Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
2. 2 CONFIDENTIAL
GLOBAL
SECURITY
NETWORK
208.67.220.220 208.67.222.222
2% OF INTERNET WORLD-WIDE
23 DATA CENTER LOCATIONS
60B+ QUERIES PER DAY
2,000+ ITSP PARTNERS
ASIA-PACIFIC
EUROPE,
MIDDLE
EAST & AFRICA
AMERICA
S
3. Umbrella for MSPs:
Cloud-delivered security
service for MSPs
3 CONFIDENTIAL
4. DECREASED
COSTS
50-80%
reduction in
malware
cleanup time
4 CONFIDENTIAL
INCREASED
REVENUE
Granular Web
Filter and
cloud service
compliance
IMPROVED
RETENTION
Improved
customer
uptime and
value reports
Security ROI
6. 6 CONFIDENTIAL
Changes in Technology
SaaS
Subscribe to applications
instead of buying and deploying
IaaS
Rent servers and storage
instead of building
CaaS
CyberCrime made easier
with SaaS and IaaS models
7. 7 CONFIDENTIAL
OLD NEW
Hacker Organization
Centralized
Build from scratch
Own servers
Expensive
Large targets
Crime Ecosystem
Distributed
Buy or hosted
Specialize in areas
Cheap
Smaller targets
Evolution of CyberCrime
9. SMB in the Crosshairs
Decreased Cost Makes SMBs Ideal Targets
9 CONFIDENTIAL
36%
TARGETED
41%
ATTACKS AGAINST
SMBS
18%
2011 2012 2013
PROPORTION OF
BREACHES BY ORG
SIZE
15
x
1x
ORGS
WITH 11-
100
EMPLOYE
ES
ORGS WITH
<11 or >100
EMPLOYEE
S
10. How SMBs Are Being
Targeted: Infection
Vectors
10 CONFIDENTIAL
11. Emails Are Targeting SMBs
11 CONFIDENTIAL
GOAL
Trick SMB into
opening link or
attachment
12. Exploits Kit/Drive By Download Explosion
12 CONFIDENTIAL
GOAL
Breach
browser to
push and
executable
14. Exploits Kit/Drive By Download Explosion
Explosion in Kits Available
14 CONFIDENTIAL
15. Malvertising on the Rise
How do they work? Attn: NYTimes.com
1. Set up a website with
exploit kit
2. Run an ad on Yahoo,
AOL or other ad
network, with legitimate
company creative
3. Ad server redirects
users to exploit kit site
4. User gets infected
15 CONFIDENTIAL
readers: Do not click pop-up
box warning about a
virus -- it’s an unauthorized
ad we are working to
eliminate.
The New York Times
Top websites deliver
CryptoWall
ransomware via
malvertising…
Adam Greenberg
SC Times
18. Increasingly Common Step: Dropper
Increasingly Common Option for Ransomware
1
Bad actor gets a
piece of malware
on computer
18 CONFIDENTIAL
2
Malware sits
quietly and just
phones home;
not the
flashy/noisy
malware
3
Bad actor sells or
rents ability to
infect computer
Malware phones
home
Installs main
payload:
Ransomware,
Keylogger, Spambot
Malware that
installs other
malware
4
GOAL
If contract
ends or more
capacity,
install more
malware
25. SMB Bank Account Breaches
25 CONFIDENTIAL
Crystal Lake Elementary School District 47
Amount Stolen: $350,000.00
Media: McHenry County Blog
DKG Enterprises
Amount Stolen: $100,000.00
Media: Krebs On Security
Downeast Energy & Building Supply
Amount Stolen: $150,000.00
Media: Bank Info Security
Little & King LLC
Amount Stolen: $164,000.00
Media: Krebs On Security
Battle Ground Cinema
Amount Stolen: $81,000.00
Media: Krebs On Security
Delray Beach Public Library
Amount Stolen: $160,000.00
Media: Krebs On Security
Brookeland Fresh Water Supply District
Amount Stolen: $35,000.00
Media: Krebs On Security
Spring Hill Independent School District
Amount Stolen: $30,687.00
Media: News-Journal
36. CryptoVirus workflow
Inbound and outbound communication
1
Infect machine
with early stage
• Email
• Exploit kit
• Malvertising
• Dropper
36 CONFIDENTIAL
2
Phone home to
Command and
Control server to
get encryption
key
3
Encrypt local and
network share data
• May take hours to
days to fully
encrypt
• Makes finding a
clean restore
difficult
Ransom user for
encrypted data
4
GOAL
Ransom user
• Establish
deadline and
threaten
permanent data
loss
41. Test Against Signature Based Tools
Ensures a bad actor
will be successful
Allows the bad actor
to create their own
CyberCrime sales
forecasts
41 CONFIDENTIAL
43. “Signature-based tools (antivirus,
firewalls, and intrusion
prevention) are only effective
against 30–50% of current
security threats.”
43 CONFIDENTIAL
IDC
November 2011
48. PREVENT Malware
Focus on full infection process
‒ Not just an executable or signature
Block sites with exploit kits at the network layer
‒ Whether it’s a whole site or an embedded ad
Prevent connections to malvertising links
‒ The connection after the ad is what matters
Protect users from phishing
‒ To prevent breaches
Block malicious links in emails and apps
‒ Because the browser is not the only path of infection
48 CONFIDENTIAL
49. CONTAIN: The New Prevention
Prevent “Phoning home”
Block “droppers” from getting malware
‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots
Stop spyware/keyloggers from uploading data
Prevent ransomware from getting key
ALERT WITH TICKET IN ConnectWise
‒ Deep API level integration
‒ Infection is contained before user notices
‒ 10 minute clean-up vs 10 hour
49 CONFIDENTIAL
51. “80% of attacks leverage
known vulnerabilities and
configuration management
setting weakness”
51 CONFIDENTIAL
John Streufert
Deputy CIO, US State Department
52. Standardizing Security
Challenges for MSPs
52 CONFIDENTIAL
Anti-virus UTMs + Firewalls
System performance
Consistency in
updates and scans
Platform support
Application issues
Multiple Vendors
Sizing-based
Network topologies
Network
Performance
53. UTM and Firewall Performance
Admins are disabling features for Performance
Has your organization turned off
certain firewall functions because they
were impacting network performance?
53 CONFIDENTIAL
Has your organization declined to
enable certain firewall functions to
avoid impacting network performance?
0% 20% 40% 60% 80% 100%
No Don't know Yes
0% 20% 40% 60% 80% 100%
No Don't know Yes
10%
58% 32%
11%
50% 39%
58. New Feature: Centralized Management
Types
– Block page customization
– Security settings
– Content filtering
Truly linked to customer orgs
– No config files to manage
– Instant changes
Multiple settings
– Apply to all or Apply to some
– Vertical specific
– Service Level Specific
59 CONFIDENTIAL
65. Signatures and humans
can’t stay ahead of
ADVANCED ATTACKS
Firewalls, UTMs and
VPNs can’t secure
ERODING PERIMETERS
Employees are
deploying Cloud
SSeHrvAicDeOsW w iIthT
66 CONFIDENTIAL
66. 67 CONFIDENTIAL
Easy to Do Business
Monthly Billing Volume Pricing
Multi-tenant
Dashboard
Manage Seats
On-demand
BUSINESS
PRACTICES ALIGNED
WITH MONTHLY
RECURRING
REVENUE MODELS