Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.

1. Standardizing and
Strengthening Security
Dima Kumets
dima@opendns.com
Sr. Product Manager
opendns.com/msp
1 CONFIDENTIAL

2. 2 CONFIDENTIAL
GLOBAL
SECURITY
NETWORK
208.67.220.220 208.67.222.222
2% OF INTERNET WORLD-WIDE
23 DATA CENTER LOCATIONS
60B+ QUERIES PER DAY
2,000+ ITSP PARTNERS
ASIA-PACIFIC
EUROPE,
MIDDLE
EAST & AFRICA
AMERICA
S

3. Umbrella for MSPs:
Cloud-delivered security
service for MSPs
3 CONFIDENTIAL

4. DECREASED
COSTS
50-80%
reduction in
malware
cleanup time
4 CONFIDENTIAL
INCREASED
REVENUE
Granular Web
Filter and
cloud service
compliance
IMPROVED
RETENTION
Improved
customer
uptime and
value reports
Security ROI

5. The Evolving
Threatscape
5 CONFIDENTIAL

6. 6 CONFIDENTIAL
Changes in Technology
SaaS
Subscribe to applications
instead of buying and deploying
IaaS
Rent servers and storage
instead of building
CaaS
CyberCrime made easier
with SaaS and IaaS models

7. 7 CONFIDENTIAL
OLD NEW
Hacker Organization
 Centralized
 Build from scratch
 Own servers
 Expensive
 Large targets
Crime Ecosystem
 Distributed
 Buy or hosted
 Specialize in areas
 Cheap
 Smaller targets
Evolution of CyberCrime

8. 8 CONFIDENTIAL
Cybercrime Job Postings
Cybercrime Payment Systems
Cybercrime Marketplaces

9. SMB in the Crosshairs
Decreased Cost Makes SMBs Ideal Targets
9 CONFIDENTIAL
36%
TARGETED
41%
ATTACKS AGAINST
SMBS
18%
2011 2012 2013
PROPORTION OF
BREACHES BY ORG
SIZE
15
x
1x
ORGS
WITH 11-
100
EMPLOYE
ES
ORGS WITH
<11 or >100
EMPLOYEE
S

10. How SMBs Are Being
Targeted: Infection
Vectors
10 CONFIDENTIAL

11. Emails Are Targeting SMBs
11 CONFIDENTIAL
GOAL
Trick SMB into
opening link or
attachment

12. Exploits Kit/Drive By Download Explosion
12 CONFIDENTIAL
GOAL
Breach
browser to
push and
executable

13. Exploit Kits Are Getting Better
13 CONFIDENTIAL

14. Exploits Kit/Drive By Download Explosion
Explosion in Kits Available
14 CONFIDENTIAL

15. Malvertising on the Rise
How do they work? Attn: NYTimes.com
1. Set up a website with
exploit kit
2. Run an ad on Yahoo,
AOL or other ad
network, with legitimate
company creative
3. Ad server redirects
users to exploit kit site
4. User gets infected
15 CONFIDENTIAL
readers: Do not click pop-up
box warning about a
virus -- it’s an unauthorized
ad we are working to
eliminate.
The New York Times
Top websites deliver
CryptoWall
ransomware via
malvertising…
Adam Greenberg
SC Times

16. Malvertising Targeting SMBs
16 CONFIDENTIAL

17. Intermediate step:
Dropper Malware
17 CONFIDENTIAL

18. Increasingly Common Step: Dropper
Increasingly Common Option for Ransomware
1
Bad actor gets a
piece of malware
on computer
18 CONFIDENTIAL
2
Malware sits
quietly and just
phones home;
not the
flashy/noisy
malware
3
Bad actor sells or
rents ability to
infect computer
 Malware phones
home
 Installs main
payload:
Ransomware,
Keylogger, Spambot
Malware that
installs other
malware
4
GOAL
If contract
ends or more
capacity,
install more
malware

