Your SlideShare is downloading. ×

SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES

1,851

Published on

Learn more about Network Security. Defend your networks while streamlining data access - learn more about enterprise-wide integrated network security from HP …

Learn more about Network Security. Defend your networks while streamlining data access - learn more about enterprise-wide integrated network security from HP
.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,851
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SECURITY THREATS, TRENDS ANDPROTECTION IN LESS THAN 30MINUTESRich AgarSolutions Architect, HP Enterprise Security©2010 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
  • 2. Agenda• Teaching you to suck eggs? – Or maybe introducing /reinforcing some information security realities?• The current Threat Landscape – Some examples why its hard to always catch exploits• The value of research• HP Discover• Competition2
  • 3. INFORMATIONSECURITY REALITIES
  • 4. Risk is good…too much risk is badRisk: a threat against a vulnerable asset that could cause harm• Can you identify the risks to your organisation? – What are the key business assets? – What level of risk is acceptable to you organisation?• Where are you at risk?• Gather (well vetted) intelligence• Don’t rely on just one party (vendor/partner/3rd party)• Don’t rely just on technology – Think people, processes and technology4
  • 5. Honesty and openness• Preparation for potential attack, internal and external, requires an honest interpretation of ones state• “Knowing Thyself” therefore is critical in being able to properly assess and apply information• Honest interpretation of intelligence along with the application of knowledge can be powerful catalysts for change5
  • 6. Motivation• Create an environment that encourages honesty• For positive change, motivation is required• Everyone is motivated differently – act accordingly• Being ‘secure’ doesn’t happen overnight• Prioritise to reduce the attack surface• It can take a long time to build a secure environment and only a single breach can lose customer confidence6 HP Confidential
  • 7. Your adversaries are agile, are you? Your adversaries count on:• You having to navigate and negotiate bureaucracy that slows reaction• You having to placate those who may have ‘influence in the absence of understanding’• Your attention being focused on the anticipated and expected• You to have less time than they have, and perhaps even less resource.7
  • 8. THE CURRENTTHREAT LANDSCAPE
  • 9. Adversaries don’t care if you are compliant……In fact they count on it!• Malicious Cyber Actors – Are aware and understand the struggles that enterprises face in striving to achieve compliance• Here is the News… – They don’t care and are counting on it!• New approaches in countering the actions of malicious cyber actors are warranted and necessary• Comprehension of this is key in combating next generation adversaries and threats9
  • 10. Web application security• In the past threats were at the network – firewalls helped, they don’t anymore.• Today attacks are at the client: browser, document reader, web application• In a recent study*: – 73% of respondents hacked at least once in last 2 years – 72% actually TEST less than 10% of their web applications for security • Main reasons given are lack of budget and expertise – 64% don’t think they can actually fix their application vulnerabilities – 68% say their web application security budget is LESS than their coffee budget!• *Ponemon Institute- State of Web Application Security, Feb 2011 10
  • 11. Client Side AttacksAnyone care to guess what this means?($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)Its JavaScript – if that helps?Do you think any of your developers/security people might be able to figure itout?It actually decodes to:window["alert"](1)A benign XSS ‘attack’ in this case that pops up an alert window.11
  • 12. Client side attacksWhat about this one?• mysql.com hack – Sept 2011• Heavily obfuscated Java exploit• Malware files installed and executed• No user intervention• Who would visit mysql.com?12
  • 13. The business of exploitation Infection Rate Estimated Toolkit Prices13
  • 14. You could be for sale! http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-underground-market/14
  • 15. Or your data! http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-underground-market/15
  • 16. THE VALUE OF RESEARCH
  • 17. There is research, and there is research• Most vendors claiming protection don’t research• What this means for you is they have an anti-virus mentality• Signatures of known exploits, detect, possibly prevent• This is ok as an approach, but it does have its drawbacks• Lets use a picture…17
  • 18. Exploit and vulnerability protection Vulnerability False Positives (coarse filter) Exploit B (missed by Exploit A Exploit Filter A) Standard IPS Exploit Filter for Exploit A18
  • 19. Exploit specific filters• An exploit-specific filter detects the shellcode used in an exploit – Could lead to false positives / negatives• Example: The following hex string can be used to detect the MS Blaster worm: – EB19 5E 31 C9 81 E9 89 FF FF FF 81 36 80 BF 32 94 81 EE FC FF FF FF E2 F2 EB 05 E8 E2 FF FF FF 03 53 06 1F 74 57 75 95 80 BF BB 92 7F 89 5A 1A CE B1 DE 7C E1 BE 32• servername becomes shellcode_buffer_overflow• Pros: Simple string match, easy to implement, suitable for weak engines• Cons: Reactive, possible false positives / negatives, blind if exploit modified19
  • 20. Vulnerability specific filters• In EVERY attack, the following must be true to exploit the buffer overflow: – TCP session established to appropriate port (135) – BIND is to the appropriate RPC interface – REQUEST is to appropriate function call (opnum=4) – SERVERNAME parameter must be longer than 32 bytes• This guarantees no false positives and no false negatives• servername becomes servername (max 32 bytes)• Pros: Proactive protection, very precise, hard to evade• Cons: Requires powerful and fast filtering engine20
  • 21. Research means• Broader protection• Faster protection• Accurate protection• Vulnerability research provides: – Protection before exploits exist – Protection before vendors not performing research21
  • 22. Microsoft research by security organisationCompiled from public data available at http://www.microsoft.com/technet/security/current.aspxIncludes all IPS/Firewall vendors with non-zero contributions or appearing in respective Gartner Magic Quadrants in leaders/challengers positions22
  • 23. The INSTANT-ON ENTERPRISE is here.A JOURNEY THROUGH IT INNOVATION29TH NOVEMBER – 1ST DECEMBER VIENNA, AUSTRIAHP Discover is the showcase technology event where you willlearn what it takes to start your Instant-On Enterprise journey.Held annually this event brings the power of people, technologyand ideas together to solve your most difficult enterprise ITchallenges.LEARN MORE and REGISTERhp.com/go/discover
  • 24. FILL IN YOUR FEEDBACK FORMTO ENTER A COMPETITION TO WIN AN HP TOUCHPAD !!
  • 25. WE LOOK FORWARD TO SEEING YOU IN THE HP EXPERIENCE LOUNGE! THANK YOU.
  • 26. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  • 27. THE WHOLETECHNOLOGY STACKfrom start to finish
  • 28. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  • 29. VIDEOYour source of live information – all the presentations from our live events
  • 30. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  • 31. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  • 32. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  • 33. ALL FREE TO ACCESS 24/7
  • 34. online.ipexpo.co.uk

×