VeriSign ®  iDefense ®  Security Intelligence Services Overview  <ul><li>Anchises M. G. de Paula,  CISSP </li></ul><ul><li...
Security Incidents Dominate Headlines Oracle to fix 73 security bugs next week   Computerworld, April 2011 WikiLeaks Relea...
Increased Sophistication of Attacks / Attackers More than  286 million  new malware variants detected in 2010  1 93%   inc...
New and Emerging Attack Vectors—Real & Present <ul><li>Mobile Threats </li></ul><ul><li>Virtualization; Cloud Computing </...
The Challenge of Keeping Up Which  patches  are critical? Which aren’t? Is this a  real threat ? Are there threats I don’t...
The Solution Proactively Protect Respond In Real-time Understand Global Implications   Remediate Online Fraud Prioritized ...
What Can VeriSign iDefense Do for You? <ul><li>VeriSign iDefense pinpoints which threats pose the greatest risk </li></ul>...
VeriSign iDefense Security Intelligence Services The Leading Security Intelligence Research Shop VeriSign iDefense deliver...
VeriSign iDefense Security Intelligence Services <ul><li>Zero-day threat protection </li></ul><ul><li>Vulnerability manage...
The VeriSign iDefense Intelligence Process  VeriSign iDefense executes a disciplined process to get intelligence data to u...
The VeriSign iDefense Original Vulnerability Process  Each Vendor Works with VeriSign on Public Disclosure Schedule Discov...
Get the Best Security Intelligence with iDefense Quick Stats <ul><li>Over 170,000 published Intelligence reports </li></ul...
iDefense Portal
Intelligence that Warns when a Threat Is Real <ul><li>What VeriSign iDefense can do for its customers when a real threat e...
Ways to Consume VeriSign iDefense Intelligence Frequency of Research Delivery  Daily <ul><li>Intelligence Feed </li></ul><...
VeriSign iDefense Integrated Intelligence <ul><li>Integrating deep and analytical research from VeriSign iDefense brings v...
iDefense Service Bundles:  Support Security Ops *VeriSign iDefense offers several integration scenarios with leading secur...
iDefense Threat Protection-Level Service Bundles Core Service Standard Service <ul><li>iDefense ®  Intelligence Feed </li>...
Intelligence In Action—A Case Study A top 10 enterprise services firm saved about  $5M  by using VeriSign iDefense analysi...
Intelligence In Action—A Case Study On Feb 26, 2009, a mass mailer virus was identified internally within a top global ent...
Intelligence In Action—A Case Study A top 10 US bank leveraged VeriSign iDefense world-class  malcode  analysis services t...
Intelligence In Action—A Case Study Recently, a VeriSign iDefense client was considering expansion into Russia and need to...
The Bottom Line <ul><li>Manage security risk. Not just threats </li></ul><ul><li>Know which threats matter most.  (And whi...
Q & A
 
APPENDIX
iDefense Service Bundles:  Support Security Ops *VeriSign iDefense offers several integration scenarios with leading secur...
iDefense Threat Protection-Level Service Bundles Core Service Standard Service <ul><li>iDefense ®  Intelligence Feed </li>...
VeriSign iDefense Security Intelligence Services <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>Vulnerability Ad...
VeriSign iDefense Intelligence Organization <ul><li>Vulnerability Applied  Research Labs </li></ul><ul><li>Vulnerability C...
VeriSign iDefense Intelligence Organization <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>24X7 Operations </li>...
VeriSign iDefense Intelligence Organization <ul><li>Financial Services Information Sharing and Analysis Center  (FS-ISAC) ...
VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations ...
VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations ...
VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations ...
VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations ...
VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations ...
Ways to Consume VeriSign iDefense Intelligence <ul><li>VeriSign iDefense ®  Topical Research Reports </li></ul><ul><ul><li...
Security Incidents Dominate Headlines Monster.com Hit With Possible Monster-Sized Data Breach   InformationWeek , January ...
Growth of Threats and Exposure / Risk Your Business Network
Intelligence that Warns when a Threat Is Not <ul><li>What really occurred with CONFICKER… </li></ul><ul><li>Attracted sign...
What Customers Tell Us <ul><li>This translates into a security strategy that consistently delivers:  </li></ul><ul><li>Sub...
VeriSign iDefense Research Methodology <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>Vulnerability Advanced Res...
Ways to Consume VeriSign iDefense Intelligence <ul><li>VeriSign iDefense Research / Report Packages </li></ul><ul><ul><li>...
VeriSign iDefense Security Operational Support <ul><li>VeriSign iDefense ®  Global Threat Intelligence Services </li></ul>...
VeriSign iDefense in Summary <ul><li>Your IT security strategy needs  timely, detailed   and  actionable cyber threat inte...
Upcoming SlideShare
Loading in …5
×

Verisign iDefense Security Intelligence Services

3,055
-1

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,055
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
65
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • PlayStation Network Hack Leaves Credit Card Info at Risk Wired, April 2011 http://www.wired.com/gamelife/2011/04/playstation-network-hacked/ &apos;Anonymous&apos; attacks Visa.com, Mastercard.com in support of WikiLeaks The Washington Post, Dec. 2010 http://voices.washingtonpost.com/blog-post/2010/12/mastercardcom_hacked_by_wikile.html Malware Aimed at Iran Hit Five Sites, Report Says New York Times, February 2011 http://www.nytimes.com/2011/02/13/science/13stuxnet.html?ref=stuxnet Sony PlayStation suffers massive data breach http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426 reuters.com - 04/27/2011 WikiLeaks Releases Guantánamo Bay Prisoner Reports http://www.wired.com/threatlevel/2011/04/wikileaks-gitmo  Wired, April 2011 Royal Navy hacker claims to have broken into space agency site The Register, April 2011 http://www.theregister.co.uk/2011/04/18/esa_website_hack Oracle to fix 73 security bugs next week Computerworld, April 2011 http://www.computerworld.com/s/article/9215838/Oracle_to_fix_73_security_bugs_next_week
  • Overall, spam made up 74.68 percent of all messages in March 2011 State of Spam &amp; Phishing Report, Symantec, April 2011 http://www.symantec.com/business/theme.jsp?themeid=state_of_spam [1] Symantec Internet Security Threat Report - trends for 2010 Volume 16, April 2011 http://www.symantec.com/business/threatreport/index.jsp http://news.techworld.com/security/3272431/malware-attacks-increased-by-93-in-2010-symantec-says/ - more than 286 million new malware variants Symantec detected in 2010 93% increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Trojans made up the highest percentage of the top 50 potential malicious code infections for 2010. In 2010, the percentage of potential infections by Trojans was 56 percent. [2] IC3 2009 Annual Report on Internet Crime http://www.ic3.gov/media/2010/100312.aspx - The Internet Crime Complaint Center (IC3) received a total of 336,655 complaints, a 22.3 percent increase from 2008. The total loss linked to online fraud was $559.7 million; this is up from $265 million in 2008. [3] http://www.internetretailer.com/2011/01/18/fraud-losses-fall [4] APWG Global Phishing Survey: Domain Name Use and Trends in 2H2010 The bad guys are getting more sophisticated and targeted in their motives: DDoS attacks Malware increasing to include data stealing trojans Phishing schemes becoming more and more prominent Taking advantage of economic downturn is working in the favor of attackers … Traditional network security is not enough 1 Kaspersky Labs 2 McAfee 2009 threat predictions report 3 Symantec, Internet Security Report XIV, April 09 4 Trend Micro, Focus Report: Data Stealing Malware . July 7, 2009 SC Magazine 5 APACS, UK Payments Association, October 2008 6 McAfee 7 SC magazine, Dan Raywood, May 22, 2009
  • Underground Evolution – critical mass has been reached The cyber security landscape has fundamentally changed and professionalized cyber criminals have emerged Muslim extremists use cyber fraud as a way to fund their agendas Amateur hacker groups practice cyber espionage in the open in China and elsewhere Cyber war has become a legitimate tool to accomplish political goals, as in Estonia and Georgia. Malicious Infrastructures are present Malicious hackers seem to be applying increased scrutiny to their victims’ critical infrastructure All the while building their own infrastructure to increase efficiency and survivability Bullet Proof Hosting Fastflux iFrames Security Disruptors Security disruptors, which result from new technologies or developments in the culture that will fundamentally change how the business enterprise secures its environments. Mobile Device &amp; Application = Mobile Threat IPv6 Virtualization
  • Conflict Internal security teams can’t keep up with the soaring volume of sophisticated threats. Late detection, poor clarity around which threats are most severe, and the difficulty of reprioritizing resources for remediation puts your entire business on the line. Security breaches can and do destroy businesses – costing millions in lost revenue, shareholder value and customer trust. Market share loss swiftly follows. The volume of threats is massive, and accelerating: new vulnerabilities, new attacks, and new players. Each threat is constantly evolving. Internal security teams can’t keep up. It’s almost impossible for over-tapped internal teams to confidently prioritize which threats present the greatest risk. Companies inevitably over-spend on false ‘emergencies.’