19. ANTIVIRUS
19 CONFIDENTIAL

20. Source: krebsonsecurity.com
20 CONFIDENTIAL

21. Malware payload
21 CONFIDENTIAL

22. Keyloggers and
Spyware
22 CONFIDENTIAL

23. 23 CONFIDENTIAL

24. 24 CONFIDENTIAL

25. SMB Bank Account Breaches
25 CONFIDENTIAL
Crystal Lake Elementary School District 47
Amount Stolen: $350,000.00
Media: McHenry County Blog
DKG Enterprises
Amount Stolen: $100,000.00
Media: Krebs On Security
Downeast Energy & Building Supply
Amount Stolen: $150,000.00
Media: Bank Info Security
Little & King LLC
Amount Stolen: $164,000.00
Media: Krebs On Security
Battle Ground Cinema
Amount Stolen: $81,000.00
Media: Krebs On Security
Delray Beach Public Library
Amount Stolen: $160,000.00
Media: Krebs On Security
Brookeland Fresh Water Supply District
Amount Stolen: $35,000.00
Media: Krebs On Security
Spring Hill Independent School District
Amount Stolen: $30,687.00
Media: News-Journal

26. 26 CONFIDENTIAL

27. Ransomware
27 CONFIDENTIAL

28. Ransomware
Evolution
 Fake Anti-Virus
28 CONFIDENTIAL

29. “FBI” Ransomware
Evolution
 Fake Anti-Virus
 FBI Ransomware
– Lock up screen+browser
– Find pornography in history
– If none found, pop-up porn
– Ask for Ransom
29 CONFIDENTIAL
GOAL
Scare user into
paying ransom

30. 30 CONFIDENTIAL

31. 31 CONFIDENTIAL
Your webcam
Image here

32. 32 CONFIDENTIAL

33. 33 CONFIDENTIAL

34. 34 CONFIDENTIAL

35. Malware Payload: Ransomware
35 CONFIDENTIAL
GOAL
Ransom
encrypted data
Evolution
 Fake Anti-Virus
 FBI Ransomware
 Cryptovirus
– CryptoLocker
– PrisonLocker
– HowDecrypt
– CryptorBit
– CryptoDefense
– CryptoWall

36. CryptoVirus workflow
Inbound and outbound communication
1
Infect machine
with early stage
• Email
• Exploit kit
• Malvertising
• Dropper
36 CONFIDENTIAL
2
Phone home to
Command and
Control server to
get encryption
key
3
Encrypt local and
network share data
• May take hours to
days to fully
encrypt
• Makes finding a
clean restore
difficult
Ransom user for
encrypted data
4
GOAL
Ransom user
• Establish
deadline and
threaten
permanent data
loss

37. Signature-based
security evasion
37 CONFIDENTIAL

38. Getting Around Signatures: Crypters
38 CONFIDENTIAL

39. Getting Around Signatures: Crypters
39 CONFIDENTIAL

40. Getting Around Signatures
40 CONFIDENTIAL

41. Test Against Signature Based Tools
 Ensures a bad actor
will be successful
 Allows the bad actor
to create their own
CyberCrime sales
forecasts
41 CONFIDENTIAL

42. Getting Around Signatures: Crypters
42 CONFIDENTIAL

43. “Signature-based tools (antivirus,
firewalls, and intrusion
prevention) are only effective
against 30–50% of current
security threats.”
43 CONFIDENTIAL
IDC
November 2011

44. Strengthening
security beyond
signatures
44 CONFIDENTIAL

45. Security is About Layers
45 CONFIDENTIAL

46. Security Layers and Risk Management
46 CONFIDENTIAL
On-network Off-network/Roaming
EMAIL SECURITY
ENDPOINT AV
FIREWALL
OPENDNS - NETWORK LAYER
SIGNATURELESS SECURITY SERVICE

47. 47 CONFIDENTIAL
PREDICTIVE
INTELLIGENCE
60B+Daily
Requests
Block
Threats
Contain
Infections
Automation

