Raportul Cisco de securitate pentru anul 2014
Upcoming SlideShare
Loading in...5
×
 

Raportul Cisco de securitate pentru anul 2014

on

  • 247 views

 

Statistics

Views

Total Views
247
Views on SlideShare
232
Embed Views
15

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 15

http://www.agora.ro 15

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • How is the Cisco Annual Security Report created?SIO – Cisco Security Intelligence OperationCisco plays a critical role in evaluating threats, given the prevalence of its solutions andthe breadth of its security intelligence:• 16 billion web requests are inspected every day through Cisco Cloud Web Security• 93 billion emails are inspected every day by Cisco’s hosted email solution• 200,000 IP addresses are evaluated daily• 400,000 malware samples are evaluated daily• 33 million endpoint files are evaluated every day by FireAMP• 28 million network connects are evaluated every day by FireAMP
  • Overall vulnerabilities and threatsreached the highest level since initial tracking began in May 2000. As of Oct. 2013, cumulative annual alert totals increased 14 percent year-over-year from 2012.Breaking news Spam: The links directed recipients to webpages that included links to real news stories or videos—but also malicious iframes designed to infect the visitors’ computers. At its peak, spam related to the Boston Marathon bombing made up 40 percent of all spam messages delivered worldwide on April 17, 2013. Of a sample of 30 of the world’s largest multinational companies, the researchers found that all of their networks generated visitor traffic to Web sites that host malware. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.  Distributed Denial of Service (DDoS) attacks—which disrupt traffic to and from targeted websites and can paralyze ISPs—have increased in both volume and severity. Some DDoS attacks seek to conceal other nefarious activity, such as wire fraud before, during or after a noisy and distracting DDoS campaign.  Multipurpose Trojans counted as the most frequently encounteredweb-delivered malware, at 27 percent of total encounters in 2013. Malicious scripts, such as exploits and iframes, formed the second most frequently encountered category at 23 percent. Data theft Trojans such as password stealers and backdoors made up 22 percent of total web malware encounters. The steady decline in unique malware hosts and IP addresses—down 30 percent between Jan. 2013 and Sept. 2013—suggests that malware is being concentrated in fewer hosts and fewer IP addresses. Java continues to be the most frequently exploitedprogramming language targeted by online criminals.Data from Sourcefire, now a part of Cisco, shows that Java exploits make up the vast majority (91 percent) of Indicators of Compromise (IOCs). Ninety-nine percent of all mobile malwaretargeted Android devices. At 43.8 percent, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official marketplaces. Specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry—formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.
  • Expert shortage:Driven by trends such as cloud, mobility – any device can be an entry point for attacksCloud is unstoppable - Cisco has projected that cloud network traffic will grow more than threefold by 2017.Security organizations also need data scientistsIn 2014 and onward, security professionals can expect to see entire corporate perimeters move to the cloud. These network edges have been in the process of becoming far less well-defined in recent years. But with so many applications and so much data in the cloud, organizations are rapidly losing the ability to see who and what is moving in and out of corporate boundaries, and what actions users are taking.This transition to the cloud changes the game because it redefines where data is stored, moved, and accessed—and creates greater opportunities for attackers
  • According to a Cisco examination of threat intelligence trends, malicious traffic is visible on 100 percent of corporate networks: That is, there is evidence that sophisticated criminals or other players have penetrated these networks and may be operating undetected over long periods of time.  In a recent project reviewing DNS lookups originating from inside corporate networks, Cisco threat intelligence experts found that in every case, organizations showed evidence that their networks had been misused or compromised. For example, 100 percent of the business networks analyzed by Cisco had traffic going to websites that host malware, while 92 percent show traffic to webpages without content, which typically host malicious activity. Ninety-six percent of the networks reviewed showed traffic to hijacked servers.
  • Data from Sourcefire also shows that Java exploits make up the vast majority (91 percent) of indicators of compromise (IoCs) that are monitored by Sourcefire’sFireAMP solution for advanced malware analysis and protection. For threats such as Java exploits, the most significant issues facing security practitioners are how malware enters their network environment and where they should focus their efforts to minimize infection. Individual actions may not appear malicious, but following a chain of events can shed light on the malware story. “Chaining events” is the ability to conduct a retrospective analysis on data that connects the path taken by malicious actors to bypass perimeter security and infiltrate the network. By themselves, IoCs may demonstrate that going to a given website is safe. In turn, the launch of Java may be a safe action, as may be the launch of an executable file. However, an organization is at risk if a user visits a website with an iframe injection, which then launches Java; Java then downloads an executable file, and that file runs malicious actions.  The ubiquity of Java keeps it high on the list of favored tools for criminals, which makes Java compromises by far the most malicious “chain of events” activity” in 2013.Java provides an attack surface that is too big for criminals to ignore. They tend to buildsolutions that run exploits in order—for instance, they first attempt to breach a network orsteal data using the easiest or best-known vulnerability before moving on to other methods.In most cases, Java is the exploit that criminals choose first, since it delivers the best returnon investment.there are methods for reducing their impact:• Where practical, disabling Java in browsers network-wide can prevent these exploitsfrom being launched.• Telemetry tools like Cisco NetFlow, built in to many security solutions, can monitorJava-associated traffic, giving security professionals a better understanding of thesources of threats.• Comprehensive patch management can close many security holes.• Endpoint monitoring and analysis tools that continue to track and analyze files after they enterthe network can retrospectively detect and stop threats that pass through as safe but laterexhibit malicious behavior.• A prioritized list of potentially compromised devices can be generated by using IoCs tocorrelate malware intelligence (even seemingly benign events) and to identify a zero-dayinfection without existing antivirus signatures.Upgrading to the latest version of Java will also help sidestep vulnerabilities
  • Only 1.2% of Web malware is on mobile. But is rapidly emerging.
  • Companies in high-profit verticals, such as the pharmaceutical and chemical industry and electronics manufacturing, have high rates of web malware encounters, according to Cisco TRAC and SIO research. The rate goes up or down as the value of a particular vertical’s goods and services rises or declines.In 2013, Cisco TRAC and SIO researchers observed remarkable growth in malware encounters for the agriculture and mining industry—formerly a relatively low-risk sector. They attribute the increase in malware encounters for this industry to cybercriminals seizing on trends such as decreasing precious metal resources and weather-related disruptions in the food supply.Also continuing to rise are malware encounters in the energy, oil, and gas industry. Cisco security experts report that malware targeting this vertical typically is designed to help actors gain access to intellectual property, which they in turn use for competitive advantage or sell to the highest bidder.
  • In order to deal with their biggest challenges, customers need a more simple, scalable and threat-focused model – the key for any model is to ensure visibility across the entire attack continuum, while delivering simplicity and scale. And that it is holistic in nature - addressing security before during and after attacks. BEFORE AN ATTACK: Customers need to know what they are defending….YOU NEED TO KNOW WHATS ON YOUR NETWORK TO BE ABLE TO DEFEND IT – DEVICES / OS / SERVICES / APPLICATIONS / USERSThey need to IMPLEMENT ACCESS CONTROLS, ENFORCE POLICY AND BLOCK APPLICATIONS AND OVERALL ACCESS TO ASSETS.HOWEVER POLICY AND CONTROLS ARE A SMALL PIECE OF WHAT NEEDS TO HAPPEN. THEY MAY REDUCE THE SURFACE AREA OF ATTACK, BUT THERE WILL STILL BE HOLES THAT THE BAD GUYS WILL FIND. ATTACKERS DO NOT DISCRIMINATE. THEY WILL FIND ANY GAP IN DEFENSES AND EXPLOIT IT TO ACHIEVE THEIR OBJECTIVE.DURING THE ATTACK:MUST HAVE THE BEST DETECTION OF THREATS THAT YOU CAN GETONCE WE DETECT ATTACKS, WE CAN BLOCK THEM AND DEFEND the ENVIRONMENTAFTER THE ATTACK:INVARIABLY ATTACKS WILL BE SUCCESSFUL, AND Customers NEED TO BE ABLE TO DETERMINE THE SCOPE OF THE DAMAGE, CONTAIN THE EVENT, REMEDIATE, AND BRING OPERATIONS BACK TO NORMALALSO NEED TO ADDRESS A BROAD RANGE OF ATTACK VECTORS, WITH SOLUTIONS THAT OPERATE EVERYWHERE THE THREAT CAN MANIFEST ITSELF – ON THE NETWORK, ENDPOINT, MOBILE DEVICES, VIRTUAL ENVIRONMENTS. WITH TODAY’S THREAT LANDSCAPE FULL OF ADVANCED MALWARE AND ZERO DAY ATTACKS POINT IN TIME TECHNOLOGIES ALONE DO NOT WORK – IT ONLY ADDS TO THE COMPLEXITY PROBLEM, CREATES SECURITY GAPS – NOT TO MENTION MAKING IT MUCH HARDER TO SCALE IN LINE WITH TODAY’S NEW AND CHANGING BUSINESS MODELS.