  • The solution to keeping up directly addresses many of the biggest challenges that prospects face, especially today. Any security partnership or intelligence organization must deliver Accurate, actionable and detailed threat intelligence to equip an organization’s security team with the following capabilities: Proactively protect your business from the threats that matter most. Actively respond in real-time to malicious threats with deep analysis of what the threat is, where it is coming from and how to mitigate it. Understand the global implications of any emerging or existing threat, as it evolves. Remediate online fraud with rapid credential recovery and constant monitoring of malicious IPs. Prioritize your threat and vulnerability management strategy – and maximize internal resources. Move from ‘security management’ to ‘risk management’ – and take the lead in communicating this strategy to the executive team.
  • We are the leading security intelligence research shop. No one else approaches security the way we do. 24 hours a day, every day, we provide vendor neutral security intelligence as our core competency If you look at our marquee customer base you can see that our services are taken seriously as again we are integrated into many of the 3 letter government organizations as a trusted intelligence source, largest financial services companies like Goldman Sachs, insurance, healthcare, retailers like Wal-Mart, and large software companies like Microsoft use our services every day. All of our intelligence is created by six highly specialized teams that work in a matrixes function to discover and analyze emerging threats. Additionally, we have been gathering intelligence since 98 and are our primary team is located in the greater Washington DC area (Dulles, VA) with global visibility and presence through VCP and ongoing field operations. Examples of 24 x 7 – Team worked non-stop between Christmas and New Years 2006, 2007 and 2008
  • This slide shows the process we go through to deliver intelligence. I show this slide because some of what I’ve spoken about so far is kind of “cloak and dagger”. We have a discovery phase where information is collected in all sorts of ways, which is then.. Fed to our analysts at various locations in the world at different times who then. Turn that information into intelligence reports of various types such as original vulnerabilities, threats, malicious code, etc. The information is then delivered to our customers in one of four primary means. XML webservice or appliance. We have a XML webservice where report data can be sent to you via a XML webservice or also through an appliance that you can keep onsite where you can utilize the data how ever you want. We also have a secure portal that you can log into to perform research into past threats or read up on recent reports. Also in the portal you can customize your profiles for delivery. Delivery profiles which help customze your e-mail delivery can allow you to make sure your only getting the reports you want from the hundreds created every day. You can get the Oracle reports directly to your oracle guy, or the Malicious Code reports to your malicious code guy, or even reports of only a certain severity of a certain product set once a week to a specific person. The options are endless You can also choose to receive alerts as well via RSS.
  • This slide shows our exclusive vulnerability life cycle from discovery to disclosure. The first section here is when one of our 400 researchers in one of 46 different countires in our VCP network discover a new vulnerability. They send this vulnerability to our VeriSign iDefense labs team who verifies the vulnerability is in fact a vulnerability that would be of importance to the security of the internet and to our customers. We then perform our own research documenting how the vulnerability and its associated exploit code works and then work with the Vendor of the vulnerable product to ensure patch development begins. We share this information with the Vendors to better assist them in creating the patch and then share the information with our customers usually the same day. This allows our customers to understand that they may have a device or application in their environment that is vulnerable and they can use our mitigation and work arounds if available to proactively protect themselves. Now the next portion is important, the Disclosure phase. The actual disclosure time from when we notify our customers and vendor to when the vendor makes the actual public disclosure is measured in months… not days… Right now for the last couple years of VeriSign iDefense exclusive vulnerabilities the average time it takes vendors to make a public disclosure of a vulnerability we discover is 121 days on average over the last two years.
  • The following VeriSign iDefense capabilities help organizations develop a complete threat picture: A private, worldwide network of independent security researchers who provide exclusive advance notification of unpublished vulnerabilities and exploit code Identification and technical verification of original vulnerabilities Aggregation of raw data originating from more than 1,550 sources, including mailing lists, Web sites, and proprietary resources Around-the-clock monitoring and reporting on threats posed by viruses, worms, Trojan horses, spyware, and adware Analysis of the motivation behind cyber attacks and hacker groups to determine whether such groups will actually exploit a vulnerability Risk research and reporting as it pertains to global threats and emerging technologies and trends
  • http://www.microsoft.com/technet/security/Bulletin/MS08-dec.mspx This slide represents what VeriSign iDefense can do for its customers when a real threat emerges. This particular threat came from the Microsoft announced Out of Band Patch in December 2008. Microsoft announced that they would release an out of band patch later on that same day (Dec 9 2008). Our Vulnerability team issued an alert to our customers about the upcoming event and alerted our team about the same. One of our Chinese analysts immediately found the exploit code referenced in the Microsoft Bulletin on a Chinese speaking forum and grabbed it for analysis. At 2 AM, the Vulnerability Team Leader and the Advanced Research Labs leader began discussing the seriousness of the issue and what VeriSign iDefense should do about it. At 5 AM, the team leads woke up the intelligence director to recommend going into War Room Mode. War Room mode is when VeriSign iDefense changes its operational tempo from every 24 hours to 3 hours; in other words, instead of meeting once a day to discuss intelligence matters, the team meets every three hours until an issue is resolved. In the mean time, the VeriSign iDefense Advanced Research Lab (ARL) collected its first set of PCAP files and created its first set of SNORT IDS signatures based on the Chinese sample collected earlier. The Vuln Aggregation Team (VAT) pushed those signatures to all customers. At 10 AM, VeriSign iDefense held its first War Room Meeting. We assigned research tasks. We gathered all customer questions that had begun to come in because of the MS announcement. By 1 PM, the ARL had developed their own Exploit Code that leveraged the Vulnerability description from MS. Now we had two distinct sets of exploit code for the same vulnerability. We knew this was dangerous. We recommended to customers to patch this vulnerability immediately, out of cycle if they could,. But definitely ahead of schedule. MS released the patch at 1 PM We closed the War Room down at 3 PM and hosted a customer call at 5:30 to discuss all that we learned. In 17 hours, we updated the alert for this one vulnerability 7 times with new information about how the vulnerability works, what the potential impact may be and how to mitigate it both with the patch and other work-arounds.
