Security @Work
Mathan Kasilingam, CISSP
Principal Solution Architect
2
Four Key Trends
Internet Security Threat
Report, Vol. 17
Malware
Attacks
81% ↑
Targeted
Attacks
Expand
Mobile
Threats
Ex...
3
Security never sleeps
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Systems
Management
Infrastruct...
4
Portrait of a Cyber-Crime
Smith Inc Small company – BIG ideas
5
Attack #1: Port Scan
6
Attack methodology: Company target identifiedThe Hacker – individual, organisation or Government
7
Port Scan – probe for vulnerabilities
Look for an entry
Weak points
Defence alignments
System vulnerabilities
Open doors
8
No entry
Security Incident & Event Management
Threat & Risk
Visibility
Information
Protection
Identity
Protection
System...
9
Attack #2: Social Engineering
10
Company employee target identified
11
Social Engineering
Working
hours
12
Tracking the target
13
Capturing the device
14
No entry
Device Encryption Technology
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Systems
Manag...
15
Attack #3: Spear Phishing
16
Desktop targeted via Malicious email
17
Even if Desktop Protection fails
18
DLP (Data Loss Prevention) can prevent the data from leaving
the network
19
No entry
Data Loss Prevention
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Systems
Management
In...
20
Attack #4:
Buffer Overflow Attack
21
Buffer Overflow Attack
22
Detecting system vulnerabilities and apply patches
Identify areas of concern
23
No entry
Automated Compliance Management Solution
Critical System Protection (Host FW / IPS / Sys
Baseline)
Threat & Ri...
24
Attack #5:
Password Hacking Attack
25
Advanced Persistent Threat
Simon’s mum
Mrs LeeL E E
26
No entry
Identity & Access Management Solution
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Syst...
27
Attack #6: Attacking mobile devices
28
Anti theft – Mobility solutions (Device Management Solution)
29
No entry
Mobile Device Security
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Systems
Management
...
30
Defence against threats
Multiple layers of Security
31
Complete Protection
Security Incident & Event Management
Encryption Technology
Data Loss Prevention
Automated Complianc...
32
Where should you go from here
33
Symantec’s Information-Centric Approach
INFORMATION
Intelligence
Governance
InfrastructureStore
Manage
Dedupe
Protect
R...
34
Stay Informed - Internet Security Threat Report
www.symantec.com/threatreport
Security Response Website
Twitter.com/thr...
Stay Informed
Internet Security Threat Report, Vol. 17
www.symantec.com/threatreport
Security Response Website
Twitter.com...
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered tr...
Upcoming SlideShare
Loading in...5
×

Security threats and countermeasures in daily life - Symantec

559

Published on

Security threats and countermeasures in daily life - Symantec. This walks you through various day-to-day information security threats one person undergoes on daily life and relevant counter-measures offered by Symantec. Find it useful, and shared it!

