Kelly: Welcome to today’s session Anatomy of a Web Attack. Today, we will review an increasingly sophisticated and hostile environment that exists in today's Internet. In the case of those looking to harm your business, you have several things to consider. Our speaker Lee Rothman will walk you through the various types of attacks, the reason we think malware exists through the Web and what you can do to protect your business. Lee Rothman joined Symantec Hosted Services in 2006 as the principal system engineer of North America. Lee joined the engineering team with 10 years of Internet and security experience, specializing in Internetworking. Prior to Symantec Hosted Services, Lee spent several years as a sales engineer for a large integrator and was product marketing manager for a large Fortune 500 company. Lee acts as a product expert in North America and aids the Sales, Product, and Marketing teams. Lee, can you please take us through today’s session?
Today’s agenda is pretty simple. We are going to first go through the business challenges that companies face when it comes to the Web. I’ll then cover some statistics around the Web and how employees are using the Web in your organization. Finally, I will walk through a few examples of how attacks happen through the Internet. Finally, I will give some basic suggestions on how you can solve this problem.
Let’s first explore the business challenge. Disclaimer, Acme is not a real company. In this example, the Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats. As a business, Acme is really looking to solve these four issues. Productivity Offensive Materials Abuse of resources MalwareMost companies now face this challenge and are trying to manage this very real issue. Most companies haven’t really put a security issue in place because the security of the Web has not been an issue (or so they think) in their business. However, if we look at the data we can see some really compelling reasons why security for web should be considered.
Now that we know why they do it, what are the ways in which they get introduced to a company? I’ve put these types of attacks into 5 categoriesBad LinksAdvertisingXSSGumblar Web ServicesLet’s explore these categories in-depth.
Second, IT Managers should consider putting policies in place.
Third, IT Managers should consider monitoring their environments.
Lastly, IT Managers should be sure they have a malware protection place that is effective.
It’s important that we give a special thanks to our malware team in particular Martin Lee from our research and response team. Without his help, this webcast would not be possible.
Anatomy of a Web Attack 1
Agenda Challenges Corporation Face Web Usage Statistics Web Attacks Solving the Problem MessageLabs Services
The Challenge The Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats: Productivity Offensive Materials Abuse of resources Malware
Lots of websites Average 2,465 new malware websites per day.
Web Malware Malware Malicious instructions Browser / JS / Flash / PDF Complete control Victim Bad Guy
Gumblar Lifecycle User visits website with XSS exploit User is forwarded to host serving malware Malware installed (often flash or PDF) Malware steals website logins, forwards to hacker Hacker logs into website, installs XSS exploit
Gumblar Prevalance Up to 60% of all malicious web traffic is Gumblar.
Controlling the web IT Management should first consider controlling the Web; Policy engine includes: Categorised URL database MIME and file type lists Time periods User and group based policies Customizable block messages Controls HTTP and HTTPS
Building the policy No access to travel, leisure and sport between 9am and 5pm No access to sex, guns or drugs No access to streaming audio and video (reduce bandwidth) Only support can download executables
Monitoring access Dashboard – 1 year of high level information Detailed reports up to 6 months of URL and Malware information Customizable reports in PDF format Scheduled reports sent directly to your inbox
Malware Protection Scans HTTP and FTP/HTTP traffic Multiple signature based AV engines Skeptic technology Customizable block messages Converged analysis No noticeable latency
Why use a hosted services over hardware or software?
Why use MessageLabs Services? Best Client and Technical Support Global Support is 24/7/365 & included with the service Support SLA protects your business Always get a live person who speaks your language Dedicated CSM team Best Services Awarding Winning Analyst approved Backed by strongest SLAs
Most Robust Global Infrastructure Incorporating 14 data centers spanning four continents Every data center is scalable and secured to the highest standards Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated 23
Best Service Level Agreements Web Anti-Virus Protection 100% protection from known and unknown email viruses Credit is offered if a client infected by a virus Anti-Virus Protection 100% protection against known viruses Credit is offered if a client infected by a virus Email Archiving Latency Average scanning time of 100% of web content is within 100 milliseconds Credit is offered if latency exceeds 100 milliseconds Virus False Positives 0.0001% FP capture rate Credit is offered if we do not meet this commitment Service Availability 100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95% Spam Capture Rate 99% capture rate (95% for emails containing Asian characters) Credit is offered if we do not meet this commitment Support Service Availability Guarantee 99.9% uptime for archiving network Client may terminate if availability falls below 90% Spam False Positives 0.0003% FP capture rate Credit is offered if we do not meet this commitment Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost Latency Average roundtrip time of 100% of email delivered in less than 60 seconds Credit is offered if latency exceeds 1 minute Delivery 100% delivery guarantee Client may terminate if we do not meet this Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs Credit is offered if we do not meet this commitment Service Availability 100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95%
Best Shared Intelligence Accuracy, Reliability & Performance The automatic sharing of knowledge gained in one protocol across all other protocols underpins MessageLabs Converged Threat Analysis. Security solutions that only focus on a single protocol such as email or web, or those that lack integration at the level of threat detection, may not sufficiently protect your business from malware and spyware designed to slip past single protocol security.