Security trend-with-sec point
Upcoming SlideShare
Loading in...5
×
 

Security trend-with-sec point

on

  • 350 views

http://www.secpoint.com

http://www.secpoint.com
Security Trend with SecPoint

Statistics

Views

Total Views
350
Views on SlideShare
350
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security trend-with-sec point Security trend-with-sec point Presentation Transcript

  • Security Evolution on the Edge
  • The State of Insecurity
  • State of Security
    • Network Attacks are on the rise - Viruses, Worms, and Trojans
    • “ 9 Of 10 Companies Hit By Computer Crime” - FBI
    • Their presence is global
    *CERT stats for 2004 and 2005 are based off comments on the CERT site that the number of incidents are too large to track anymore (figure here is a low estimate) Source: Kaspersky Labs – May 2009
  • You’ve Seen It In The News
  • You’ve Seen It In The News New York Police Department under Chinese cyber-attacks US Air Traffic Control Vulnerable to Cyber-attack Staged cyber attack reveals Vulnerability in power grid And more breaking news every day….
  • The IT Security Paradox 100% of these organizations have purchased “ IT security” solutions
  • High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated Attack Sophistication vs. Intruder Technical Knowledge
  • Vulnerability Exploit Cycle Intruders Begin Using New Types of Exploits Highest Exposure Time # Of Incidents Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools
  • Today’s Reality
    • Organizations and people are dependant on technology
    • Attacks are now both obscured and actionable
    • Time from vulnerability to exploit is shorter
    • Perpetuated by:
      • Outdated technology
      • Continual security changes
      • Limited control
      • Human factors
    • The new attackers :
      • Cybercrime Organizations
      • Mafia Organizations
      • Professional Hackers
      • Company insiders
  • Past and Present Solutions
  • Legacy Firewall Solutions
    • Legacy firewall technology is limited & cannot effectively prevent today’s threats or network misuse
    • For complete protection many have cobbled together security solutions from multiple vendors with little to no integration
    Threats Threats However, the net result is higher overall cost of ownership and increased resource demand & performance concerns Internal Network Users Typical Firewalls Only Inspect the “Luggage Tag” Complete Protection Means DEEP Inspection Network Traffic Firewall Router Anti-Spy Gateway AV Client AV Wireless Sec. Content Filter Anti-Phishing Intrusion Prev. Firewall Route Anti-Spy Gateway AV Client AV VPN Content Filter Anti-Phishing Intrusion Prev. Internal Network Users
    • However, the net result is higher overall cost of ownership and increased resource demand & performance concerns
  • Advanced L-7 Classification Foundation of Visibility Static Port 80 Dynamic Port 80  722 IP 192.168.1.1 Link Layer 00D059B71F3E TCP/UDP 06/11 Applications HTTP/SSL, SMTP/POP3, FTP Oracle, SAP, KaZaA Oracle, SAP, KaZaA over HTTP Complete Application Classification Application sub-classifications, validation, behavioral characteristics, multi-packet flow analysis and profiling intelligence for encrypted, tunneled and evasive applications. Packeteer Over 450 Application Classifications Typical Router, Probe, etc. Stateful Inspection
  • Threat Protection Differences Static Port 80 Dynamic Port Multiple ports IP 192.168.1.1 Link Layer 00D059B71F3E TCP/UDP 06/11 Applications Layer Threat Limited Virus Protection, App Layer Threats Viruses Worms Trojans Spyware IM/P2P apps Unlimited File Sizes and Unlimited Users Routers/ Nat Filters Stateful Inspection Typical Deep Packet SecPoint Deep Inspection Complete Protection
  • Better Protection & Performance Solutions Are Not Created Equal
    • Current Firewalls
      • Port blocking
      • TCP/IP Rules
      • IP Routing
      • Link Layer
    Routers Firewalls Cisco/Fortinet UTM SecPoint UTM
    • Intelligent UTM Protection
      • Scan Unlimited Sized Files & Users
      • Block Applications such as MSN
      • Outbound Spyware Control
      • Content Filtering/Control & Phishing
      • Stream-based file support
    Attack Sophistication 
    • Typical UTM Protection
      • Limited scanning for Viruses/Worms/Trojans