  • Patch Management Assistance: Save time and money A top 10 enterprise services firm saved about $5M by using VeriSign iDefense Vulnerability Aggregation Team analysis to decide - correctly - not to install three out-of-cycle patches… even though other security organizations were recommending them Fraud Response: Gain visibility and confidence A top 10 US bank credential recovery, supported by VeriSign iDefense with additional malcode analysis, lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K. Global Threat Awareness: Protect even against unknown threats On April 22nd, Finjan discovered a botnet with 1.9M users that had been in use since February and was hosted in the Ukraine and allowing malware to bypassed 90% of common anti-virus software. Nothing about this botnet stood out before the event since it appeared to be a completely average bot. However, the unnamed botnet was previously seen by VeriSign iDefense allowing all VeriSign iDefense customers to be protected against the threat months earlier. Incident Response: Extend your team for faster remediation On Feb 26 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. A code sample was obtained and submitted to VeriSign iDefense Rapid Response team and within several minutes, receipt of the submission was confirmed by phone. Within 3 hours of submission, an VeriSign iDefense Rapid Report was delivered with analysis and remediation strategies that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm. #4b Incident Response 2 of 2: Extend your team for faster remediation In November 2008, an VeriSign iDefense retail client was confronted with a critical attack whereby a user reported that they were having problems on one of the company websites—home page of a sub-site had been corrupted. A pop-up would appear that requests the user to purchase a fake antivirus product that once installed, the victim is asked to purchase the full version for $50 and redirection takes over the entire browser resulting in a useless fake page. The client quickly reached out to the VeriSign iDefense Rapid Response team as they were having some problems reproducing the error. VeriSign iDefense immediately identified and narrowed down the problem to a malicious advertisement fed into the website through advertising partners, not through a direct attack. The client was notified that all that was required was the removal of the advertisement to mitigate the attack. From the time the incident was reported to VeriSign iDefense to takedown of the ad was less than two hours. The biggest value to client was that with such a quick turnaround, not a single bit of negative press was released about the attack, which could have been detrimental during the holiday season.
  • Patch Management Assistance: Save time and money A top 10 enterprise services firm saved about $5M by using VeriSign iDefense Vulnerability Aggregation Team analysis to decide - correctly - not to install three out-of-cycle patches… even though other security organizations were recommending them Fraud Response: Gain visibility and confidence A top 10 US bank credential recovery, supported by VeriSign iDefense with additional malcode analysis, lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K. Global Threat Awareness: Protect even against unknown threats On April 22nd, Finjan discovered a botnet with 1.9M users that had been in use since February and was hosted in the Ukraine and allowing malware to bypassed 90% of common anti-virus software. Nothing about this botnet stood out before the event since it appeared to be a completely average bot. However, the unnamed botnet was previously seen by VeriSign iDefense allowing all VeriSign iDefense customers to be protected against the threat months earlier. Incident Response: Extend your team for faster remediation On Feb 26 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. A code sample was obtained and submitted to VeriSign iDefense Rapid Response team and within several minutes, receipt of the submission was confirmed by phone. Within 3 hours of submission, an VeriSign iDefense Rapid Report was delivered with analysis and remediation strategies that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm. #4b Incident Response 2 of 2: Extend your team for faster remediation In November 2008, an VeriSign iDefense retail client was confronted with a critical attack whereby a user reported that they were having problems on one of the company websites—home page of a sub-site had been corrupted. A pop-up would appear that requests the user to purchase a fake antivirus product that once installed, the victim is asked to purchase the full version for $50 and redirection takes over the entire browser resulting in a useless fake page. The client quickly reached out to the VeriSign iDefense Rapid Response team as they were having some problems reproducing the error. VeriSign iDefense immediately identified and narrowed down the problem to a malicious advertisement fed into the website through advertising partners, not through a direct attack. The client was notified that all that was required was the removal of the advertisement to mitigate the attack. From the time the incident was reported to VeriSign iDefense to takedown of the ad was less than two hours. The biggest value to client was that with such a quick turnaround, not a single bit of negative press was released about the attack, which could have been detrimental during the holiday season.
  • Patch Management Assistance: Save time and money A top 10 enterprise services firm saved about $5M by using VeriSign iDefense Vulnerability Aggregation Team analysis to decide - correctly - not to install three out-of-cycle patches… even though other security organizations were recommending them Fraud Response: Gain visibility and confidence A top 10 US bank credential recovery, supported by VeriSign iDefense with additional malcode analysis, lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K. Global Threat Awareness: Protect even against unknown threats On April 22nd, Finjan discovered a botnet with 1.9M users that had been in use since February and was hosted in the Ukraine and allowing malware to bypassed 90% of common anti-virus software. Nothing about this botnet stood out before the event since it appeared to be a completely average bot. However, the unnamed botnet was previously seen by VeriSign iDefense allowing all VeriSign iDefense customers to be protected against the threat months earlier. Incident Response: Extend your team for faster remediation On Feb 26 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. A code sample was obtained and submitted to VeriSign iDefense Rapid Response team and within several minutes, receipt of the submission was confirmed by phone. Within 3 hours of submission, an VeriSign iDefense Rapid Report was delivered with analysis and remediation strategies that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm. #4b Incident Response 2 of 2: Extend your team for faster remediation In November 2008, an VeriSign iDefense retail client was confronted with a critical attack whereby a user reported that they were having problems on one of the company websites—home page of a sub-site had been corrupted. A pop-up would appear that requests the user to purchase a fake antivirus product that once installed, the victim is asked to purchase the full version for $50 and redirection takes over the entire browser resulting in a useless fake page. The client quickly reached out to the VeriSign iDefense Rapid Response team as they were having some problems reproducing the error. VeriSign iDefense immediately identified and narrowed down the problem to a malicious advertisement fed into the website through advertising partners, not through a direct attack. The client was notified that all that was required was the removal of the advertisement to mitigate the attack. From the time the incident was reported to VeriSign iDefense to takedown of the ad was less than two hours. The biggest value to client was that with such a quick turnaround, not a single bit of negative press was released about the attack, which could have been detrimental during the holiday season.
  • Patch Management Assistance: Save time and money A top 10 enterprise services firm saved about $5M by using VeriSign iDefense Vulnerability Aggregation Team analysis to decide - correctly - not to install three out-of-cycle patches… even though other security organizations were recommending them Fraud Response: Gain visibility and confidence A top 10 US bank credential recovery, supported by VeriSign iDefense with additional malcode analysis, lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K. Global Threat Awareness: Protect even against unknown threats On April 22nd, Finjan discovered a botnet with 1.9M users that had been in use since February and was hosted in the Ukraine and allowing malware to bypassed 90% of common anti-virus software. Nothing about this botnet stood out before the event since it appeared to be a completely average bot. However, the unnamed botnet was previously seen by VeriSign iDefense allowing all VeriSign iDefense customers to be protected against the threat months earlier. Incident Response: Extend your team for faster remediation On Feb 26 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. A code sample was obtained and submitted to VeriSign iDefense Rapid Response team and within several minutes, receipt of the submission was confirmed by phone. Within 3 hours of submission, an VeriSign iDefense Rapid Report was delivered with analysis and remediation strategies that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm. #4b Incident Response 2 of 2: Extend your team for faster remediation In November 2008, an VeriSign iDefense retail client was confronted with a critical attack whereby a user reported that they were having problems on one of the company websites—home page of a sub-site had been corrupted. A pop-up would appear that requests the user to purchase a fake antivirus product that once installed, the victim is asked to purchase the full version for $50 and redirection takes over the entire browser resulting in a useless fake page. The client quickly reached out to the VeriSign iDefense Rapid Response team as they were having some problems reproducing the error. VeriSign iDefense immediately identified and narrowed down the problem to a malicious advertisement fed into the website through advertising partners, not through a direct attack. The client was notified that all that was required was the removal of the advertisement to mitigate the attack. From the time the incident was reported to VeriSign iDefense to takedown of the ad was less than two hours. The biggest value to client was that with such a quick turnaround, not a single bit of negative press was released about the attack, which could have been detrimental during the holiday season.