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
559
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
55
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Cyber Warfare: Symantec Security SolutionsHow to Win the Cyber-warHolistic Security for today’s tough and targeted threats
  • Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection?  Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
  • Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection?  Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
  • Here’s the situation: A company – Smith Inc – is about to be subjected to an Advanced Persistent ThreatWhy? This little company just went global. Smith Inc became multi-national overnight because of their design and production of state-of-the-art drilling equipment. Drilling equipment used for natural resources exploration and extraction. That’s right: Oil. Mining. Fossil Fuels. The hot topics in the global economy. Now they’re a hot company who recently soared to the top of the Fortune 500 based on their success rate with contracts from a number of countries. They have a lot of intellectual property – including patented designs for their drilling equipment, exceptional planning tools for project management and correspondence from places we’ve never even heard of who are rich in natural resources. So no wonder Smith Inc has hit the radar of this group of cybercriminals. Information is currency. Whether they trade it with competitors or influence investors on the Dow Jones or Hang Seng. Their information is worth a lot. And Hackers will stop at nothing to get it.
  • Lets now take a detailed look at the lengths a hacker, individual, organisation or government will go to achieve their goals and gather valuable information.
  • The Hacker, (whether it’s an individual, organisation or government) is out to get Smith Inc. They’ve pressed the Cyber war button and they have decided to use every single imaginative resource they can to access the Smith Inc network – whether to find documentation or correspondence. The won’t stop until they get it.
  • The Port Scan is not the Point-of-Entry, just a reconnaissance mission. It means getting a lay of the land, looking for potential entry points. It’s basically ‘casing the joint’ much as bank robbers would look at a bank, figure out routines, understand where guards are, look where the alarm buttons are, and get an overall feeling for security.
  • Fortunately, Smith Inc uses a solution known as Symantec security information manager. This Symantec Security Information Manager (SSIM) activates as soon as the port scan starts. In real time, it logs all that activities that are happening on the network. Once these port scans start, SSIM recognises that some are coming from bad IPs thanks to our Global Intelligence Network (GIN), directly connected to SSIM in real time.  As a result, these attackers are being tracked by SSIM, showing us a timeline and making sure that we keep an eye on these movements.Note: Sales / Partners to talk about the key benefits of SSIM
  • Attack Stage #2: with the widespread use of social networks, let’s look at how attackers use wily ways to infiltrate the most public of public domains…
  • …starting with one unsuspecting employee: Let’s call him Simon.
  • Simon, like the rest of us, has all his information online, accessible in one way or another.He uses Facebook; online banking; emails from home, work and iPhone, and generally uses e-comms as a way of life. He’s also a senior director at Smith Inc, and has been working on a particular drill design project for almost two years. No wonder the hackers have targeted Simon.
  • From his online activity, hackers have figured out Simon’s schedule: like where he eats lunch, how late he works, even what train he takes going home. So it’s no great surprise when one late night when Simon dozes off on the train home, he wakes up to find his laptop gone.
  • Hackers have his laptop, but when they try to open it, they didn’t expect protection by Symantec’s Encryption Technology, acquired through PGP. Symantec’ Encryption technology ensures no one can break into a laptop and access privileged information.
  • So again, Symantec comes to the rescue with Symantec’s Encryption solution. Personal and business remains secure, useless to the thieves who stole the laptop. Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
  • Do they stop there? No, from their Face Book crawling, they found out Simon has a relative in the US he regularly talks to and sends gifts. So they go Spear Phishing…
  • Spear Phishing makes Simon “the bait” with an email from Western Union (they’ve seen cash gifts made via Western Union) which he will trust and be likely to open.
  • Unfortunately Simon used his office PC to open the email with an attachment – and his desktop is connected to the gateway protected by Third Party protection software. This third party protection software, however, does NOT catch the worm and the worm gets through.  What does this worm do? It opens a back door, giving access to whatever is on Simon’s desktop, including those drill designs and patents the hackers are after.
  • Thankfully, Symantec Data Loss Prevent (DLP) wakes up. DLP is designed to precisely understand what is confidential information. DLP knows where confidential information resides and makes sure it does not leave the network without proper authorization.  The moment Symantec DLP sees complex blueprints, diagrams or documentation marked Sensitive and Confidential going out of the network, it raises an alarm and stops the transfer right there. No data is lost. Not data is accessed.Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
  • Again because of Symantec. If Smith Inc had used,Symantec Endpoint Protection (SEP) would have stopped such phishing expeditions. Note: Sales / Partners to talk about the key benefits of Data Loss Prevention and Symantec Endpoint Protection
  • Do the hackers give up? They don’t. They now decide to attack the data centre with a very old technique known as the buffer overflow attack.
  • A Buffer Overflow Attack is when the hacker looks for any residual memory in a program or application and alters it, making it behave in strange new ways. The hacker decides to use this technique not knowing that Smith Inc is not only protected by Symantec security technologies but also use Symantec systems management – Altris. Smith Inc has been using patch management regularly and has ensured that they fix the vulnerabilities that exist in their operating system and their applications. In addition to all Symantec’s systems management, it looks at what patches needs to be applied and efficiently applies those patches across the organisation.Note: Sales/Partner to explain what Buffer Overflow is if audience doesn’t understand
  • Attackers will always look for the weakest link in the chain. This could be one small vulnerability in one database or one application. Fortunately Smith Inc is using Symantec Control Compliance Suite (CCS), where one module allows you to go and do an analysis of system vulnerabilities. It exposes these ‘weak links’ and allows you to use applications to patch them.
  • This risk-based approach means Smith Inc was prepared. They deployed CCS solutions to prevent a targeted attack.Notes: Sales/Partners to talk about the key benefits of CCS
  • By now it would seem that Smith Inc security is truly solid. But there’s another common means of attack with surprisingly simple methods. An Advance Persistent Threat (APT) works on a grass roots level – often with something as simple as a user password or login.  An APT works across multiple vectors with simple techniques. It doesn’t look like a automated bot, it looks like a human. Because human thought is behind it.
  • Let’s see what Simon says. He figures he has the perfect password, his mother’s maiden name or simply 1 2 3 4 5 6, Fields. But what he thinks is clever is actually very uncomplicated. With a series of hit & miss guesswork trials (likely with clues gathered from other sources), a ‘brute force’ attack will likely get the job done eventually.
  • Fortunately Smith Inc uses Identity Management Solutions from Symantec, or VeriSign Identity Protection (VIP). VIP looks from the inside out to make sure the right person has access to applications or data. VIP is able to prevent an unauthorized person from accessing the network. User Authentication technology from Symantec saves the day.Note: Sales/Partners to talk about the key benefits of VIP
  • Time for the hackers to pack it in? Not quite. They target another employee, Steve. He recently joined Smith Inc from another company.
  • Steve’s job is to look at personal devices such as iPads and iPhones to see how they can increase productivity and efficiency in the workforce.  Steve is doing a lot of testing to see how specific company applications can be deployed onto mobile devices. He’s excited about his new role and shares the latest & greatest about his project on Facebook. Next thing you know, Steve’s stash of personal devices go missing. Only thing is, it’s his loss, not Smith Inc’s as all their apps are secure.
  • Symantec recently launched Mobile Device Security thanks to recent acquisitions with Odyssey and Nukona. They provide application level security for mobile devices with custom policies to minimize risk and protect confidential information on them. This technology is advanced enough to ‘wipe the slate clean’ of any stored information should the device become lost or stolen.Notes: Sales/Partners to talk about the key benefits of Nukona and Odyssey
  • Multiple Layers of SecurityWhat have we seen from Simon and the Smith Inc story? That defense is an in-depth strategy. It’s about putting multiple layers of technology together and making them work. It’s about security without compromise. How to better manage security risks knowing how to prioritise threats and ensure multi-layer integrity while being vigilant of the global landscape of security threats.  It’s about understanding how threats work and putting in place an overlapping defense strategy, making it more and more difficult for the attacker to succeed at the various stages of a data breach. It’s about changing workplace environments, virtualisation, and accelerated productivity.
  • Recap Slide – identify solutions Recap on Symantec Products and capablities
  • Clearly Symantec has a solution to help you meet every information challenge. Our goal is 360-degree data protection regardless of where it is, what it is, or how it is being used. This information-centric approach lets you address the unstoppable forces that every IT organization faces and move forward with confidence.
  • Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
  • Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
  • Symantec has many resources for you to stay on top of the security threat landscape and here are a few of the best tools we have:Build Your Own ISTR: (go.symantec.com/istr)This year, Symantec is offering its annual report on the Internet threat landscape in a whole new way. With the online “Build Your Report” tool, you can create your own custom version of the Internet Security Threat Report by selecting only those topic areas in which you are most interested. You can then print your custom report or share it on social networking sites like Twitter and Facebook. This online tool contains data from the 4 appendices that we used to include in the full ISTR in past years. It also contains regional data for EMEA and LAM as well as best practices.Norton Cybercrime Index:This is a tool produced by the Norton consumer team. It’s a daily measure of cybercrime risks globally and is available online at nortoncybercrimeindex.comThreat Intel Twitter Feed:These are updates from our Security Response analysts around the globe – subscribing to this feed will keep you informed about the latest threats and trends that Symantec is seeing across it Global Intelligence Network.
  • Symantec END
  • Security threats and countermeasures in daily life - Symantec