      • Inbound Spyware protection
      • SNTP, HTTP, IMAP support
      • Content Filtering
    Network Threats Simple DoS Attack IP Spoof Smurf Attack “ Highest Risk” Threats Hidden malware in large files Spyware communication outbound Viruses on to network drives P2P/Instant Messenger threats Phishing attacks Rootkits Typical Threats Downloaded or emailed Viruses Easy to acquire Spyware Misuse of network resources SecPoint Unified Threat Management
  • Typical Firewall Traffic Path Source 212.56.32.49 Destination 65.26.42.17 Source Port 823747 Dest Port 80 Sequence 28474 Sequence 2821 Syn state SYN IP Option none Stateful Packet Inspection Legacy Firewalls Stateful is limited inspection that can only block on ports No Data Inspection! Data goes through unchecked ! INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA
  • Firewall Traffic Path Stateful Packet Inspection Unified Threat Management Platform UTM Inspection inspects all traffic moving through a device – 98% more inspection INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA SecPoint Signatures ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT INSPECT Security Prod. SecPoint UTM Dynamic Management / Reporting Reliable
  • The New Firewall Standard – UTM Enterprise security for the all business FROM AV AS FW URL IPS VPN
  • « UTM security appliances will continue to be the more popular approach. This is because UTM appliances offer additional benefits over single function standalone solutions ». Source: IDC – Mars 2009 A Large, Fast Growing Market 2005-2012 : Western Europe Security Appliance Revenue ($M)
  • The New Firewall Standard – UTM Enterprise security for the all business
    • Unified Threat Management
      • Integration of all modules
        • Intrusion Prevention for blocking network threats
        • Award winning Anti SPAM
        • Anti-Virus for blocking file based threats
        • Anti-Spyware for blocking Spyware & Malware
        • Content Filtering for productive Internet usage
      • Updates to the threat environment
  • SecPoint Solutions
  • SecPoint Solution Suite P1600/P2100 P700 P1100
        • Small Networks
        • 5-25 users
        • ADSL Internet access
        • Media Networks
        • 50-250 users
        • DSL Internet access
        • Enterprise Networks
        • 500-2000 users
        • Fiber/DSL Internet access
  • SecPoint UTM Appliance
    • Security Integration
    • Anti-Virus
    • Anti-Spyware
    • IDS/IPS
    • Productivity Control
    • Application Control
    • Web Content Filtering
    • Network Intelligence
    • Dynamic Routing
    • High Availability
    • Client Identity and Integrity
    • Network Access
    Management and Reporting Dynamically Updated Architecture Security Integration Productivity Control Network Intelligence Client Identity/Integrity Management and Reporting SecPoint Unified Threat Management Platform Dynamically Updated Architecture Security Integration Productivity Control Network Intelligence Client Identity/Integrity
  • Proxy Solutions Are Limited Memory Full - Scanning Stopped Inspection Stopped Inspecting # of Users Traffic max min max min Network Use Competitive solutions have memory imposed scalability limits The more users and traffic added, the more threats come through without inspection Inspection possible Not inspected Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Memory
  • UTM Platform Approach Real Time Scanning Engine Inspecting Protection for ALL Traffic and ALL Users SecPoint UTM – Unique Scalability # of Users Traffic max min max min Network Use Inspection possible Not inspected Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Source UDP Port Destination UDP Port UDP Length UDP Checksum DATA Real-time Scanning Management and Reporting Security Integration Productivity Control Network Resiliency SecPoint Unified Threat Management Dynamically Updated
  • Adaptable Architecture Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT AV Database Ph/Spy/IPS Database Spy Database The UTM Platform is continually updated to prevent emerging threats, 24x7
    • Future-proofed investment for security
    • The platform continually evolves to block emerging threats
    • Updates to the security posture are completely automated - no user intervention
      • SecPoint