  • Wrap up With VeriSign iDefense, companies have the world’s most experienced multinational network of security experts acting as an extension of their teams and exclusive access to the most in-depth cyber threat intelligence available. This translates into a security strategy that consistently delivers significant return-on-investment through cost savings – with proactive insights on true threats, and the intelligence to avoid false alarms – revenue and reputation protection through improved system and application availability -- through fraud mitigation and response support, etc. –Also emphasized making our customer exec look good, avoid attacks and support customer security teams in working faster, smarter through integration of intelligence, and analyst access… and share knowledge with security teams that results in evolution of security program maturity. What Next Steps do we want? Manage security risk. Not just threats. Cyber attacks can, and do, destroy companies, and the volume and severity of threats is explosive. Companies can’t keep up. VeriSign iDefense’s global cyber-intelligence team puts you in control, with proactive, accurate intelligence – and informed recommendations for threat mitigation. Basic ‘threat feeds’ don’t come close. Know which threats matter most. (And which ones don’t). Accuracy, detail and context are what make intelligence valuable. VeriSign iDefense delivers the most in-depth analysis of the complete threat landscape, so your team can focus on real threats, avoiding daily ‘emergencies’ and costly fire-drills. Stay 100+ days ahead of threats. The only way to protect your network is to spot threats early – and know which ones pose real risk. VeriSign iDefense is consistently 100 days ahead of everyone else, with deep analysis, accurate and actionable insight, and customized threat intelligence. This time advantage means you’re secure, when others are spending millions to fix damage that could have been prevented. Strengthen your security team VeriSign iDefense puts 60 of the world’s top security experts on your team, delivering exclusive research that goes far beyond publicly known vulnerabilities. While you watch your perimeter, we watch the world – bringing you actionable threat intelligence to keep your company safe. Trust the industry’s only truly vendor-independent provider of global cyber threat intelligence Hundreds of companies rely on VeriSign iDefense as their No. 1 trusted security partner, including 20 of the top 30 banks . As part of this select group, you gain access to the world’s best strategies for risk management and cyber intelligence.
  • Growth of threats and exposure/risk has exponentially increase as organizations move beyond the enterprise to be competitive making information, data, application available to customers, partners and mobile workforce. Threats are growing in number as more critical data is being pushed beyond the enterprise and through online. With the addition of new attack vectors that are on not just seen on the horizon, they are real and closer… This has created-- The Perfect Storm Attacks are threatening your company’s defenses every hour, putting you at increased risk Risk in terms of multi-million-dollar costs: Loss of revenue And the devastating loss of reputation, Customer trust Market share
  • http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx This slide represents what VeriSign iDefense can do for its customers when a perceived threat is not real. This particular threat came from the media scare about what the Conficker Worm might do on 1 April, April Fool’s Day, of this year. VeriSign iDefense began tracking the worm when MS annouced the OOB patch back in October 2008 and reverse engineered all of the variants for the next few months. We knew exactly what this worm was doing and when it would do it. By january, we even published a prediction algorithm that accurately predicted what domains Conficker would occupy as it spread. And, we published a detection tool to our customers so that they could see if they were infected. In late Mar, the media began reporting that the Internet would melt down because Conficker was going to do something drastic on 1 Apr. We knew by reverse engineering the code that what OCnficker was going to do on 1 Apr was massively update itself with new functionality but that nobody on the internet would be affected. The work could still be used for nefarious purposes, but the 1 Apr update was just an upgrade to the software. All of the VeriSign iDefense customers new this situation well before the media began to hype it and could talk their leadership down form the ledge because of the NPR story they heard that morning.
  • Here are the tangible benefits (business, bandwidth, financial value, knowledge sharing/improved security program management) Should this be where we put the key stats mentioned above? With VeriSign iDefense, companies have the world’s most experienced multinational network of security experts acting as an extension of their teams and exclusive access to the most in-depth cyber threat intelligence available. This translates into a security strategy that consistently delivers substantial cost savings – with proactive insights on true threats, the intelligence to avoid false alarms and revenue protection through improved system and application availability . reputation protection through fraud mitigation and response support,
  • Slides that walk through teams and focus Add visibility of VRSN Global Infrastructure
  • Not sure if this is where we should place this page… Research/Report Packages—more info to follow Business Application (PM, IR, Fraud Response, Global Threat Awareness) Integrated Intelligence: Integrating deep and analytical research from VeriSign iDefense brings value to the landscape of security management tools and platforms
  • Get crucial new insights within days – finding unexpected threats and shoring up looming vulnerabilities Know about upcoming attacks that matter to you -- and have an action plan in place – for zero exposure Gain new control over real threats, empty scares and scarce budget – with targeted knowledge that filters out the needles from the haystacks Custom recommendations for action – and the confidence that each is 100% vendor-neutral Extend your team with the resources of the world’s savviest security users – and more than 60 dedicated specialists watching your network Get the peace of mind that comes from being proactive – finally. And transform how your C-team thinks about security
  • Verisign iDefense Security Intelligence Services

    1. 1. VeriSign ® iDefense ® Security Intelligence Services Overview <ul><li>Anchises M. G. de Paula, CISSP </li></ul><ul><li>May, 2011 </li></ul>
    2. 2. Security Incidents Dominate Headlines Oracle to fix 73 security bugs next week Computerworld, April 2011 WikiLeaks Releases Guantánamo Bay Prisoner Reports Wired , April 2011 Royal Navy hacker claims to have broken into space agency site The Register , April 2011 Malware Aimed at Iran Hit Five Sites, Report Says New York Tim , February 2011 Sony PlayStation suffers massive data breach Reuters , April 2011
    3. 3. Increased Sophistication of Attacks / Attackers More than 286 million new malware variants detected in 2010 1 93% increase in malware attacks in 2011 1 56% of malicious code infections were Trojans in 2010 1 Reported online crime losses totaled $559.7M USD in 2009 – a total of 336,655 complaints, a 111% and 22.3% increase from 2008, respectively. 2 Cyber criminals are targeting Web 2.0 and cloud technologies Ecommerce fraud in 2010 estimated to $2.7 billion 3 More than 115,000 reported phishing attacks in 2010 4
    4. 4. New and Emerging Attack Vectors—Real & Present <ul><li>Mobile Threats </li></ul><ul><li>Virtualization; Cloud Computing </li></ul><ul><li>IPv6 </li></ul>Source: Lattuf2: http://tinyurl.com/djyqk4 Source: Waldec : CarnalOwnage, 01/09 <ul><li>Social Engineering Attacks </li></ul><ul><li>Phishing/Whaling/Spear Phishing </li></ul><ul><li>Data Stealing Trojans </li></ul>Underground Evolution Malicious Infrastructure Technology Disruptors Waldec Trojan: 2500 Unique IPS
    5. 5. The Challenge of Keeping Up Which patches are critical? Which aren’t? Is this a real threat ? Are there threats I don’t know about? How do I get the most out of our security infrastructure investments ? How can I stay ahead of the threat curve? How do I maximize our incident response efforts? How can I make sense of global thr eat implications? How do I best inform executive management of the most relevant risk factors ?
