Security trend-with-sec point

393 views
332 views

Published on

http://www.secpoint.com
Security Trend with SecPoint

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
393
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security trend-with-sec point

  1. 1. Security Evolution on the Edge
  2. 2. The State of Insecurity
  3. 3. State of Security <ul><li>Network Attacks are on the rise - Viruses, Worms, and Trojans </li></ul><ul><li>“ 9 Of 10 Companies Hit By Computer Crime” - FBI </li></ul><ul><li>Their presence is global </li></ul>*CERT stats for 2004 and 2005 are based off comments on the CERT site that the number of incidents are too large to track anymore (figure here is a low estimate) Source: Kaspersky Labs – May 2009
  4. 4. You’ve Seen It In The News
  5. 5. You’ve Seen It In The News New York Police Department under Chinese cyber-attacks US Air Traffic Control Vulnerable to Cyber-attack Staged cyber attack reveals Vulnerability in power grid And more breaking news every day….
  6. 6. The IT Security Paradox 100% of these organizations have purchased “ IT security” solutions
  7. 7. High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated Attack Sophistication vs. Intruder Technical Knowledge
  8. 8. Vulnerability Exploit Cycle Intruders Begin Using New Types of Exploits Highest Exposure Time # Of Incidents Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools
  9. 9. Today’s Reality <ul><li>Organizations and people are dependant on technology </li></ul><ul><li>Attacks are now both obscured and actionable </li></ul><ul><li>Time from vulnerability to exploit is shorter </li></ul><ul><li>Perpetuated by: </li></ul><ul><ul><li>Outdated technology </li></ul></ul><ul><ul><li>Continual security changes </li></ul></ul><ul><ul><li>Limited control </li></ul></ul><ul><ul><li>Human factors </li></ul></ul><ul><li>The new attackers : </li></ul><ul><ul><li>Cybercrime Organizations </li></ul></ul><ul><ul><li>Mafia Organizations </li></ul></ul><ul><ul><li>Professional Hackers </li></ul></ul><ul><ul><li>Company insiders </li></ul></ul>
  10. 10. Past and Present Solutions
  11. 11. Legacy Firewall Solutions <ul><li>Legacy firewall technology is limited & cannot effectively prevent today’s threats or network misuse </li></ul><ul><li>For complete protection many have cobbled together security solutions from multiple vendors with little to no integration </li></ul>Threats Threats However, the net result is higher overall cost of ownership and increased resource demand & performance concerns Internal Network Users Typical Firewalls Only Inspect the “Luggage Tag” Complete Protection Means DEEP Inspection Network Traffic Firewall Router Anti-Spy Gateway AV Client AV Wireless Sec. Content Filter Anti-Phishing Intrusion Prev. Firewall Route Anti-Spy Gateway AV Client AV VPN Content Filter Anti-Phishing Intrusion Prev. Internal Network Users <ul><li>However, the net result is higher overall cost of ownership and increased resource demand & performance concerns </li></ul>
  12. 12. Advanced L-7 Classification Foundation of Visibility Static Port 80 Dynamic Port 80  722 IP 192.168.1.1 Link Layer 00D059B71F3E TCP/UDP 06/11 Applications HTTP/SSL, SMTP/POP3, FTP Oracle, SAP, KaZaA Oracle, SAP, KaZaA over HTTP Complete Application Classification Application sub-classifications, validation, behavioral characteristics, multi-packet flow analysis and profiling intelligence for encrypted, tunneled and evasive applications. Packeteer Over 450 Application Classifications Typical Router, Probe, etc. Stateful Inspection
  13. 13. Threat Protection Differences Static Port 80 Dynamic Port Multiple ports IP 192.168.1.1 Link Layer 00D059B71F3E TCP/UDP 06/11 Applications Layer Threat Limited Virus Protection, App Layer Threats Viruses Worms Trojans Spyware IM/P2P apps Unlimited File Sizes and Unlimited Users Routers/ Nat Filters Stateful Inspection Typical Deep Packet SecPoint Deep Inspection Complete Protection
