SECURITY THREATS, TRENDS ANDPROTECTION IN LESS THAN 30MINUTESRich AgarSolutions Architect, HP Enterprise Security©2010 Hew...
Agenda•   Teaching you to suck eggs?    – Or   maybe introducing /reinforcing some information security realities?•   The ...
INFORMATIONSECURITY REALITIES
Risk is good…too much risk is badRisk: a threat against a vulnerable asset that could cause harm•   Can you identify the r...
Honesty and openness•   Preparation for potential attack, internal    and external, requires an honest    interpretation o...
Motivation•   Create an environment that encourages honesty•   For positive change, motivation is required•   Everyone is ...
Your adversaries are agile, are you?    Your adversaries count on:•    You having to navigate and negotiate bureaucracy th...
THE CURRENTTHREAT LANDSCAPE
Adversaries don’t care if you are compliant……In fact they count on it!•   Malicious Cyber Actors    – Are   aware and unde...
Web application security•        In the past threats were at the network – firewalls helped, they don’t anymore.•        T...
Client Side AttacksAnyone care to guess what this means?($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!+$)[_/_]+$_[+$...
Client side attacksWhat about this one?•    mysql.com hack – Sept 2011•    Heavily obfuscated Java exploit•    Malware fil...
The business of exploitation               Infection Rate                                Estimated Toolkit Prices13
You could be for sale!     http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-unde...
Or your data!     http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-underground-m...
THE VALUE OF RESEARCH
There is research, and there is research•    Most vendors claiming protection don’t research•    What this means for you i...
Exploit and vulnerability protection                                    Vulnerability                                     ...
Exploit specific filters•    An exploit-specific filter detects the shellcode used in an exploit     – Could   lead to fal...
Vulnerability specific filters•    In EVERY attack, the following must be true to exploit the buffer overflow:     – TCP  ...
Research means•    Broader protection•    Faster protection•    Accurate protection•    Vulnerability research provides:  ...
Microsoft research by security organisationCompiled from public data available at http://www.microsoft.com/technet/securit...
The INSTANT-ON      ENTERPRISE is here.A JOURNEY THROUGH IT INNOVATION29TH NOVEMBER – 1ST DECEMBER VIENNA, AUSTRIAHP Disco...
FILL IN YOUR FEEDBACK FORMTO ENTER A COMPETITION TO WIN      AN HP TOUCHPAD !!
WE LOOK FORWARD TO SEEING YOU IN   THE HP EXPERIENCE LOUNGE!           THANK YOU.
YOUR YEAR-ROUND  IT RESOURCE – access to everything  you’ll need to know
THE WHOLETECHNOLOGY   STACKfrom start to finish
COMMENT &  ANALYSISInsights, interviews and the latest thinking on technology solutions
VIDEOYour source of live information – all the presentations from         our live events
TECHNOLOGY     LIBRARY   Over 3,000 whitepapers,case studies, product overviews and press releases from all the       lead...
EVENTS, WEBINARS &    PRESENTATIONS           Missed the event?   Download the presentations thatinterest you. Catch up wi...
DirectoryA comprehensive A-Z listing     providing in-depth    company overviews
ALL FREE TO ACCESS    24/7
online.ipexpo.co.uk
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES
Upcoming SlideShare
Loading in …5
×

SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES

2,061 views

Published on

Learn more about Network Security. Defend your networks while streamlining data access - learn more about enterprise-wide integrated network security from HP
.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,061
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SECURITY THREATS, TRENDS AND PROTECTION IN LESS THAN 30 MINUTES

