RSA 2010 Francis De Souza

Today’s IT Attacks: An Title of Presentation IT Security Strategy To Protect Your Assets Francis deSouza Symantec Session ID: SPO1-107 Session Classification: Intermediate

Agenda Sources of a Breach Security Market Drivers Breach Analysis Security Strategy 2

A CRIME IS COMMITTED Secure EVERY ¼ OF A SECOND Endpoints ON THE WEB 3

Secure 1 IN 5 Endpoints WILL BE A VICTIM OF CYBER CRIME 4

100% Secure Endpoints OF ENTERPRISES HAVE EXPERIENCED CYBER LOSSES 5

CYBER ATTACKS COST COMPANY’S AN Secure Endpoints AVERAGE OF $2 MILLION ANNUALLY 6

$75% Secure OF ALL ENTERPRISES Endpoints HAVE EXPERIENCED CYBER ATTACKS IN THE PAST 12 MONTHS 7

43% Secure Endpoints OF COMPANIES LOST CONFIDENTIAL DATA IN 2009 8

ENTERPRISE SECURITY IS Secure Endpoints BECOMING MORE DIFFICULT 9

Sources Of A Breach Organized Organized Well Well Well Malicious Malicious Malicious Targeted Meaning Insider Criminal Criminal Meaning Meaning Insider Insider Insider Attackers Insider Insider 10

History of Targeted Attacks US Government: January 12: Systems in the Department of Google announces they Solar Sunrise: Defense, State, Commerce, have been a victim of a Attacks stealing passwords Energy, and NASA all comprised targeted attack from DoD systems and terabytes of information conducted by 2 Californian confirmed stolen. and 1 Israeli teenager 1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010 Ghostnet: Moonlight Maze: Titan Rain: Attacks on Tibetan Organized Organized Attacks targeting US Well Well Coordinated attacks on Malicious Malicious organizations and Criminal military secrets reported Criminal Meaningmilitary US government Meaning Insider many embassies of Insider to be conducted by Russia Insider installations and private EMEA countries, and Insider contractors NATO systems. 11

Anatomy Of A Breach Anatomy Of A Breach > Incursion > Discovery > Capture Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider > Exfiltration Insider 12

Mass Attack vs Targeted Attack Phase Mass Attack Targeted Attack Incursion Generic social engineering Handcrafted and personalized By-chance infection methods of delivery Discovery Typically no discovery, Examination of the infected resource, assumes content is in a monitoring of the user to determine predefined and predictable additional accessible resources, location and network enumeration Capture Predefined specific data or Manual analysis and inspection of the data which matches a data predefined pattern such as a credit card number Well Malicious Exfiltration Organized Organized Well Information sentMeaning to a dump Malicious Information sent back directly to the Insider Criminal site often with little Criminal Meaning Insider attacker Insider stored in a known and not Insider protection and dump site location for an extended period serves as long term storage 13

IncursionIncursion Security Market Drivers In 2009 spam accounted for 90% of all email traffic In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable 90% of incidents wouldn’t have happened if systems were patched In 2009 we found 47,000 active bot-infected computers per day 14

DiscoveryDiscovery Security Market Drivers 91% of records compromised in 2008 involved organized crime targeting corporate information 81% of attacked companies were non-compliant in PCI 67% of breaches were aided by insider negligence 15

Capture Capture Security Market Drivers 285 million records were stolen in 2008, compared to 230 million between 2004 and 2007 Credit card detail accounts for 19% of all goods advertised on underground economy servers IP theft costs companies $600 billion globally 16

Exfiltration Exfiltration Security Market Drivers “Hackers Targeted Source Code of More Than 30 Companies” Jan 13, Wired.com “SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com “HSBC Bank Reports Lost Client Data From Swiss Private Bank” Dec 9, Reuters “Gov’t Posts Sensitive List of US Nuclear Sites” Associated Press 17

Dissecting Hydraq 18

Dissecting Hydraq Hi Francis, I met you at the Malware Conference last month. Wanted to let you know I Incursion got this great shot of you doing your presentation. I posted it here: Attacker Breaks into the networkOrganized by delivering Organized Well Well Malicious Malicious targeted malware to Criminal Criminal Meaning Meaning Insider Insider vulnerable systems and Insider Insider employees 19

Dissecting Hydraq Discovery Hacker Maps Organizations Defenses Organized Organized From the Inside and Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Creates a Battle Plan Insider Insider 20

Dissecting Hydraq Capture Attacker Accesses Data on Unprotected Systems Organized Organized and Installs Malware to Criminal Criminal Secretly Acquire Crucial Data 21

Dissecting Hydraq Hydraq Victim Exfiltration Confidential Data Sent Back to Enemy’s “Home Base” for Organized Exploitation Organized Well Well Malicious Malicious Criminal Meaning Insider and FraudCriminal Meaning Insider Insider Insider Attacker 72.3.224.71:443 22

Prelude to a Poorly Enforced IT Policies Breach 1 Poorly Enforced IT Policies Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 23

Poorly Protected Prelude to a Information Breach 2 Poorly Protected Information Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 24

Prelude to a Breach Poorly Managed Systems 3 Poorly Managed Systems Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 25

Poorly Protected Prelude to a Infrastructure Breach 4 Poorly Protected Infrastructure Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 26

The Challenge Develop and Enforce IT Policies Protect The Information Manage Systems Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider Protect The Infrastructure 27 27

A Comprehensive Security Strategy Is Required Risk Based and Policy Driven IT Governance, Risk and Compliance Information - Centric Information Risk Management Organized Organized Well Well Malicious Malicious Criminal Well Meaning Insider Criminal Managed Infrastructure Meaning Insider Insider Insider Infrastructure Protection and Management 28

New Threats Require New Technologies Integrated Security Platform Open Console Security Dynamic Platform Unification Intelligence Protection Develop & Enforce IT Policies Manage Systems • IT Risk Management • Workflow • Compliance Process Automation • Application Streaming • Information-Centric Policy • Portable Personalities Protect the Information Protect the Infrastructure Organized Organized Well Well Malicious Malicious • Data Ownership Criminal Criminal Meaning • Reputation Based Security Meaning Insider Insider Insider • Automated Content Classification • Mobile and Server Security Insider • Content Aware Endpoint Security • Encryption 29

Symantec Focuses on Meeting These Challenges Develop and Enforce > Control Compliance Suite IT Policies Protect the > Data Loss Prevention Suite Information Manage Systems > IT Management Suite Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Protect the Insider Insider Infrastructure > Symantec Protection Suite 30

Addressing Important Security Questions > Can you enforce IT policies and remediate deficiencies? > Do you know where your sensitive information resides? > Can you easily manage the lifecycle of your IT assets? > Can you improve your security posture by rationalizing your security portfolio? Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 31

Thank You Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 32

RSA 2010 Francis De Souza

by Symantec on Mar 09, 2010

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 456

Statistics

RSA 2010 Francis De Souza Presentation Transcript

http://dominicstoughton.wordpress.com	443
http://www.slideshare.net	13