  14. 14. Better Protection & Performance Solutions Are Not Created Equal <ul><li>Current Firewalls </li></ul><ul><ul><li>Port blocking </li></ul></ul><ul><ul><li>TCP/IP Rules </li></ul></ul><ul><ul><li>IP Routing </li></ul></ul><ul><ul><li>Link Layer </li></ul></ul>Routers Firewalls Cisco/Fortinet UTM SecPoint UTM <ul><li>Intelligent UTM Protection </li></ul><ul><ul><li>Scan Unlimited Sized Files & Users </li></ul></ul><ul><ul><li>Block Applications such as MSN </li></ul></ul><ul><ul><li>Outbound Spyware Control </li></ul></ul><ul><ul><li>Content Filtering/Control & Phishing </li></ul></ul><ul><ul><li>Stream-based file support </li></ul></ul>Attack Sophistication  <ul><li>Typical UTM Protection </li></ul><ul><ul><li>Limited scanning for Viruses/Worms/Trojans </li></ul></ul><ul><ul><li>Inbound Spyware protection </li></ul></ul><ul><ul><li>SNTP, HTTP, IMAP support </li></ul></ul><ul><ul><li>Content Filtering </li></ul></ul>Network Threats Simple DoS Attack IP Spoof Smurf Attack “ Highest Risk” Threats Hidden malware in large files Spyware communication outbound Viruses on to network drives P2P/Instant Messenger threats Phishing attacks Rootkits Typical Threats Downloaded or emailed Viruses Easy to acquire Spyware Misuse of network resources SecPoint Unified Threat Management
  15. 15. Typical Firewall Traffic Path Source 212.56.32.49 Destination 65.26.42.17 Source Port 823747 Dest Port 80 Sequence 28474 Sequence 2821 Syn state SYN IP Option none Stateful Packet Inspection Legacy Firewalls Stateful is limited inspection that can only block on ports No Data Inspection! Data goes through unchecked ! INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA
  16. 16. Firewall Traffic Path Stateful Packet Inspection Unified Threat Management Platform UTM Inspection inspects all traffic moving through a device – 98% more inspection INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA SecPoint Signatures ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT INSPECT Security Prod. SecPoint UTM Dynamic Management / Reporting Reliable
  17. 17. The New Firewall Standard – UTM Enterprise security for the all business FROM AV AS FW URL IPS VPN
  18. 18. « UTM security appliances will continue to be the more popular approach. This is because UTM appliances offer additional benefits over single function standalone solutions ». Source: IDC – Mars 2009 A Large, Fast Growing Market 2005-2012 : Western Europe Security Appliance Revenue ($M)
  19. 19. The New Firewall Standard – UTM Enterprise security for the all business <ul><li>Unified Threat Management </li></ul><ul><ul><li>Integration of all modules </li></ul></ul><ul><ul><ul><li>Intrusion Prevention for blocking network threats </li></ul></ul></ul><ul><ul><ul><li>Award winning Anti SPAM </li></ul></ul></ul><ul><ul><ul><li>Anti-Virus for blocking file based threats </li></ul></ul></ul><ul><ul><ul><li>Anti-Spyware for blocking Spyware & Malware </li></ul></ul></ul><ul><ul><ul><li>Content Filtering for productive Internet usage </li></ul></ul></ul><ul><ul><li>Updates to the threat environment </li></ul></ul>
  20. 20. SecPoint Solutions
  21. 21. SecPoint Solution Suite P1600/P2100 P700 P1100 <ul><ul><ul><li>Small Networks </li></ul></ul></ul><ul><ul><ul><li>5-25 users </li></ul></ul></ul><ul><ul><ul><li>ADSL Internet access </li></ul></ul></ul><ul><ul><ul><li>Media Networks </li></ul></ul></ul><ul><ul><ul><li>50-250 users </li></ul></ul></ul><ul><ul><ul><li>DSL Internet access </li></ul></ul></ul><ul><ul><ul><li>Enterprise Networks </li></ul></ul></ul><ul><ul><ul><li>500-2000 users </li></ul></ul></ul><ul><ul><ul><li>Fiber/DSL Internet access </li></ul></ul></ul>
