RSA 2010 Francis De Souza
Upcoming SlideShare
Loading in...5
×
 

RSA 2010 Francis De Souza

on

  • 3,568 views

Francis De Souza's presentation at RSA 2010. Session ID: SPO1-107; Session Classification: Intermediate

Francis De Souza's presentation at RSA 2010. Session ID: SPO1-107; Session Classification: Intermediate

Statistics

Views

Total Views
3,568
Views on SlideShare
2,979
Embed Views
589

Actions

Likes
0
Downloads
27
Comments
0

2 Embeds 589

http://dominicstoughton.wordpress.com 576
http://www.slideshare.net 13

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

RSA 2010 Francis De Souza RSA 2010 Francis De Souza Presentation Transcript

  • Today’s IT Attacks: An Title of Presentation IT Security Strategy To Protect Your Assets Francis deSouza Symantec Session ID: SPO1-107 Session Classification: Intermediate
  • Agenda Sources of a Breach Security Market Drivers Breach Analysis Security Strategy 2
  • A CRIME IS COMMITTED Secure EVERY ¼ OF A SECOND Endpoints ON THE WEB 3
  • Secure 1 IN 5 Endpoints WILL BE A VICTIM OF CYBER CRIME 4
  • 100% Secure Endpoints OF ENTERPRISES HAVE EXPERIENCED CYBER LOSSES 5
  • CYBER ATTACKS COST COMPANY’S AN Secure Endpoints AVERAGE OF $2 MILLION ANNUALLY 6
  • $75% Secure OF ALL ENTERPRISES Endpoints HAVE EXPERIENCED CYBER ATTACKS IN THE PAST 12 MONTHS 7
  • 43% Secure Endpoints OF COMPANIES LOST CONFIDENTIAL DATA IN 2009 8
  • ENTERPRISE SECURITY IS Secure Endpoints BECOMING MORE DIFFICULT 9
  • Sources Of A Breach Organized Organized Well Well Well Malicious Malicious Malicious Targeted Meaning Insider Criminal Criminal Meaning Meaning Insider Insider Insider Attackers Insider Insider 10
  • History of Targeted Attacks US Government: January 12: Systems in the Department of Google announces they Solar Sunrise: Defense, State, Commerce, have been a victim of a Attacks stealing passwords Energy, and NASA all comprised targeted attack from DoD systems and terabytes of information conducted by 2 Californian confirmed stolen. and 1 Israeli teenager 1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010 Ghostnet: Moonlight Maze: Titan Rain: Attacks on Tibetan Organized Organized Attacks targeting US Well Well Coordinated attacks on Malicious Malicious organizations and Criminal military secrets reported Criminal Meaningmilitary US government Meaning Insider many embassies of Insider to be conducted by Russia Insider installations and private EMEA countries, and Insider contractors NATO systems. 11
  • Anatomy Of A Breach Anatomy Of A Breach > Incursion > Discovery > Capture Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider > Exfiltration Insider 12
  • Mass Attack vs Targeted Attack Phase Mass Attack Targeted Attack Incursion Generic social engineering Handcrafted and personalized By-chance infection methods of delivery Discovery Typically no discovery, Examination of the infected resource, assumes content is in a monitoring of the user to determine predefined and predictable additional accessible resources, location and network enumeration Capture Predefined specific data or Manual analysis and inspection of the data which matches a data predefined pattern such as a credit card number Well Malicious Exfiltration Organized Organized Well Information sentMeaning to a dump Malicious Information sent back directly to the Insider Criminal site often with little Criminal Meaning Insider attacker Insider stored in a known and not Insider protection and dump site location for an extended period serves as long term storage 13
  • IncursionIncursion Security Market Drivers In 2009 spam accounted for 90% of all email traffic In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable 90% of incidents wouldn’t have happened if systems were patched In 2009 we found 47,000 active bot-infected computers per day 14
  • DiscoveryDiscovery Security Market Drivers 91% of records compromised in 2008 involved organized crime targeting corporate information 81% of attacked companies were non-compliant in PCI 67% of breaches were aided by insider negligence 15
  • Capture Capture Security Market Drivers 285 million records were stolen in 2008, compared to 230 million between 2004 and 2007 Credit card detail accounts for 19% of all goods advertised on underground economy servers IP theft costs companies $600 billion globally 16
  • Exfiltration Exfiltration Security Market Drivers “Hackers Targeted Source Code of More Than 30 Companies” Jan 13, Wired.com “SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com “HSBC Bank Reports Lost Client Data From Swiss Private Bank” Dec 9, Reuters “Gov’t Posts Sensitive List of US Nuclear Sites” Associated Press 17
  • Dissecting Hydraq 18
  • Dissecting Hydraq Hi Francis, I met you at the Malware Conference last month. Wanted to let you know I Incursion got this great shot of you doing your presentation. I posted it here: Attacker Breaks into the networkOrganized by delivering Organized Well Well Malicious Malicious targeted malware to Criminal Criminal Meaning Meaning Insider Insider vulnerable systems and Insider Insider employees 19
  • Dissecting Hydraq Discovery Hacker Maps Organizations Defenses Organized Organized From the Inside and Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Creates a Battle Plan Insider Insider 20
  • Dissecting Hydraq Capture Attacker Accesses Data on Unprotected Systems Organized Organized and Installs Malware to Criminal Criminal Secretly Acquire Crucial Data 21
  • Dissecting Hydraq Hydraq Victim Exfiltration Confidential Data Sent Back to Enemy’s “Home Base” for Organized Exploitation Organized Well Well Malicious Malicious Criminal Meaning Insider and FraudCriminal Meaning Insider Insider Insider Attacker 72.3.224.71:443 22
  • Prelude to a Poorly Enforced IT Policies Breach 1 Poorly Enforced IT Policies Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 23
  • Poorly Protected Prelude to a Information Breach 2 Poorly Protected Information Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 24
  • Prelude to a Breach Poorly Managed Systems 3 Poorly Managed Systems Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 25
  • Poorly Protected Prelude to a Infrastructure Breach 4 Poorly Protected Infrastructure Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 26
  • The Challenge Develop and Enforce IT Policies Protect The Information Manage Systems Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider Protect The Infrastructure 27 27
  • A Comprehensive Security Strategy Is Required Risk Based and Policy Driven IT Governance, Risk and Compliance Information - Centric Information Risk Management Organized Organized Well Well Malicious Malicious Criminal Well Meaning Insider Criminal Managed Infrastructure Meaning Insider Insider Insider Infrastructure Protection and Management 28
  • New Threats Require New Technologies Integrated Security Platform Open Console Security Dynamic Platform Unification Intelligence Protection Develop & Enforce IT Policies Manage Systems • IT Risk Management • Workflow • Compliance Process Automation • Application Streaming • Information-Centric Policy • Portable Personalities Protect the Information Protect the Infrastructure Organized Organized Well Well Malicious Malicious • Data Ownership Criminal Criminal Meaning • Reputation Based Security Meaning Insider Insider Insider • Automated Content Classification • Mobile and Server Security Insider • Content Aware Endpoint Security • Encryption 29
  • Symantec Focuses on Meeting These Challenges Develop and Enforce > Control Compliance Suite IT Policies Protect the > Data Loss Prevention Suite Information Manage Systems > IT Management Suite Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Protect the Insider Insider Infrastructure > Symantec Protection Suite 30
  • Addressing Important Security Questions > Can you enforce IT policies and remediate deficiencies? > Do you know where your sensitive information resides? > Can you easily manage the lifecycle of your IT assets? > Can you improve your security posture by rationalizing your security portfolio? Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 31
  • Thank You Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 32