48. PREVENT Malware
 Focus on full infection process
‒ Not just an executable or signature
 Block sites with exploit kits at the network layer
‒ Whether it’s a whole site or an embedded ad
 Prevent connections to malvertising links
‒ The connection after the ad is what matters
 Protect users from phishing
‒ To prevent breaches
 Block malicious links in emails and apps
‒ Because the browser is not the only path of infection
48 CONFIDENTIAL

49. CONTAIN: The New Prevention
Prevent “Phoning home”
 Block “droppers” from getting malware
‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots
 Stop spyware/keyloggers from uploading data
 Prevent ransomware from getting key
 ALERT WITH TICKET IN ConnectWise
‒ Deep API level integration
‒ Infection is contained before user notices
‒ 10 minute clean-up vs 10 hour
49 CONFIDENTIAL

50. Standardizing
Security
50 CONFIDENTIAL

51. “80% of attacks leverage
known vulnerabilities and
configuration management
setting weakness”
51 CONFIDENTIAL
John Streufert
Deputy CIO, US State Department

52. Standardizing Security
Challenges for MSPs
52 CONFIDENTIAL
Anti-virus UTMs + Firewalls
 System performance
 Consistency in
updates and scans
 Platform support
 Application issues
 Multiple Vendors
 Sizing-based
 Network topologies
 Network
Performance

53. UTM and Firewall Performance
Admins are disabling features for Performance
Has your organization turned off
certain firewall functions because they
were impacting network performance?
53 CONFIDENTIAL
Has your organization declined to
enable certain firewall functions to
avoid impacting network performance?
0% 20% 40% 60% 80% 100%
No Don't know Yes
0% 20% 40% 60% 80% 100%
No Don't know Yes
10%
58% 32%
11%
50% 39%

54. We Deliver Worldwide Coverage in Minutes
55 CONFIDENTIAL
208.67.222.222

55. Protect all Devices Connecting
to Customer Networks
56 CONFIDENTIAL
Lightweight Agent with
Automation Policy to Deploy
Deploy in Minutes
CLIENT-A
155.21.1.1/28
CLIENT-B
214.41.3.1/32
CLIENT-C
23.4.2.4/32
208.67.222.222

56. Multi-tenant
Multiple customer organizations under MSP
57 CONFIDENTIAL

57. New Feature: Centralized Management
58 CONFIDENTIAL

58. New Feature: Centralized Management
 Types
– Block page customization
– Security settings
– Content filtering
 Truly linked to customer orgs
– No config files to manage
– Instant changes
 Multiple settings
– Apply to all or Apply to some
– Vertical specific
– Service Level Specific
59 CONFIDENTIAL

59. Centralized Management: Single Pane View
Quickly view and modify settings
60 CONFIDENTIAL

60. ROI in action
Mirus IT saves $100k per year with OpenDNS
61 CONFIDENTIAL

61. Cloud Service
Visibility and Shadow
IT
62 CONFIDENTIAL

62. Problems with Shadow IT
CUSTOMER
Business Risk
 Data leakage
 Compliance
 Inefficient processes
 Security issues
 Hidden costs
63 CONFIDENTIAL
MSP
Service issues
 “Surprise” tickets
 Network issues
 Cloud isn’t backed up
 Time wasted
 Missed Revenue

63. Cloud Services Visibility
64 CONFIDENTIAL

64. Cloud Services Visibility
65 CONFIDENTIAL

65. Signatures and humans
can’t stay ahead of
ADVANCED ATTACKS
Firewalls, UTMs and
VPNs can’t secure
ERODING PERIMETERS
Employees are
deploying Cloud
SSeHrvAicDeOsW w iIthT
66 CONFIDENTIAL

66. 67 CONFIDENTIAL
Easy to Do Business
Monthly Billing Volume Pricing
Multi-tenant
Dashboard
Manage Seats
On-demand
BUSINESS
PRACTICES ALIGNED
WITH MONTHLY
RECURRING
REVENUE MODELS

67. 68 CONFIDENTIAL
Dima Kumets
dima@opendns.com
Booth 214