    6. 6. The Solution Proactively Protect Respond In Real-time Understand Global Implications Remediate Online Fraud Prioritized Vulnerability and Patch Management Enable Risk Management
    7. 7. What Can VeriSign iDefense Do for You? <ul><li>VeriSign iDefense pinpoints which threats pose the greatest risk </li></ul><ul><li>Know what you need to do to proactively protect your networks, Web applications and sensitive data </li></ul><ul><li>Apply customized threat intelligence to your unique geographical and contextual needs of your business </li></ul><ul><li>Access to exclusive research and VeriSign iDefense analysts – far beyond publicly known vulnerabilities </li></ul><ul><li>Support faster and smarter incident response capabilities </li></ul>™
    8. 8. VeriSign iDefense Security Intelligence Services The Leading Security Intelligence Research Shop VeriSign iDefense delivers deep analysis and actionable intelligence related to vulnerabilities, malicious code and geopolitical threats to enable protection against critical infrastructure attacks Industry-Leading Services Offerings <ul><li>Intelligence is our core competency 24/7 </li></ul><ul><li>100% vendor-agnostic </li></ul>Actively Gathering Global Intelligence Since 1998 <ul><li>Based in the Greater Washington DC Area </li></ul><ul><li>Worldwide Reach </li></ul>Recognized by Frost & Sullivan The Leading Provider of Exclusive Vulnerabilities (2009)
    9. 9. VeriSign iDefense Security Intelligence Services <ul><li>Zero-day threat protection </li></ul><ul><li>Vulnerability management support </li></ul><ul><li>Critical infrastructure protection through public/private sector analysis and information sharing </li></ul><ul><li>Faster and smarter incident response </li></ul><ul><li>Fraud mitigation and response strategies </li></ul><ul><li>Increased global threat awareness </li></ul>VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs Delivering Security Operational Support
    10. 10. The VeriSign iDefense Intelligence Process VeriSign iDefense executes a disciplined process to get intelligence data to users Discovery Analysis Publication Delivery XML Appliance Portal Email Original Vulnerabilities Geopolitical Threats Malicious Code Intelligence Report Archive Archive Intelligence Reports Publish Intelligence Reports Create Intelligence Reports Analyst Desktop Original Vulnerabilities & VeriSign iDefense Labs The World Public Sources Centralized Data Collection Public Vulnerabilities Desktop Tools & Freeware VeriSign Intelligence Network RSS Feed Int’l Cyber Intelligence
    11. 11. The VeriSign iDefense Original Vulnerability Process Each Vendor Works with VeriSign on Public Disclosure Schedule Discovery Notification Responsible Disclosure Public Disclosure By Vendor The World VeriSign iDefense Vulnerability Advanced Research Labs Verification Original Vulnerabilities VeriSign iDefense process for notifying customers and vendors of vulnerabilities VCP Network VeriSign iDefense Customers Vendor
    12. 12. Get the Best Security Intelligence with iDefense Quick Stats <ul><li>Over 170,000 published Intelligence reports </li></ul><ul><li>On average 8 research reports published per major threat </li></ul><ul><li>Reported on over 10,000 vulnerabilities of which 602 are exclusive vulnerabilities discovered over past three years </li></ul><ul><ul><li>On average, warns customers of Microsoft vulnerabilities 100 days in advance of Microsoft </li></ul></ul><ul><ul><li>181 days in advance for other vendors’ vulnerabilities </li></ul></ul><ul><li>Customized and Customer-Driven Tracking </li></ul><ul><ul><li>21,500 + Products and Technologies </li></ul></ul><ul><ul><li>250 + Vendors </li></ul></ul><ul><ul><li>1550 + Public sources </li></ul></ul><ul><li>1200+ Underground and Private sources tracked/infiltrated </li></ul>Key Attributes <ul><li>50 + full-time, dedicated security analysts </li></ul><ul><ul><li>= 500,000 + hours of collective experience & insight </li></ul></ul><ul><li>More than 600 Security Research Contributors Worldwide </li></ul><ul><li>Multi-Lingual Threat Collection </li></ul><ul><ul><li>Over 20 Spoken Languages Covered </li></ul></ul><ul><li>Ongoing Global Field Operations in suspect countries </li></ul><ul><li>Threat Data, Analysis and Attribution </li></ul><ul><ul><li>Not just “what”, but the “who”, “why” and “how” </li></ul></ul><ul><li>Access VeriSign iDefense Analysts </li></ul><ul><li>Greater network visibility through the VeriSign .com/.net Global Infrastructure </li></ul>
    13. 13. iDefense Portal
    14. 14. Intelligence that Warns when a Threat Is Real <ul><li>What VeriSign iDefense can do for its customers when a real threat emerges </li></ul><ul><li>December 2008: Microsoft announces out-of-band patch with a zero-day tolerance </li></ul><ul><li>Within 17 hours, VeriSign iDefense updated the alert for this one vulnerability 7x with new information about: </li></ul><ul><ul><li>How the vulnerability works </li></ul></ul><ul><ul><li>Potential impact </li></ul></ul><ul><ul><li>How to mitigate with the patch and other workarounds </li></ul></ul>Midnight Microsoft Announces Out of Band Patch; Exploit Code in the Wild 2 AM First Leader Team Discussion 5 AM Decision to go to War Room 10 AM First Meeting; Situational Awareness 3 PM Last Meeting; Situational Awareness 5:30 PM Customer Call 1 PM MS releases OOB Patch VAT issued an alert Exploit Code Found PCAPS Developed; Sigs Developed Customer Information Coming In Exploit Code Built VeriSign iDefense Threat Report Updated 7X
    15. 15. Ways to Consume VeriSign iDefense Intelligence Frequency of Research Delivery Daily <ul><li>Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>VeriSign iDefense ® Exclusive Vulnerability Reports </li></ul></ul><ul><ul><li>Malicious Code Reports </li></ul></ul><ul><ul><li>VeriSign iDefense ® Threat Reports </li></ul></ul><ul><li>Flash Reports </li></ul>Weekly / Bi-Weekly <ul><li>Weekly Threat Report </li></ul><ul><li>Weekly Vulnerability Summary Report </li></ul><ul><li>Weekly Malicious Code Summary Report </li></ul><ul><li>VeriSign iDefense ® Threat Briefings </li></ul>Monthly <ul><li>Topical Research Reports </li></ul><ul><li>Patch Tuesday Report </li></ul>By Request <ul><li>VeriSign iDefense ® Analyst Service </li></ul><ul><li>Rapid Response Service </li></ul><ul><li>Focused Intelligence Reports </li></ul><ul><li>Malicious Code Rapid Report Service </li></ul><ul><li>Phishing Shutdown Service </li></ul><ul><li>Malicious Code Shutdown Service </li></ul>8 Reports / Year <ul><li>Global Threat Research Report </li></ul>Automated <ul><li>Malicious Code Credential Recovery Service </li></ul><ul><li>IP Reputation Service </li></ul><ul><li>Integration Services: </li></ul><ul><ul><li>QualysGuard </li></ul></ul><ul><ul><li>Archer </li></ul></ul><ul><ul><li>Agiliance </li></ul></ul><ul><ul><li>Skybox </li></ul></ul><ul><ul><li>ArcSight </li></ul></ul>
    16. 16. VeriSign iDefense Integrated Intelligence <ul><li>Integrating deep and analytical research from VeriSign iDefense brings value to the landscape of security management tools and platforms </li></ul><ul><li>Integration can maximize security infrastructure and management investments </li></ul><ul><li>Future integrations are in development with leading Patch Management, Ticketing and IDS/IPS device vendors </li></ul>Vulnerability Management SIEM Platform IT GRC