  22. 22. SecPoint UTM Appliance
  23. 23. <ul><li>Security Integration </li></ul><ul><li>Anti-Virus </li></ul><ul><li>Anti-Spyware </li></ul><ul><li>IDS/IPS </li></ul><ul><li>Productivity Control </li></ul><ul><li>Application Control </li></ul><ul><li>Web Content Filtering </li></ul><ul><li>Network Intelligence </li></ul><ul><li>Dynamic Routing </li></ul><ul><li>High Availability </li></ul><ul><li>Client Identity and Integrity </li></ul><ul><li>Network Access </li></ul>Management and Reporting Dynamically Updated Architecture Security Integration Productivity Control Network Intelligence Client Identity/Integrity Management and Reporting SecPoint Unified Threat Management Platform Dynamically Updated Architecture Security Integration Productivity Control Network Intelligence Client Identity/Integrity
  24. 24. Proxy Solutions Are Limited Memory Full - Scanning Stopped Inspection Stopped Inspecting # of Users Traffic max min max min Network Use Competitive solutions have memory imposed scalability limits The more users and traffic added, the more threats come through without inspection Inspection possible Not inspected Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Memory
  25. 25. UTM Platform Approach Real Time Scanning Engine Inspecting Protection for ALL Traffic and ALL Users SecPoint UTM – Unique Scalability # of Users Traffic max min max min Network Use Inspection possible Not inspected Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA Real-time Scanning Management and Reporting Security Integration Productivity Control Network Resiliency SecPoint Unified Threat Management Dynamically Updated
  26. 26. Adaptable Architecture Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT AV Database Ph/Spy/IPS Database Spy Database The UTM Platform is continually updated to prevent emerging threats, 24x7 <ul><li>Future-proofed investment for security </li></ul><ul><li>The platform continually evolves to block emerging threats </li></ul><ul><li>Updates to the security posture are completely automated - no user intervention </li></ul><ul><ul><li>SecPoint </li></ul></ul><ul><ul><li>Response Team </li></ul></ul>
  27. 27. Intrusion Prevention Service <ul><li>Uses real-time Packet Inspection and signatures to scan for know vulnerabilities and exploits. </li></ul><ul><li>Scans data connections for prohibited applications </li></ul><ul><li>Terminates connections that match signatures </li></ul><ul><li>Signatures updated real-time in the cloud </li></ul>
  28. 28. Database of IPS Applications <ul><li>Instant Messenger Apps </li></ul><ul><li>AOL Instant Messenger </li></ul><ul><li>Yahoo Instant Messenger </li></ul><ul><li>MSN Messenger </li></ul><ul><li>ICQ </li></ul><ul><li>IRC </li></ul><ul><li>Many more </li></ul><ul><li>Multimedia Apps </li></ul><ul><li>Windows Media Player </li></ul><ul><li>Real Player </li></ul><ul><li>iTunes </li></ul><ul><li>Musicmatch </li></ul><ul><li>Shoutcast </li></ul><ul><li>Audio galaxy </li></ul><ul><li>Many more </li></ul><ul><li>Peer-to-Peer Apps </li></ul><ul><li>Napster </li></ul><ul><li>GNUTella </li></ul><ul><li>Kazaa </li></ul><ul><li>Morpheus </li></ul><ul><li>BitTorrent </li></ul><ul><li>eDonkey </li></ul><ul><li>eMule </li></ul><ul><li>Filetopia </li></ul><ul><li>MP2P </li></ul><ul><li>iMesh </li></ul><ul><li>Grokster </li></ul><ul><li>Many more </li></ul>
