8 Threats Your Anti-Virus Won't Stop


Published on

Businesses of all sizes face risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This presentation outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security. For more, visit: http://bit.ly/8Threats_wp

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This presentation reviews the current threat landscape and what’s driving change in IT security. It also dives into 8 threats your traditional AV can’t stop, and wraps up with some questions you can ask your prospective vendor to make sure you’re getting the protection you need.
  • The threat landscape is continually evolving, but today there are really four sources of pain…1. Users are more mobile than ever and using a broader array of devices to do their work, from laptops, to tablets, to smart phones.2. The threats themselves are evolving rapidly in an ever escalating arms race to try and evade your security and victimize your users.3. There’s the problem of data being everywhere, increasing regulations and the fact that your sensitive data is what the bad guys are targeting.4. Security is taking too much of your time and its impacting not only your productivity but that of your users too.
  • Here is some data from datalossdb.org that tracks a variety of data loss incidents. The number one source of lost data is a stolen laptop, device or other form or removable media noted in the chart by blue.The next major type of data breach was due to hacks and improperly secured servers and databases. It’s a challenging vector to address, but there are a number of best practices you should be looking at implementing to safeguard yourself. Certainly web server protection being top on the list.Then comes Web, Email and Virus type attacks which account for 15% of data loss breaches.Good old fashioned printed documents either lost, stolen or improperly disposed of actually accounted for about 13% of data breaches.
  • Web and virus attacks account for a significant percentage of data breaches. A typical web or email attack can be broken down into a series of phases:Entry point - This is typically a hijacked website or perhaps an email with a malicious link in it. These hijacked sites change quickly and spread like wild-fire when new exploits in servers are discovered making it difficult for traditional URL filtering to provide a meaningful defense.If a threat slips past this first level of defense, the initial malware will do a quick assessment of the system to see what kind of operating system, browser, plugins and apps it’s dealing with and then redirect the malware accordingly to an appropriate malware hosting site. These malware traffic distribution systems utilize new servers all the time often using fast-flux DNS to stay ahead of the game.Once an attack manages to slip through to the next phase, it will usually involve a commercially available exploit pack that attempts to leverage any number of vulnerabilities in apps and plugins. This is usually easy picking for malware as there are often dozens of browser and applications running all ripe with exploits.Should an attack successfully exploit a vulnerability, it will then download a malicious payload to infect the system to log keys, steal data, or covert the system into a botnet or malware hosting site. This is pretty much your last line of defense and you’re now relying on detecting sophisticated virus and malware code.Should this malware be successful in taking hold, it will then start calling home with sensitive data or information about the infected system so it can be exploited further.
  • The Evolution of AV.Anti-virus started out many years ago as a signature based form of protection. Every virus was identified by a unique signature and as new variants appeared, new signatures were required. As these threats started to evolve more quickly to the level we have today, where tens of thousands of new variants can appear daily, it’s simply not scalable or reliable to depend on signature based detection. So most AV companies added a capability called HIPS to their security software that can detect malicious behavior and stop it before it can cause too much damage. More recently, the concept of Endpoint security has gotten more sophisticated with technologies that use better behavioral analysis to detect suspicious code and other technologies designed to reduce the surface area of attack… firewalls, application control, and device control all help in this regard by reducing vulnerabilities.Today we seem to be in the next-generation in the evolution of IT security… which goes far beyond essential AV… combining technologies that work better together across threat vectors to provide endpoint, web, email, network, data and mobile protection… or what we like to call complete security.
  • 8 threats your AV won’t stop youcan be broken down into four types of issues:Human errorFacts of lifeIT issuesMalicious intent
  • Everyone has accidentally sent an email to the wrong person or “replied-all” on a note that was intended only for one person.No AV solution is going to help you here, but there’s little need for this kind of problem anymore with affordable, simple email encryption and data loss prevention that can either stop sensitive data from leaving the organization or ensure it’s encrypted and protected from falling into the wrong hands.