    17. 17. iDefense Service Bundles: Support Security Ops *VeriSign iDefense offers several integration scenarios with leading security management platforms and tools. Please consult your Account Executive to review a full list of available integrations and discuss the value of integrated analytical intelligence into your enterprise environment. Global Threat Intelligence Services <ul><li>iDefense ® Threat Briefings </li></ul><ul><li>Weekly Threat Report </li></ul><ul><li>Vulnerability Summary Reports </li></ul><ul><li>Malicious Code Summary Reports </li></ul><ul><li>Topical Research Reports </li></ul><ul><li>Global Threat Research Reports </li></ul><ul><li>iDefense ® Analyst Service </li></ul>Vulnerability Intelligence Services <ul><li>FLASH Reports </li></ul><ul><li>Threat Reports </li></ul><ul><li>Public Vulnerability Intelligence Reports </li></ul><ul><li>iDefense ® Exclusive Vulnerability Reports </li></ul><ul><li>Vulnerability Summary Reports </li></ul><ul><li>Malicious Code Intelligence Reports </li></ul><ul><li>Patch Tuesday Reports </li></ul><ul><li>iDefense ® Analyst Service </li></ul><ul><li>Optional iDefense Integration Services* </li></ul>Incident Response Services <ul><li>Threat Reports </li></ul><ul><li>Malicious Code Intelligence Report </li></ul><ul><li>Malicious Code Summary Report </li></ul><ul><li>Malicious Code Rapid Report Service </li></ul><ul><li>iDefense ® Rapid-Response Service </li></ul><ul><li>iDefense ® Analyst Service </li></ul>Fraud Mitigation Services <ul><li>IP Reputation Service </li></ul><ul><li>Victim IP Feed </li></ul><ul><li>iDefense ® Analyst Service </li></ul><ul><li>Optional Phishing Shutdown Service </li></ul><ul><li>Optional Malicious Code Shutdown Service </li></ul>Add-On Services <ul><li>Focused Intelligence Report </li></ul><ul><li>Custom Intelligence Report </li></ul><ul><li>Artifact Analysis On-Demand Service </li></ul><ul><li>iDefense ® Rapid-Response Service </li></ul><ul><li>Phishing Shutdown Service </li></ul><ul><li>Malicious Code Shutdown Service </li></ul><ul><li>*iDefense Integration Services for: </li></ul><ul><ul><li>QualysGuard VM </li></ul></ul><ul><ul><li>Skybox Threat Alert Manager </li></ul></ul><ul><ul><li>Archer </li></ul></ul><ul><ul><li>ArcSight </li></ul></ul><ul><ul><li>Agiliance </li></ul></ul>
    18. 18. iDefense Threat Protection-Level Service Bundles Core Service Standard Service <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><li>FLASH Reports </li></ul>Tactical Research <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><ul><li>iDefense ® Exclusive Vulnerability Reports </li></ul></ul><ul><ul><li>Malicious Code Reports </li></ul></ul><ul><li>FLASH Reports </li></ul><ul><li>Cyber Threat Brief </li></ul>Tactical Research Comprehensive Service Tactical Research iDefense ® Intelligence Feed FLASH Reports Strategic Research iDefense ® Analyst Service iDefense ® Threat Briefings iDefense ® Designated Analyst Service Malcode Rapid Report Service IP Reputation Service Analyst Team Weekly Threat Report Vulnerability Summary Reports Malicious Code Summary Reports Patch Tuesday Reports Topical Research Reports Global Threat Research Reports <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>iDefense® Exclusive Vulnerability Reports </li></ul></ul><ul><ul><li>Malicious Code Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><li>FLASH Reports </li></ul>iDefense ® Analyst Service iDefense ® Threat Briefings Malcode Rapid Report Service Enhanced Service Strategic Research Tactical Research Weekly Threat Report Vulnerability Summary Reports Malicious Code Summary Reports Microsoft Patch Tuesday Reports Topical Research Reports Analyst Team
    19. 19. Intelligence In Action—A Case Study A top 10 enterprise services firm saved about $5M by using VeriSign iDefense analysis to decide—correctly—not to install three out-of-cycle patches … even though other security organizations were recommending them Vulnerability Management Assistance Save time and money
    20. 20. Intelligence In Action—A Case Study On Feb 26, 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. Within 3 hours of submission to VeriSign iDefense Rapid Response Team, analysis and remediation strategies were delivered that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm. Incident Response Faster and smarter remediation
    21. 21. Intelligence In Action—A Case Study A top 10 US bank leveraged VeriSign iDefense world-class malcode analysis services that lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K. Fraud Mitigation Gain visibility and confidence
    22. 22. Intelligence In Action—A Case Study Recently, a VeriSign iDefense client was considering expansion into Russia and need to understand how this might impact their risk level. By leveraging iDefense Global Threat Intelligence Services, the organization increased awareness of prominent insider threats in the region . As a result, intelligence delivered in the context of the client’s geographical needs was used in making better decisions around review of local security practices, hiring of local personnel and background checks. Global Threat Intelligence Drives Threat Awareness
    23. 23. The Bottom Line <ul><li>Manage security risk. Not just threats </li></ul><ul><li>Know which threats matter most. (And which ones don’t) </li></ul><ul><li>Get an average 100+ days advanced notification on Zero-day vulnerabilities </li></ul><ul><li>Strengthen your security team </li></ul><ul><li>Trust the industry’s truly vendor-independent provider of global cyber threat intelligence </li></ul>
    24. 24. Q & A
    25. 26. APPENDIX
    26. 27. iDefense Service Bundles: Support Security Ops *VeriSign iDefense offers several integration scenarios with leading security management platforms and tools. Please consult your Account Executive to review a full list of available integrations and discuss the value of integrated analytical intelligence into your enterprise environment. Global Threat Intelligence Services <ul><li>iDefense ® Threat Briefings </li></ul><ul><li>Weekly Threat Report </li></ul><ul><li>Vulnerability Summary Reports </li></ul><ul><li>Malicious Code Summary Reports </li></ul><ul><li>Topical Research Reports </li></ul><ul><li>Global Threat Research Reports </li></ul><ul><li>iDefense ® Analyst Service </li></ul>Vulnerability Intelligence Services <ul><li>FLASH Reports </li></ul><ul><li>Threat Reports </li></ul><ul><li>Public Vulnerability Intelligence Reports </li></ul><ul><li>iDefense ® Exclusive Vulnerability Reports </li></ul><ul><li>Vulnerability Summary Reports </li></ul><ul><li>Malicious Code Intelligence Reports </li></ul><ul><li>Patch Tuesday Reports </li></ul><ul><li>iDefense ® Analyst Service </li></ul><ul><li>Optional iDefense Integration Services* </li></ul>Incident Response Services <ul><li>Threat Reports </li></ul><ul><li>Malicious Code Intelligence Report </li></ul><ul><li>Malicious Code Summary Report </li></ul><ul><li>Malicious Code Rapid Report Service </li></ul><ul><li>iDefense ® Rapid-Response Service </li></ul><ul><li>iDefense ® Analyst Service </li></ul>Fraud Mitigation Services <ul><li>IP Reputation Service </li></ul><ul><li>Victim IP Feed </li></ul><ul><li>iDefense ® Analyst Service </li></ul><ul><li>Optional Phishing Shutdown Service </li></ul><ul><li>Optional Malicious Code Shutdown Service </li></ul>Add-On Services <ul><li>Focused Intelligence Report </li></ul><ul><li>Custom Intelligence Report </li></ul><ul><li>Artifact Analysis On-Demand Service </li></ul><ul><li>iDefense ® Rapid-Response Service </li></ul><ul><li>Phishing Shutdown Service </li></ul><ul><li>Malicious Code Shutdown Service </li></ul><ul><li>*iDefense Integration Services for: </li></ul><ul><ul><li>QualysGuard VM </li></ul></ul><ul><ul><li>Skybox Threat Alert Manager </li></ul></ul><ul><ul><li>Archer </li></ul></ul><ul><ul><li>ArcSight </li></ul></ul><ul><ul><li>Agiliance </li></ul></ul>
