New Malware Signature Every ½ Second – Is Your AV Keeping Up?
 

New Malware Signature Every ½ Second – Is Your AV Keeping Up?

on

  • 790 views

So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary ...

So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary driver for increasing IT operating expenses, and 58% of them are experiencing more than 25 malware incidents every month.

It’s time to put aside yesterday’s assumptions about malware, and prepare for modern antimalware combat.

In this presentation we’ll look at current malware warfare – and how you can implement defensive strategies to protect your organization. Along the way, we’ll look at some very recent survey results from more than 900 IT professionals – 91% of whom believe AV is ‘very’ or ‘extremely’ important to protecting their network, despite seeing malware incidents continue to rise.

Statistics

Views

Total Views
790
Views on SlideShare
790
Embed Views
0

Actions

Likes
1
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    New Malware Signature Every ½ Second – Is Your AV Keeping Up? New Malware Signature Every ½ Second – Is Your AV Keeping Up? Presentation Transcript

    • The Real World of IT Security – Insight From a Survey of Business Aaron C. Goldberg July 2013
    • Interactivity Tips 1. Ask A Question 2. Download a PDF copy of today’s presentation 3. Social Networking Tools
    • Key Discussion Points • The IT Security landscape • Identifying the concerns • The reliance on Anti-Virus • The barriers to increased levels of IT security
    • About the Survey • How many • When • How was it done
    • Today’s IT Security Landscape • Biggest areas of IT security concern • Threat impact • Protection in use for endpoints • Protection in use for servers
    • Key Concerns for IT Security 0% 5% 10% 15% 20% 25% Operatingsystem layerattacks Applicationlayer attacks USBdeviceattacks Unwantedapplication installation Memory-based attacks Phishing Zero-dayattacks AdvancedPersistent Threats(i.e.using… OTHER Noneoftheabove
    • Impact of Threats Malware Incidents Per Month 0% 10% 20% 30% 40% 50% 60% 70% 5-10 10-20 20-30 30-40 40+
    • Protection In Use At Endpoints 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Applicationcontrol/ whitelistings Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrivesecurity Webfiltering Datalossprevention OTHER Noneoftheabove
    • Protection Installed for Servers 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Application control/whitelisting Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrive(security) Webfiltering Accesscontroltechnologies OTHER Noneoftheabove
    • Focusing on Anti-Virus • Most common security tool • Viruses seem to be the single most prominent threat mentioned in the general press • Developed when viruses were the vast majority of threats, but that’s no longer true • Yet reliance is still there
    • How Important Do You Believe Anti- Virus is to Protect Your Network 0% 10% 20% 30% 40% 50% 60% 70% Extremely important Very important Somewhat important Not very important Not important at all
    • The Barriers to Increased IT Security • This is one aspect of IT where the trade-off of dollars vs. risk is most apparent • The lack of a “finish line” makes it hard to know what investment is enough • Different industries have different needs
    • What Prevents You From Deploying Additional Security Layers 0% 10% 20% 30% 40% 50% 60% Budgetconstraints Laborconstraints Performanceimpacts (Bandwidth/hardware constraints) Ourenvironmentis adequatelyprotected withoutthem Unsure OTHER
    • PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Antivirus: Required but not Sufficient
    • New Threat Landscape
    • New Malware in 2013 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
    • New Malware in 2013 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION 2012 Avg ≈ 2.8M / mo. 2013 YTD Avg ≈ 5.5M / mo.
    • Total Malware Growth 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
    • Total Malware Growth 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION ~50% increase
    • 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION APT / Targeted Attacks Ponemon Research: 2013 State of the Endpoint ISACA Research: Advanced Persistent Threats Are Real » 93.6% feel APTs are a serious threat » 63% think it is only a matter of time » 79% feel this is the largest gap in APT prevention » 1 in 5 have experienced an APT attack 47% 36% 36% 24% 24% 22% 23% 13% Figure 4: IT security risks of most concern since 2010 More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012 Increased use of mobile platforms Advanced persistent threats Intrusion and data loss within a virtual environment 2012 2011 2010 * This choice was not available in all fiscal years *
    • New Threat Landscape The Endpoint is the New Attack Vector 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Browser, Apps and OS all have known vulnerabilities • 2/3 of all apps have known vulnerabilities • Time-to-Patch with change control is long, resulting in a lack of security and visibility Rogue USB • Transport method for injecting malware (e.g., Conficker, Stuxnet) • Easiest and most common means of data loss / theft Virus / Malware • Best capture rate for day one with AV is 33%. After 30 days it is 93% • 70,000 pieces of malware a month remain undetected
    • Safeguarding Your Environment
    • Defense-in-Depth Strategy PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Successful risk mitigation requires a layered defensive strategy which includes: » Patch Management » Configuration Control » Application Whitelisting » Memory Protection » Data Encryption » Port / Device Control » Antivirus Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 23
    • Defense-in-Depth – AV PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Stops “background noise” malware » May detect reused or “hidden “code » Will eventually clean payloads after they are discovered – prevents spreading to less protected machines Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 24
    • Defense-in-Depth – Port / Device Control PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Can prevent unauthorized devices from delivering payloads » Can stop specific file types from being copied to host machines » Stops common delivery vector for evading extensive physical and technical security controls Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 25
    • Defense-in-Depth – Encryption PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Protects data; stops leakage; etc. » Makes lateral data acquisition more difficult for APTs / targeted attacks » Required by almost all regulations Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 26
    • Defense-in-Depth – App Whitelisting PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Extremely effective against zero-day attacks » Stops unknown, targeted malware payloads » Low performance impact on endpoints » Prevents sophisticated memory injection attacks which bypass file system Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 27
    • Defense-in-Depth – Patch / Config Mgmt PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Eliminates the attackable surface area that hackers can target, including OS and 3rd party apps across multiple platforms » Centralizes configuration and enforcement of native desktop firewalls and other security settings Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 28
    • Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Many Consoles Disparate Architecture Many Agents 29
    • Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Solution • Single, Extensible Platform » Reduce the number of endpoint agents, servers, consoles in use » Improve visibility and control over endpoints » Reduce learning curve, free up network resources and improve IT productivity / resources » Leverage existing organizational structures across solutions and reduce data silos Single Console Agile n-Tier Pluggable Architecture Single Promotable Agent 30
    • Overcoming Barriers
    • Tolly Study: Clients 32 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
    • Tolly Study: Servers 33 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
    • True Cost of Malware • Acquisition Costs » Licensing (license cost, maintenance, support) » Installation (HW / SW, roll-out, other) • Operational Costs » System Managemenet » Incident Management (help desk, escalation, re-imaging) » Lost Productivity • Does not include extraordinary costs, such as a data breach Operational (60~80%) Acquistion (20~40%) 34 http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
    • More Information • Free Security Scanner Tools » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx • Think Before You Renew Your AV http://www.lumension.com/rethink-av 35
    • Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com
    • 37 • Download a copy of today’s slides • Provide your feedback! Please complete our survey. • A recorded version of this seminar will be available at www.eSeminarsLive.com • View a calendar of our Upcoming Events Attendee Services