet your needs, we'd also like to understand that, so we can make them better.

So, you can see the link there on the bottom. We have something we call the Ivanti Insiders Program, which customers can join up. And it gives us an opportunity to reach out and say, "Hey, we're doing some research in this area. We'd like to get some feedback." And people can participate. I think you get points for participating and you can, you know, buy various things with those points over time and so on.

And last advertising slide is next week actually we have our interchange event, Interchange Nashville. So, maybe there's some of you on there that have already signed up for that. If so, we will see you there next week.

With that, I'm going to switch over now and just do a brief demo on Ivanti Security Controls. I'm gonna start here on the endpoints. So this is a Windows 10 endpoints onto which we've introduced Ivanti Security Controls and specifically I'm gonna focus more so on the Application Controls feature set. So, Jason mentions this concept of trusted ownership. So, one of the real advantages of the Application Control solution that we have is we have the ability to introduce restricted modes to lock down endpoints with Application Control without causing, I guess, interference because of the model around trusted ownership.

So, this endpoint here, it's a standard system that's just been imaged and made available to users. So, straight away, even though I'm in a locked down, a restricted mode. with Application Control, I can see that applications that have been installed as part of the imaging process are allowed to run. And the reason that is, is because of the file ownership properties. So, if I look at the ownership file, I can see that the owner in this case is a trusted installer, and that's the reason it's allowed to run.

On the other hand, if I take a copy of this file, and I paste it to the desktop, which is, you know, effectively the same as taking it down from the internet, and I try and run this file, in this case, it's going to be blocked. And the reason for that, again, when I look at the ownership of it, it will show me that the ownership of this is no longer with the administrator or with trusted installer. it's now with this user DM test user01. So, because of that very simple rule, it means that any software that's installed by the administrator, installed as part of just an imaging process or a software installation tool is automatically going to be allowed to run. Software that I download from the internet like this putty application, it's going to be blocked.

If I switch over to the console, and here you can see our console, as I said we've got Application Control and patch management on there. So, if I go to my configuration, and I start to look at some of the settings here, so for executable control, I can see I've got some trusted owners defined. So, I've got system administrator as trusted installer. Any software that gets installed by one of these trusted owners is going to be allowed to run.

So, Jason talks as well about the Event Viewer, and what I'm typically going to do is I'm going to go to one of my groups, and I'm going to add exceptions. So, files that have been blocked, I'm going to add those as either allowed or potentially as denied items. So, if we look at events that have been raised and so have come back in the Event Viewer, you can see I'm here. We've got this application putty.exe [SP] that was on the endpoint and was blocked. So, what I can do very simply, and as Jason pointed out, to help us prioritize these we can see the number of times certain applications were blocked, number of users, and that will help us figure out which ones should we tackle first.

So, I can go ahead and I can take this executable file, and simply copy it into the configuration. In this case, I'm just going to go with... You know, I've got number of options like file path, file name, file hash, if I wanted to get very specific. I'm going to go with something very simple. So putty.exe is now an allowed application. You're thinking, "That doesn't look like a very secure rule because putty.exe, I could have any fire called putty.exe. It could be malware, and that wouldn't be very good."

So, what I can do is I can come out and secure that further, which will allow the file to run even if it's not owned by a trusted owner, because I know this file has been installed by the user. But what I got also when I copied this file over is I got the metadata associated with that file. So I can select the Vendor Certificates, Simon Tatham in this case, and verify that certificate at run-time. So any certificate that signs, if this file is signed by this certificate, it will be allowed to run and that makes it quite a secure rule. I can maybe even restrict it further by having an only if it's this product name, for example.

So, once I've done that, I can go ahead and save that down to the endpoint. And once that configuration, that updated configuration, gets down to the endpoint, I'll then be able to execute that file on the endpoints. So, it just takes a few seconds to get down there, and that's now done. So, I go back to my endpoint. Probably it was blocked previously. It is now allowed to run. This notepad file, which was blocked previously, is still blocked.

So, really focused on making it simple out of the box, which was the ownership, you get, you know, 70, 80%, depending on how much drift you've had from that cold image. Now, you get a large percentage of your files automatically allowed, and then very easily using the Event Viewer, you can authorize additional files that get blocked.

One of the other capabilities, which Jason talked about, is the privilege management feature set. So, just to show you briefly how that would work, so if I wanted to go and make certain changes on my system, I'm logged on here as a standard user. So, let's say, if I wanna change, you know, date and time, immediately, I'm going to get the user account control popup and ask me to enter administrative credentials. I don't have these and I'm not able to make this change, so maybe date and time isn't something you want to do but there may be certain things on the endpoint that the user needs to be able to do.

So, if you go back to the console and we open up our configuration again, so within the privilege management, we have the ability to add applications that need elevated privileges, which we could do. In this case, we're simply gonna select a component and we're going to add a component and the one I was looking at was date and time. And I'll add that in there, and as it adds it in with built-in elevate capabilities, so I'll save that down to the endpoint. And really what this means is, even though normally changing the date and time would require administrative privileges on the endpoint, when the user goes and tries to activate that function, they will receive elevated privileges just for that function, so, just showing that to you on the endpoint.

So, now I go up and change date and time. It doesn't present me with the USE prompt and ask me for privileges. So, it's effectively as if I'm an administrator. I can go and change the date and time. A very granular solution and I can do that for any of the capabilities that require elevated privileges on the endpoints.

Okay. Just to finish up then, just summary slides on Ivanti Security Controls. At this point, we've included both patch management and Application Control or Application Control and privilege management. So from a project management perspective, you know, if you're a current Patch for Windows customer you now have the option to expand to include Linux Patching. If you're just looking for a cross-platform patching solution, we support Patch for Windows and Red Hat in 2019.1. As Sara mentioned, we're going to be adding other operating systems throughout the year.

Definitely, don't forget about the CVE-to-Patch. If you like [inaudible 00:53:18], we've seen a lot of customer interest in those and they really help, you know, simplify, reduce the efforts of automation. From an Application Control and privilege management perspective, providing the ability to move higher up that security attainment model, so adding Application Control and privilege management to patch and help building that solid security foundation.

Okay. That's everything I've got to present today. So Erica, I will stop there, in case there's any questions. I haven't seen anything coming here in the chat, but I can't see the chat window as I'm presenting right now.

Erica: So, it looks like a lot of the questions they are being answered during the session. Sara and Jason, were there any that you specifically wanted to touch on?

Sara: I don't think so, other than if anybody...because I had gotten a few questions from it looks like customers that have one of the former Heat products. And so, I have been getting some questions about the ability to migrate to Ivanti Security Controls. And so the answer was yes, and we're in the process of sending out emails to customers that we've identified as being on the, what has been called the Ivanti Heat PatchLink product, which is really the patching part of EMSS. And we're sending out emails to those customers with license keys to basically migrate to Ivanti Security Controls.

David: Yeah. We were doing that in kind of waves. We haven't, you know, contacted all of our customers in one go because of I guess a fear of being flooded with a whole bunch of requests continuously. So there is a roll-out process here and it will probably be a couple of months for, you know, some customers to be contacted. However, if it is a thing that you're interested in even looking at the Ivanti Security Controls or migrating to Ivanti Security Controls, you can reach out and contact us. And we have the ability to generate license keys if you want to go earlier than, you know, ahead of us contacting you.

Erica: Okay, great. Well, other than that I'm not seeing any other new questions. So I think we're good to end the session. So, thank you everyone for joining us and reach out, if you have any other questions. We will send the recording sometime tomorrow. So, have a great day, everyone.