    27. 28. iDefense Threat Protection-Level Service Bundles Core Service Standard Service <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><li>FLASH Reports </li></ul>Tactical Research <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><ul><li>iDefense ® Exclusive Vulnerability Reports </li></ul></ul><ul><ul><li>Malicious Code Reports </li></ul></ul><ul><li>FLASH Reports </li></ul><ul><li>Cyber Threat Brief </li></ul>Tactical Research Comprehensive Service Tactical Research iDefense ® Intelligence Feed FLASH Reports Strategic Research iDefense ® Analyst Service iDefense ® Threat Briefings iDefense ® Designated Analyst Service Malcode Rapid Report Service IP Reputation Service Analyst Team Weekly Threat Report Vulnerability Summary Reports Malicious Code Summary Reports Patch Tuesday Reports Topical Research Reports Global Threat Research Reports <ul><li>iDefense ® Intelligence Feed </li></ul><ul><ul><li>Public Vulnerability Reports </li></ul></ul><ul><ul><li>iDefense® Exclusive Vulnerability Reports </li></ul></ul><ul><ul><li>Malicious Code Reports </li></ul></ul><ul><ul><li>Threat Reports </li></ul></ul><ul><li>FLASH Reports </li></ul>iDefense ® Analyst Service iDefense ® Threat Briefings Malcode Rapid Report Service Enhanced Service Strategic Research Tactical Research Weekly Threat Report Vulnerability Summary Reports Malicious Code Summary Reports Microsoft Patch Tuesday Reports Topical Research Reports Analyst Team
    28. 29. VeriSign iDefense Security Intelligence Services <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>Vulnerability Advanced Research Labs </li></ul><ul><li>Malicious Code Intelligence and Operations </li></ul><ul><li>Rapid-Response Team </li></ul><ul><li>International Cyber Intelligence Team </li></ul><ul><li>FS-ISAC (SOC) </li></ul><ul><li>VeriSign iDefense Fusion Cell </li></ul><ul><li>Editorial Team </li></ul>Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs VeriSign iDefense Intelligence Organization Editorial
    29. 30. VeriSign iDefense Intelligence Organization <ul><li>Vulnerability Applied Research Labs </li></ul><ul><li>Vulnerability Contributor Program (VCP) </li></ul><ul><ul><li>A network of 600+ researchers worldwide </li></ul></ul><ul><li>Original Vulnerability Analysis and Discovery </li></ul><ul><li>Responsible Disclosure of Original Vulnerability Discovery </li></ul>Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs Provides vulnerability mitigation intelligence by conducting leading-edge reverse-engineering research and analysis of submitted and internally uncovered computer vulnerabilities, exploits, and attacks
    30. 31. VeriSign iDefense Intelligence Organization <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>24X7 Operations </li></ul><ul><li>Infiltration, Aggregation, Analysis </li></ul><ul><li>Customer-driven, Customized Tracking </li></ul><ul><ul><li>Tracks 1,550+ Public and Private Sources </li></ul></ul><ul><ul><li>21,500 + Products and Technologies </li></ul></ul><ul><ul><li>250 + Vendors </li></ul></ul><ul><li>Websites, Forums, Mailing Lists, Underground </li></ul><ul><li>De-conflict Resolution </li></ul><ul><ul><li>Analysis of conflicting information </li></ul></ul><ul><li>Deep Human Analysis in Every Report </li></ul><ul><ul><li>Not just aggregated data </li></ul></ul>Provides in-depth research and analysis on public vulnerabilities and exploits to ensure customers receive actionable vulnerability notification and mitigation options Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs
    31. 32. VeriSign iDefense Intelligence Organization <ul><li>Financial Services Information Sharing and Analysis Center (FS-ISAC) </li></ul><ul><li>Security Operations Center (SOC) for 4,000+ member organization </li></ul><ul><li>Collaborates with U.S. Department of Treasury </li></ul><ul><li>Serves as the operational arm of the Financial Services Sector Coordinating Council </li></ul><ul><li>Acts as the primary communications channel for financial services sector </li></ul>The mission of the FS-ISAC is to enhance the ability of the financial services sector, and its critical infrastructure, to prepare and respond to cyber and physical threats, vulnerabilities and incidents Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs
    32. 33. VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs <ul><li>Rapid Response Team </li></ul><ul><li>First Line of Defense to Customers </li></ul><ul><ul><li>Extension of Your Research Team </li></ul></ul><ul><li>Targeted Attack Analysis </li></ul><ul><ul><li>Expert Code Analysis </li></ul></ul><ul><li>Timely Research </li></ul><ul><ul><li>10 Minutes, 3 Hours, 2 Days </li></ul></ul><ul><li>Comprehensive Reporting </li></ul><ul><ul><li>Remediation and Workaround Strategies </li></ul></ul>Provides a 24/7/365 incident response service in the form of an executive briefing to occur within three (3) hours of a customer submission and discussion of incident
    33. 34. VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs <ul><li>Malcode Intelligence & Operations </li></ul><ul><li>Global Aggregation </li></ul><ul><ul><li>Websites, IRC, Forums, Honey Pots </li></ul></ul><ul><li>De-conflict Resolution </li></ul><ul><ul><li>Analysis of conflicting information </li></ul></ul><ul><li>Code Analysis Lab </li></ul><ul><ul><li>Goat Machines, VM Network </li></ul></ul><ul><li>Reverse Code Engineering </li></ul><ul><ul><li>Industry Leading Engineers </li></ul></ul><ul><li>Malware Discovery </li></ul><ul><ul><li>New tactics and new targets </li></ul></ul>Provides notification of malicious code threats to IT security breaches to augment customers’ risk management process
    34. 35. VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs <ul><li>International Cyber Intelligence </li></ul><ul><li>Geopolitical Analysis and Actor Attribution </li></ul><ul><ul><li>Answers the “Who” and “Why” behind Attacks </li></ul></ul><ul><li>Field Research and Investigations </li></ul><ul><ul><li>Russia, China, Middle East, South America </li></ul></ul><ul><li>Threats in Context </li></ul><ul><ul><li>Trends, Events, Techniques </li></ul></ul><ul><li>Multilingual Analysts </li></ul><ul><ul><li>20 Spoken Languages </li></ul></ul><ul><ul><ul><li>Arabic, Cantonese, Chinese Mandarin, Dari, Farsi, French, German, Hindi, Japanese, Kannada, Marathi, Russian, Sinhala, Spanish, Tagalog, Tajik, Turkish, Urdu, Wu, etc. </li></ul></ul></ul>Provides research on the dynamics of the world’s cyber security environments and its interconnections through combined analytical methods—From the behavioral and information sciences to the development of research programs and networks of relationships
    35. 36. VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs Editorial <ul><li>VeriSign iDefense Editorial Team </li></ul><ul><li>Seven editors on staff available 24/7 to deliver on the publishing needs of up-to-the minute VeriSign iDefense intelligence </li></ul><ul><li>VeriSign iDefense delivers on an average over 500 pages of text-based research per month in addition to daily threat reports and customer requested Focused Intelligence reports </li></ul><ul><li>VeriSign iDefense editors have contributed to an industry-wide reputation of high quality VeriSign iDefense research and reporting </li></ul>
    36. 37. VeriSign iDefense Intelligence Organization Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs <ul><li>VeriSign iDefense Fusion Cell </li></ul><ul><li>Plans and directs cross-functional VeriSign iDefense intelligence process and knowledge sharing </li></ul><ul><li>Enables a comprehensive perspective of the threat environment to be shared across all intelligence teams </li></ul><ul><li>Serves as the hub for public and private research and partnership </li></ul><ul><li>Underground Operations </li></ul><ul><ul><li>Engage illicit markets with the aim of identifying core actors, methods and assets </li></ul></ul><ul><ul><li>Maintaining reputable aliases and acquiring compromised information are the teams core capabilities </li></ul></ul>