Raportul Cisco de securitate pentru anul 2014 Raportul Cisco de securitate pentru anul 2014 Presentation Transcript

  • Dorin Pena Manager General Cisco România © 2010 Cisco and/or its affiliates. All rights reserved. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  • 1. Vulnerabilitățile și amenințările au atins atins în 2013 un nivel record 2. Volumul de spam a scăzut, însă spam-ul trimis în scop malițios reprezintă în continuare o amenințare 3. Aproape toate companiile mari au servit drept țintă pentru traficul de conținut malițios 4. Atacurile DDoS au crescut atât ca volum, cât și ca grad de severitate 5. Troienii multipurpose au reprezentat cea mai întâlnită formă de malware distribuită pe Web 6. Java rămâne limbajul de programare cel mai exploatat 7. 99% din malware pe mobile a avut ca țintă dispozitivele Android 8. Domenii cu expunere redusă la risc au devenit ținta atacurilor cu malware (ex. agricultura și mineritul) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • • Zonă crescută de expunere la atacuri “Unde păstrăm datele critice?” “Cum putem crea un mediu securizat pentru a proteja aceste date, în special în contextul apariției unor noi modele de business bazate pe cloud computing și mobilitate și care ne oferă opțiuni limitate de control?” • Modelurile de atac sunt tot mai numeroase și mai sofisticate – criminalitate cibernetică este o afacere • Complexitatea amenințărilor și a soluțiilor Soluțiile punctuale nu pot răspunde multitudinii de strategii și tehnologii utilizate de coordonatorii atacurilor informatice. Integrarea securității de la nivelul infrastructurii rețelei • Deficit de personal de peste un milion de specialiști de securitate la nivel global © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • Indicatori de Compromis © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  • Răspândirea atacurilor malware în 2013 și gradul de risc pentru industrie © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  • • Există câteva verticale industriale în România identificate ca ținte cu grad ridicat de risc pentru atacurile de securitate • Deficit de profesioniști în domeniul securității informatice • Creștere a volumului de activitate în spațiul cibernetic • Eforturi tot mai numeroase pentru conștientizarea importanței securității © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • Noul model de securitate Proces de atac ÎNAINTE ÎN TIMPUL DUPĂ Discover Enforce Harden Detect Block Defend Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • Thank you.