  • In a recent security audit at a credit union, it was found that 15 employees out of 20 that found a USB stick in the parking lot or elsewhere near their office, had plugged them into their computer. This is how many organizations are targeted today. In fact, this is rumored to be the way an Israli worm was propagated within Iran to thwart their Nuclear program. This problem is crying out for a solution, and you don’t really want to have to rely on old-school AV to solve this. Fortunately, it’s all very simple. A combination of device control, data control, encryption, and even a bit of user education can go a long ways towards eliminating this risk.
  • In today’s mobile world, you’ve got an increasing number of users working offsite who you are either trying to force to connect through the corporate infrastructure using VPN which can be expensive, complex and frustrating, or you’ve got road-warriors coming back to the office with infected laptops. Likely infected with some kind of FakeAV. The problem is nothing new, but there are new ways to solve it. With Web Protection in your Endpoint, your users can take their web protection with them everywhere they go, and be protected just like they are back in the office.
  • Unpatched and uncontrolled applications represent one of the biggest exposures you have. Every unpatched application represents a set of vulnerabilities that are ripe to be exploited, and the more uncontrolled browsers, media players, and other applications users are running on their systems, the greater this surface area of attack. It’s absolutely essential that you limit these kinds of applications to just those required for your organization, and keep them patched. That’s where a complete security solution that includes application control and patch management play a critical role in reducing your risk and exposure to attack while also reducing the number of ways that sensitive data can end up leaving your network.
  • Thousands of laptops are stolen every day. It’s only a matter of time before it happens to all of us. Fortunately, with affordable, simple encryption solutions for disks, emails, and files in the cloud or on removable media, there’s no reason anyone should have to worry about this kind of data loss anymore.
  • The term zero-day threat means that the attack is exploiting a vulnerability before it’s been published. Behavioral analysis and intrusion prevention in today’s Endpoint security is designed to detect malicious code and behavior before it becomes a problem. Technologies like Sophos Live Protection make real-time updates to the latest threat intelligence possible, closing the gap between regular threat updates… improving response time to emerging zero-day threats.
  • Howto make sure you’re getting the right solution or the most protection for your tight IT security budget.
  • As you’ve seen, you need more than just AV to stay protected… you need complete security. You need the technologies we talked about working across all vectors from Endpoint, to the network gateway including web and email, with data protection everywhere and mobile protection as well.
  • Proper complete security starts with reducing the surface area of an attack. Technologies like anti-spam and URL filtering play critical roles in blocking malicious entry points but you need solutions that update themselves in real-time… that’s where real-time updates like Sophos Live Protection can be a huge benefit. Application control and patch management play equally critical roles in eliminating vulnerabilities that can be exploited by controlling the number of applications and helping to keep them patched… significantly reducing the chance of infection. Last but not least, data control and encryption are an important last line of defense in protecting data should your system become infected and of course, to prevent data loss through accidents that are bound to happen.To prevent infection, you need a number of leading edge technologies working on your behalf to stop attacks and breaches at a variety of layers, detecting malicious code behavior and preventing it from taking hold or communicating with the source.And of course, these days, you need this kind of multi-layer protection everywhere users are, and in a way that keeps both them and the IT team productive and working without bogging them down.
  • Here some essential questions to ask prospective vendors that get at their ability to deliver complete security.
  • Of course, Sophos has the answers and can bring all of the essential technologies you need for better protection.
  • The best part is that Sophos has made it simple by tightly integrating our security solutions where it makes sense to provide better protection/better efficiency through reduced complexity and better value for you. You get the benefit of all these technologies that are working seamlessly for you and you can manage them easily with our simple administration tools that take the head-aches out of managing today’s IT security.