    1. 1. Security @Work Mathan Kasilingam, CISSP Principal Solution Architect
    2. 2. 2 Four Key Trends Internet Security Threat Report, Vol. 17 Malware Attacks 81% ↑ Targeted Attacks Expand Mobile Threats Expose All Data Breaches on Rise
    3. 3. 3 Security never sleeps Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    4. 4. 4 Portrait of a Cyber-Crime Smith Inc Small company – BIG ideas
    5. 5. 5 Attack #1: Port Scan
    6. 6. 6 Attack methodology: Company target identifiedThe Hacker – individual, organisation or Government
    7. 7. 7 Port Scan – probe for vulnerabilities Look for an entry Weak points Defence alignments System vulnerabilities Open doors
    8. 8. 8 No entry Security Incident & Event Management Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    9. 9. 9 Attack #2: Social Engineering
    10. 10. 10 Company employee target identified
    11. 11. 11 Social Engineering Working hours
    12. 12. 12 Tracking the target
    13. 13. 13 Capturing the device
    14. 14. 14 No entry Device Encryption Technology Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    15. 15. 15 Attack #3: Spear Phishing
    16. 16. 16 Desktop targeted via Malicious email
    17. 17. 17 Even if Desktop Protection fails
    18. 18. 18 DLP (Data Loss Prevention) can prevent the data from leaving the network
    19. 19. 19 No entry Data Loss Prevention Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    20. 20. 20 Attack #4: Buffer Overflow Attack
    21. 21. 21 Buffer Overflow Attack
    22. 22. 22 Detecting system vulnerabilities and apply patches Identify areas of concern
    23. 23. 23 No entry Automated Compliance Management Solution Critical System Protection (Host FW / IPS / Sys Baseline) Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    24. 24. 24 Attack #5: Password Hacking Attack
    25. 25. 25 Advanced Persistent Threat Simon’s mum Mrs LeeL E E
    26. 26. 26 No entry Identity & Access Management Solution Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    27. 27. 27 Attack #6: Attacking mobile devices
    28. 28. 28 Anti theft – Mobility solutions (Device Management Solution)
    29. 29. 29 No entry Mobile Device Security Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
    30. 30. 30 Defence against threats Multiple layers of Security
    31. 31. 31 Complete Protection Security Incident & Event Management Encryption Technology Data Loss Prevention Automated Compliance Management Critical System Protection Identity & Access Management Mobile Device Security
    32. 32. 32 Where should you go from here
    33. 33. 33 Symantec’s Information-Centric Approach INFORMATION Intelligence Governance InfrastructureStore Manage Dedupe Protect Recover Discover Classify Ownership Assess Remediate Compliance Identify Authenticate Policy RISK COST VALUE MobileVirtualisation Cloud Physical
    34. 34. 34 Stay Informed - Internet Security Threat Report www.symantec.com/threatreport Security Response Website Twitter.com/threatintel
    35. 35. Stay Informed Internet Security Threat Report, Vol. 17 www.symantec.com/threatreport Security Response Website Twitter.com/threatintel 35
    36. 36. Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 36 Thank You
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×