      • Response Team
  • Intrusion Prevention Service
    • Uses real-time Packet Inspection and signatures to scan for know vulnerabilities and exploits.
    • Scans data connections for prohibited applications
    • Terminates connections that match signatures
    • Signatures updated real-time in the cloud
  • Database of IPS Applications
    • Instant Messenger Apps
    • AOL Instant Messenger
    • Yahoo Instant Messenger
    • MSN Messenger
    • ICQ
    • IRC
    • Many more
    • Multimedia Apps
    • Windows Media Player
    • Real Player
    • iTunes
    • Musicmatch
    • Shoutcast
    • Audio galaxy
    • Many more
    • Peer-to-Peer Apps
    • Napster
    • GNUTella
    • Kazaa
    • Morpheus
    • BitTorrent
    • eDonkey
    • eMule
    • Filetopia
    • MP2P
    • iMesh
    • Grokster
    • Many more
  • Anti Spyware Protection
    • Blocks spyware delivered through auto-installed ActiveX components, the most common vehicle for distributing malicious spyware & Malware programs
    • Scans and logs spyware threats that are transmitted through the network and alerts administrators when new spyware is detected and/or blocked
    • Stops existing spyware programs from communicating in the background with hackers and servers on the Internet, preventing the transfer of confidential information
    • Provides granular control over networked applications by enabling administrators to selectively permit or deny the installation of individual spyware or malware programs
    • Prevents e-mailed spyware threats by scanning and then blocking infected e-mails transmitted either through SMTP, IMAP or Web-based e-mail
  • Better Protection & Performance Solutions Are Not Created Equal
    • Current Firewalls
      • Port blocking
      • TCP/IP Rules
      • IP Routing
      • Link Layer
    Routers Firewalls Cisco/Fortinet UTM SecPoint UTM
    • Intelligent UTM Protection
      • Scan Unlimited Sized Files & Users
      • Block Applications such as Skype
      • Outbound Spyware Control
      • Content Filtering/Control & Phishing
      • Stream-based file support
    Attack Sophistication 
    • Typical UTM Protection
      • Limited scanning for Viruses/Worms/Trojans
      • Inbound Spyware protection
      • SMTP, HTTP, IMAP support
      • Content Filtering
    Network Threats Simple DoS Attack IP Spoof Smurf Attack “ Highest Risk” Threats Hidden malware in large files Spyware communication outbound Viruses on to network drives Skype/Instant Messenger threats Phishing attacks Rootkits Typical Threats Downloaded or emailed Viruses Easy to acquire Spyware Misuse of network resources SecPoint Unified Threat Management
  • More Then External Security
      • 30% to 40% of employee Internet use is not work related*
      • 80 Million Americans or 27% of the US population use IM*
      • 55% of online users have been infected with spyware*
      • Instant messaging security threats double every 6 months*
    *Intl Data Corp * Consumer Affairs *Bigfoot Interactive *Gartner Non-work related activities The “Enemy” Within: the Human Factor
    • The average employee is the unwitting accomplice:
  • Productivity Counts Too!
    • On average an employee spends 1 hour per day on the Internet for non-work related activities. (Source: International Data Corp.)
    • A typical 25 employee company can lose over $150K annually in lost productivity from Internet misuse.
    Source: [email_address] 2005, Harris Interactive
  • SecPoint All in One The Protector is a dedicated appliances purpose built for the unique needs of application layer security Content Security Appliance A Dynamic Threat Management solution for customers with installed firewalls from Cisco, Checkpoint, Juniper or other vendors
    • Gateway Anti Spam
    • Gateway Anti-Virus
    • Gateway Anti-Spyware
    • Web Content Filtering
    • IM & P2P Filtering
    • Works Behind any Firewall
  • UTM for non SP Networks
    • SecPoint Content Security Management:
    • Appliance = Simple and cost-effective
    • Multi-threat ready = Total security
    • Modular licensing = Scalable
    • Any firewall = Large market
    SMBs need a cost-effective means of upgrading their security without necessarily upgrading their firewall
  • Questions?
  • Thank you Martin de Gier SecPoint Nederland [email_address]