  • 8 Threats Your Anti-Virus Won't Stop

    1. 1. 8 Threats your antivirus won’t stop
    2. 2. Outline Current threat landscape 8 threats AV won’t stop Wrap up2
    3. 3. Changing threat landscape What’s causing you pain Threats Data changing, everywhere, r still egulations increasing growing Users everywhere, using everything3
    4. 4. How data is lost Source: DatalossDB.org Devices Hacked Web/Virus Documents Fraud4
    5. 5. Anatomy of an attack A hijacked website or an Entry point unwanted email with a malicious link Initial malware redirects Malware based on what it’s working Distribution with (Windows/Mac, IE/Safari, e tc.) Exploit pack attempts to Exploit leverage a number ofvulnerabilities vulnerabilities in apps & plugins Download of a malicous payload to log keys, steal Infection data, or convert the system into a botnet Malware calls home with Execution sensitive data
    6. 6. Outline Current threat landscape 8 threats AV won’t stop Wrap up6
    7. 7. Evolution of AV Signature Signature Endpoint Complete AV AV + HIPS Security Security• Signature based • Signature based • Signature based • Endpoint Protection anti-virus protection anti-virus protection anti-virus protection • Web Protection • HIPS (Host • HIPS (Host • Email Protection Intrusion Prevention Intrusion Prevention System) System) • Network Protection • Behavioral analysis • Data Protection • Client firewall • Mobile Protection • Application control • Device control
    8. 8. 8 threats AV won’t stop Human error: 1. Misdirected email 2. Infected USB device Facts of life: 3. Working offsite 4. Working on the web IT issues: 5. Unpatched PC’s 6. Uncontrolled apps Malicious intent: 7. Stolen Laptops 8. Zero-day threat8
    9. 9. 1. Misdirected email If it hasn’t happened to you, it will Data Control Email encryption9
    10. 10. 2. The infected USB device 75% fail the lollipop test Device Control Data Control Encryption10
    11. 11. 3. Working offsite & 4. on the web Today’s primary source of FakeAV URL Filtering Endpoint Web Protection11
    12. 12. 5. Unpatched & 6. Uncontrolled apps Is your company data circulating on Bit-Torrent? Application Control Patch Management12
    13. 13. 7. Stolen laptops It’s only a matter of time Full Disk Encryption Email encryption Encryption for cloud13
    14. 14. 8. The zero-day threat Exploiting unknown vulnerabilities Anti-malware with behavioural analysis Intrusion prevention Live Protection14
    15. 15. Outline Current threat landscape 8 threats AV won’t stop Wrap up15
    16. 16. Evolution of AV Signature Signature Endpoint Complete AV AV + HIPS Security Security• Signature based • Signature based • Signature based • Endpoint Protection anti-virus protection anti-virus protection anti-virus protection • Web Protection • HIPS (Host • HIPS (Host • Email Protection Intrusion Prevention Intrusion Prevention System) System) • Network Protection • Behavioral analysis • Data Protection • Client firewall • Mobile Protection • Application control • Device control
    17. 17. Layered Protection Complete Security at Work Reduce attack Entry point Protect everywhere Anti-spam surface URL Filtering Malware Distribution Stop attacks Live and breaches Protection Exploit Application Intrusion Controlvulnerabilities prevention Keep people working Patch Manager Anti-malware Infection Live Protection Data Control Firewall Execution Encryption
    18. 18. 8 Questions to ask your vendor… 1. How do we stop sensitive data from falling into the wrong hands? 2. How can we ensure staff is not leaking data out of our organization? 3. How can we prevent users from infecting themselves with USB sticks? 4. How do you protect offsite users from malicious websites? 5. How can we control applications such as VoIP, IM, P2P or games? 6. How can you help ensure systems are patched and up to date? 7. How does your solution help protect us from new and unknown threats? 8. How often do you publish new threat intelligence and how do we get it?18
    19. 19. Complete securityBetter protection, better efficiency, and better value Endpoint Web Email Data Mobile NetworkReduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Endpoint Web Encryption Data Control Access control Automation WiFi security Firewall Protection for cloud Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Application Mobile app Clean up Technical Device Control Secure branch Intrusion Firewall Control security support offices prevention Encryption Tamper Free Email Live Protection Small protection Home use VPN Performance updates encryption
    20. 20. Complete securityBetter protection, better efficiency, and better value
    21. 21. Staying ahead of the curveStaying ahead of the curve US and Canada facebook.com/securitybysophos 1-866-866-2802 NASales@sophos.com Sophos on Google+ UK and Worldwide linkedin.com/company/sophos + 44 1235 55 9933 Sales@sophos.com twitter.com/Sophos_News nakedsecurity.sophos.com 21
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.