  1. 1. SECURITY THREATS, TRENDS ANDPROTECTION IN LESS THAN 30MINUTESRich AgarSolutions Architect, HP Enterprise Security©2010 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
  2. 2. Agenda• Teaching you to suck eggs? – Or maybe introducing /reinforcing some information security realities?• The current Threat Landscape – Some examples why its hard to always catch exploits• The value of research• HP Discover• Competition2
  3. 3. INFORMATIONSECURITY REALITIES
  4. 4. Risk is good…too much risk is badRisk: a threat against a vulnerable asset that could cause harm• Can you identify the risks to your organisation? – What are the key business assets? – What level of risk is acceptable to you organisation?• Where are you at risk?• Gather (well vetted) intelligence• Don’t rely on just one party (vendor/partner/3rd party)• Don’t rely just on technology – Think people, processes and technology4
  5. 5. Honesty and openness• Preparation for potential attack, internal and external, requires an honest interpretation of ones state• “Knowing Thyself” therefore is critical in being able to properly assess and apply information• Honest interpretation of intelligence along with the application of knowledge can be powerful catalysts for change5
  6. 6. Motivation• Create an environment that encourages honesty• For positive change, motivation is required• Everyone is motivated differently – act accordingly• Being ‘secure’ doesn’t happen overnight• Prioritise to reduce the attack surface• It can take a long time to build a secure environment and only a single breach can lose customer confidence6 HP Confidential
  7. 7. Your adversaries are agile, are you? Your adversaries count on:• You having to navigate and negotiate bureaucracy that slows reaction• You having to placate those who may have ‘influence in the absence of understanding’• Your attention being focused on the anticipated and expected• You to have less time than they have, and perhaps even less resource.7
  8. 8. THE CURRENTTHREAT LANDSCAPE
  9. 9. Adversaries don’t care if you are compliant……In fact they count on it!• Malicious Cyber Actors – Are aware and understand the struggles that enterprises face in striving to achieve compliance• Here is the News… – They don’t care and are counting on it!• New approaches in countering the actions of malicious cyber actors are warranted and necessary• Comprehension of this is key in combating next generation adversaries and threats9
  10. 10. Web application security• In the past threats were at the network – firewalls helped, they don’t anymore.• Today attacks are at the client: browser, document reader, web application• In a recent study*: – 73% of respondents hacked at least once in last 2 years – 72% actually TEST less than 10% of their web applications for security • Main reasons given are lack of budget and expertise – 64% don’t think they can actually fix their application vulnerabilities – 68% say their web application security budget is LESS than their coffee budget!• *Ponemon Institute- State of Web Application Security, Feb 2011 10
  11. 11. Client Side AttacksAnyone care to guess what this means?($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)Its JavaScript – if that helps?Do you think any of your developers/security people might be able to figure itout?It actually decodes to:window["alert"](1)A benign XSS ‘attack’ in this case that pops up an alert window.11
  12. 12. Client side attacksWhat about this one?• mysql.com hack – Sept 2011• Heavily obfuscated Java exploit• Malware files installed and executed• No user intervention• Who would visit mysql.com?12
  13. 13. The business of exploitation Infection Rate Estimated Toolkit Prices13
  14. 14. You could be for sale! http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-underground-market/14
  15. 15. Or your data! http://cyberinsecure.com/access-to-hacked-government-educational-military-websites-sold-on-underground-market/15
  16. 16. THE VALUE OF RESEARCH
  17. 17. There is research, and there is research• Most vendors claiming protection don’t research• What this means for you is they have an anti-virus mentality• Signatures of known exploits, detect, possibly prevent• This is ok as an approach, but it does have its drawbacks• Lets use a picture…17
  18. 18. Exploit and vulnerability protection Vulnerability False Positives (coarse filter) Exploit B (missed by Exploit A Exploit Filter A) Standard IPS Exploit Filter for Exploit A18
  19. 19. Exploit specific filters• An exploit-specific filter detects the shellcode used in an exploit – Could lead to false positives / negatives• Example: The following hex string can be used to detect the MS Blaster worm: – EB19 5E 31 C9 81 E9 89 FF FF FF 81 36 80 BF 32 94 81 EE FC FF FF FF E2 F2 EB 05 E8 E2 FF FF FF 03 53 06 1F 74 57 75 95 80 BF BB 92 7F 89 5A 1A CE B1 DE 7C E1 BE 32• servername becomes shellcode_buffer_overflow• Pros: Simple string match, easy to implement, suitable for weak engines• Cons: Reactive, possible false positives / negatives, blind if exploit modified19
  20. 20. Vulnerability specific filters• In EVERY attack, the following must be true to exploit the buffer overflow: – TCP session established to appropriate port (135) – BIND is to the appropriate RPC interface – REQUEST is to appropriate function call (opnum=4) – SERVERNAME parameter must be longer than 32 bytes• This guarantees no false positives and no false negatives• servername becomes servername (max 32 bytes)• Pros: Proactive protection, very precise, hard to evade• Cons: Requires powerful and fast filtering engine20
  21. 21. Research means• Broader protection• Faster protection• Accurate protection• Vulnerability research provides: – Protection before exploits exist – Protection before vendors not performing research21
  22. 22. Microsoft research by security organisationCompiled from public data available at http://www.microsoft.com/technet/security/current.aspxIncludes all IPS/Firewall vendors with non-zero contributions or appearing in respective Gartner Magic Quadrants in leaders/challengers positions22
  23. 23. The INSTANT-ON ENTERPRISE is here.A JOURNEY THROUGH IT INNOVATION29TH NOVEMBER – 1ST DECEMBER VIENNA, AUSTRIAHP Discover is the showcase technology event where you willlearn what it takes to start your Instant-On Enterprise journey.Held annually this event brings the power of people, technologyand ideas together to solve your most difficult enterprise ITchallenges.LEARN MORE and REGISTERhp.com/go/discover
  24. 24. FILL IN YOUR FEEDBACK FORMTO ENTER A COMPETITION TO WIN AN HP TOUCHPAD !!
  25. 25. WE LOOK FORWARD TO SEEING YOU IN THE HP EXPERIENCE LOUNGE! THANK YOU.
  26. 26. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  27. 27. THE WHOLETECHNOLOGY STACKfrom start to finish
  28. 28. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  29. 29. VIDEOYour source of live information – all the presentations from our live events
  30. 30. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  31. 31. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  32. 32. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  33. 33. ALL FREE TO ACCESS 24/7
  34. 34. online.ipexpo.co.uk

×