  29. 29. Anti Spyware Protection <ul><li>Blocks spyware delivered through auto-installed ActiveX components, the most common vehicle for distributing malicious spyware & Malware programs </li></ul><ul><li>Scans and logs spyware threats that are transmitted through the network and alerts administrators when new spyware is detected and/or blocked </li></ul><ul><li>Stops existing spyware programs from communicating in the background with hackers and servers on the Internet, preventing the transfer of confidential information </li></ul><ul><li>Provides granular control over networked applications by enabling administrators to selectively permit or deny the installation of individual spyware or malware programs </li></ul><ul><li>Prevents e-mailed spyware threats by scanning and then blocking infected e-mails transmitted either through SMTP, IMAP or Web-based e-mail </li></ul>
  30. 30. Better Protection & Performance Solutions Are Not Created Equal <ul><li>Current Firewalls </li></ul><ul><ul><li>Port blocking </li></ul></ul><ul><ul><li>TCP/IP Rules </li></ul></ul><ul><ul><li>IP Routing </li></ul></ul><ul><ul><li>Link Layer </li></ul></ul>Routers Firewalls Cisco/Fortinet UTM SecPoint UTM <ul><li>Intelligent UTM Protection </li></ul><ul><ul><li>Scan Unlimited Sized Files & Users </li></ul></ul><ul><ul><li>Block Applications such as Skype </li></ul></ul><ul><ul><li>Outbound Spyware Control </li></ul></ul><ul><ul><li>Content Filtering/Control & Phishing </li></ul></ul><ul><ul><li>Stream-based file support </li></ul></ul>Attack Sophistication  <ul><li>Typical UTM Protection </li></ul><ul><ul><li>Limited scanning for Viruses/Worms/Trojans </li></ul></ul><ul><ul><li>Inbound Spyware protection </li></ul></ul><ul><ul><li>SMTP, HTTP, IMAP support </li></ul></ul><ul><ul><li>Content Filtering </li></ul></ul>Network Threats Simple DoS Attack IP Spoof Smurf Attack “ Highest Risk” Threats Hidden malware in large files Spyware communication outbound Viruses on to network drives Skype/Instant Messenger threats Phishing attacks Rootkits Typical Threats Downloaded or emailed Viruses Easy to acquire Spyware Misuse of network resources SecPoint Unified Threat Management
  31. 31. More Then External Security
  32. 32. <ul><ul><li>30% to 40% of employee Internet use is not work related* </li></ul></ul><ul><ul><li>80 Million Americans or 27% of the US population use IM* </li></ul></ul><ul><ul><li>55% of online users have been infected with spyware* </li></ul></ul><ul><ul><li>Instant messaging security threats double every 6 months* </li></ul></ul>*Intl Data Corp * Consumer Affairs *Bigfoot Interactive *Gartner Non-work related activities The “Enemy” Within: the Human Factor <ul><li>The average employee is the unwitting accomplice: </li></ul>
  33. 33. Productivity Counts Too! <ul><li>On average an employee spends 1 hour per day on the Internet for non-work related activities. (Source: International Data Corp.) </li></ul><ul><li>A typical 25 employee company can lose over $150K annually in lost productivity from Internet misuse. </li></ul>Source: [email_address] 2005, Harris Interactive
  34. 34. SecPoint All in One The Protector is a dedicated appliances purpose built for the unique needs of application layer security Content Security Appliance A Dynamic Threat Management solution for customers with installed firewalls from Cisco, Checkpoint, Juniper or other vendors <ul><li>Gateway Anti Spam </li></ul><ul><li>Gateway Anti-Virus </li></ul><ul><li>Gateway Anti-Spyware </li></ul><ul><li>Web Content Filtering </li></ul><ul><li>IM & P2P Filtering </li></ul><ul><li>Works Behind any Firewall </li></ul>
  35. 35. UTM for non SP Networks <ul><li>SecPoint Content Security Management: </li></ul><ul><li>Appliance = Simple and cost-effective </li></ul><ul><li>Multi-threat ready = Total security </li></ul><ul><li>Modular licensing = Scalable </li></ul><ul><li>Any firewall = Large market </li></ul>SMBs need a cost-effective means of upgrading their security without necessarily upgrading their firewall
  36. 36. Questions?
  37. 37. Thank you Martin de Gier SecPoint Nederland [email_address]

×