    37. 38. Ways to Consume VeriSign iDefense Intelligence <ul><li>VeriSign iDefense ® Topical Research Reports </li></ul><ul><ul><li>Notable Malware for 2010 , 3/2010 </li></ul></ul><ul><ul><li>Domain Name System Security Extensions (DNSSEC), 11/2009 </li></ul></ul><ul><ul><li>IPv6 Technology, 11/2009 </li></ul></ul><ul><ul><li>Mobile Threats, 11/2009 </li></ul></ul><ul><ul><li>Review of MPLS Security Considerations, 10/2009 </li></ul></ul><ul><ul><li>Browser Security, 5/2009 </li></ul></ul><ul><ul><li>Cloud Computing, 5/2009 </li></ul></ul><ul><ul><li>Exploring Stolen Data Markets Online, 3/2009 </li></ul></ul><ul><li>VeriSign iDefense ® Global Threat Research Reports </li></ul><ul><ul><li>Cyber Threat Landscape of Russia </li></ul></ul><ul><ul><li>Cyber Threat Landscape of Hong Kong </li></ul></ul><ul><ul><li>Cyber Threat Landscape of Saudi Arabia </li></ul></ul><ul><ul><li>Cyber Threat Landscape of China </li></ul></ul><ul><li>VeriSign iDefense ® Focused Intelligence Reports </li></ul><ul><ul><li>Expanding More Sophisticated Online Censorship Efforts, 7/2009 </li></ul></ul><ul><ul><li>Cisco VLAN Technology, 9/2008 </li></ul></ul><ul><li>VeriSign iDefense ® Weekly Threat Report – Sample Table of Contents </li></ul><ul><ul><li>Overview of Last Week's Publications </li></ul></ul><ul><ul><li>News in Brief </li></ul></ul><ul><ul><li>Trends and Developments: Revisiting iDefense Predictions for the 2010 Cyber Threat Landscape </li></ul></ul><ul><ul><li>Cyber Warfare: Russian Military Doctrine Includes Information Security </li></ul></ul><ul><ul><li>Response: Public Report Analysis—Lessons learned from Vol 7 of the Microsoft Security Intelligence Report </li></ul></ul><ul><ul><li>Cyber Crime: Identity Theft Statistics for 2009 </li></ul></ul><ul><ul><li>State of the Hack: VeriSign iDefense Explains ... </li></ul></ul>Depth and Frequency of VeriSign iDefense Intelligence
    38. 39. Security Incidents Dominate Headlines Monster.com Hit With Possible Monster-Sized Data Breach InformationWeek , January 2009 Cyber Attacks Jam Government and Commercial Web Sites in U.S. and South Korea New York Times , July 2009 Updated MyDoom Responsible for DDoS Attacks computerworld.com, July 2009 Electricity Grid in U.S. Penetrated By Spies Wall Street Journal, April 2009 Obama's Copter Plans Turn Up On The Web New York Post , March 2009 Vast Spy System Loots Computers in 103 Countries New York Times , March 2009 Former employee accused of stealing secrets from Goldman Sachs Group Chicago Tribune , July 2009 DOD seeks defense against denial-of-service attacks fcw.com, July 2009 Data breaches cost $6.6 million on average, survey finds CNET , February 2009
    39. 40. Growth of Threats and Exposure / Risk Your Business Network
    40. 41. Intelligence that Warns when a Threat Is Not <ul><li>What really occurred with CONFICKER… </li></ul><ul><li>Attracted significant attention as a critical issue </li></ul><ul><li>Other intelligence groups and 60 Minutes reports of April 1 meltdown </li></ul><ul><li>But, ultimately was declared a non-emergency by VeriSign iDefense </li></ul><ul><li>The 7-month time lapse indicates why a threat lifecycle approach is both essential and cost-effective </li></ul>60 Minutes Reports 1 Apr Internet Meltdown 29 Mar 23 Oct Microsoft Announces Out of Band Patch; MS 08-067 24 Nov First Conficker in the Wild 01 Jan 10 Dec First in-depth Analysis on Conficker in MSR 2nd Conficker in the Wild 28 Jan Publishes Domain Generation Algorithm 29 Jan Publishes Downatool 09 Mar 3rd Conficker in the Wild 16 Mar 4th Conficker in the Wild Media Reports 1 Apr Internet Meltdown 23 Mar Nothing Happens 1 Apr Accurate Prediction Detection Tool VeriSign iDefense Threat Report: Explaining Why The Internet Would Not Melt Accurate Intelligence Allows You to Focus on What Matters Most
    41. 42. What Customers Tell Us <ul><li>This translates into a security strategy that consistently delivers: </li></ul><ul><li>Substantial cost savings with proactive insights on true threats, the intelligence to avoid false alarms </li></ul><ul><li>Revenue protection through improved system and application availability </li></ul><ul><li>Reputation protection through fraud mitigation and response support </li></ul><ul><li>Improved in-house security operations through analyst access, knowledge transfer and tactics/technique sharing </li></ul>“ With VeriSign iDefense, they have the world’s most experienced multinational network of security experts acting as an extension of their teams, with exclusive access to the most in-depth cyber threat intelligence available.”
    42. 43. VeriSign iDefense Research Methodology <ul><li>Vulnerability Aggregation Team </li></ul><ul><li>Vulnerability Advanced Research Labs </li></ul><ul><li>Malicious Code Intelligence and Operations </li></ul><ul><li>Rapid-Response Team </li></ul><ul><li>International Cyber Intelligence Team </li></ul><ul><li>FS-ISAC (SOC) </li></ul><ul><li>VeriSign iDefense Fusion Cell </li></ul><ul><li>Editorial Team </li></ul>Vulnerability Aggregation International Cyber Intelligence Malcode Operations Lab FS-ISAC SOC FS Info Sharing & Analysis Center VeriSign iDefense Fusion Cell Rapid Response Team Vulnerability Advanced Research Labs VeriSign iDefense Intelligence Organization Editorial
    43. 44. Ways to Consume VeriSign iDefense Intelligence <ul><li>VeriSign iDefense Research / Report Packages </li></ul><ul><ul><li>Access to over 170,000 published research reports </li></ul></ul><ul><ul><li>Variety of secure delivery methods </li></ul></ul><ul><ul><ul><li>Secure and encrypted customer portal </li></ul></ul></ul><ul><ul><ul><li>Via email and RSS Feeds </li></ul></ul></ul><ul><ul><ul><li>XML Web services </li></ul></ul></ul><ul><li>Integrated Intelligence </li></ul><ul><ul><li>Integrating VeriSign iDefense analytical research in to security management tools and platforms </li></ul></ul><ul><li>Support for Security Operations </li></ul><ul><ul><li>Global Threat Intelligence Services: Increased Global and Regional Threat Awareness </li></ul></ul><ul><ul><li>Vulnerability Intelligence Services: Improved Vulnerability Management </li></ul></ul><ul><ul><li>Incident Response Services: Faster and Smarter Incident Response </li></ul></ul><ul><ul><li>Fraud Mitigation Services: Risk Management Around Online Fraud </li></ul></ul>
    44. 45. VeriSign iDefense Security Operational Support <ul><li>VeriSign iDefense ® Global Threat Intelligence Services </li></ul><ul><li>Increased Global & Regional Threat Awareness </li></ul><ul><ul><li>Strategic view of global and regional threats and emerging threat activity </li></ul></ul><ul><ul><li>In-depth country and regional reports </li></ul></ul><ul><ul><li>Real-time threat alert feed </li></ul></ul><ul><li>VeriSign iDefense ® Vulnerability Intelligence Services </li></ul><ul><li>Prioritized and Accurate Vulnerability Management Assistance </li></ul><ul><ul><li>Vulnerability prioritization </li></ul></ul><ul><ul><li>Drives efficient and accurate remediation </li></ul></ul><ul><ul><li>Combine asset data, vulnerability scan data with VeriSign iDefense vulnerability data </li></ul></ul><ul><li>VeriSign iDefense ® Incident Response Services </li></ul><ul><li>Incident Response Efficiency </li></ul><ul><ul><li>Acts as an embedded part of a company’s incident response program </li></ul></ul><ul><ul><li>Real-time auto analysis and in-depth human analysis of malicious code </li></ul></ul><ul><ul><li>Forensic capabilities and strategic malicious code research on the latest threats </li></ul></ul><ul><li>VeriSign iDefense ® Fraud Mitigation Services </li></ul><ul><li>Manage Risk Around Online Fraud </li></ul><ul><ul><li>Phishing and Malware Shutdown Services </li></ul></ul><ul><ul><li>Online fraud risk management services </li></ul></ul><ul><ul><li>Monitoring of known malicious IPs and the victims they target </li></ul></ul>
    45. 46. VeriSign iDefense in Summary <ul><li>Your IT security strategy needs timely, detailed and actionable cyber threat intelligence that applies to the unique needs of your business so you can protect your business from the onslaught of cyber attacks </li></ul><ul><li>With attacks increasingly targeted and potentially devastating, ‘managing’ security isn’t enough. You have to manage risk – and that means proactive intelligence </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×