Security threats and countermeasures in daily life - Symantec. This walks you through various day-to-day information security threats one person undergoes on daily life and relevant counter-measures offered by Symantec. Find it useful, and shared it!
2. 2
Four Key Trends
Internet Security Threat
Report, Vol. 17
Malware
Attacks
81% ↑
Targeted
Attacks
Expand
Mobile
Threats
Expose All
Data
Breaches
on Rise
3. 3
Security never sleeps
Threat & Risk
Visibility
Information
Protection
Identity
Protection
Systems
Management
Infrastructure
Protection
Security
Intelligence
Reconn
Incursion
Discovery
Capture
Exfiltrate
4. 4
Portrait of a Cyber-Crime
Smith Inc Small company – BIG ideas
Cyber Warfare: Symantec Security SolutionsHow to Win the Cyber-warHolistic Security for today’s tough and targeted threats
Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection? Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection? Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
Here’s the situation: A company – Smith Inc – is about to be subjected to an Advanced Persistent ThreatWhy? This little company just went global. Smith Inc became multi-national overnight because of their design and production of state-of-the-art drilling equipment. Drilling equipment used for natural resources exploration and extraction. That’s right: Oil. Mining. Fossil Fuels. The hot topics in the global economy. Now they’re a hot company who recently soared to the top of the Fortune 500 based on their success rate with contracts from a number of countries. They have a lot of intellectual property – including patented designs for their drilling equipment, exceptional planning tools for project management and correspondence from places we’ve never even heard of who are rich in natural resources. So no wonder Smith Inc has hit the radar of this group of cybercriminals. Information is currency. Whether they trade it with competitors or influence investors on the Dow Jones or Hang Seng. Their information is worth a lot. And Hackers will stop at nothing to get it.
Lets now take a detailed look at the lengths a hacker, individual, organisation or government will go to achieve their goals and gather valuable information.
The Hacker, (whether it’s an individual, organisation or government) is out to get Smith Inc. They’ve pressed the Cyber war button and they have decided to use every single imaginative resource they can to access the Smith Inc network – whether to find documentation or correspondence. The won’t stop until they get it.
The Port Scan is not the Point-of-Entry, just a reconnaissance mission. It means getting a lay of the land, looking for potential entry points. It’s basically ‘casing the joint’ much as bank robbers would look at a bank, figure out routines, understand where guards are, look where the alarm buttons are, and get an overall feeling for security.
Fortunately, Smith Inc uses a solution known as Symantec security information manager. This Symantec Security Information Manager (SSIM) activates as soon as the port scan starts. In real time, it logs all that activities that are happening on the network. Once these port scans start, SSIM recognises that some are coming from bad IPs thanks to our Global Intelligence Network (GIN), directly connected to SSIM in real time. As a result, these attackers are being tracked by SSIM, showing us a timeline and making sure that we keep an eye on these movements.Note: Sales / Partners to talk about the key benefits of SSIM
Attack Stage #2: with the widespread use of social networks, let’s look at how attackers use wily ways to infiltrate the most public of public domains…
…starting with one unsuspecting employee: Let’s call him Simon.
Simon, like the rest of us, has all his information online, accessible in one way or another.He uses Facebook; online banking; emails from home, work and iPhone, and generally uses e-comms as a way of life. He’s also a senior director at Smith Inc, and has been working on a particular drill design project for almost two years. No wonder the hackers have targeted Simon.
From his online activity, hackers have figured out Simon’s schedule: like where he eats lunch, how late he works, even what train he takes going home. So it’s no great surprise when one late night when Simon dozes off on the train home, he wakes up to find his laptop gone.
Hackers have his laptop, but when they try to open it, they didn’t expect protection by Symantec’s Encryption Technology, acquired through PGP. Symantec’ Encryption technology ensures no one can break into a laptop and access privileged information.
So again, Symantec comes to the rescue with Symantec’s Encryption solution. Personal and business remains secure, useless to the thieves who stole the laptop. Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
Do they stop there? No, from their Face Book crawling, they found out Simon has a relative in the US he regularly talks to and sends gifts. So they go Spear Phishing…
Spear Phishing makes Simon “the bait” with an email from Western Union (they’ve seen cash gifts made via Western Union) which he will trust and be likely to open.
Unfortunately Simon used his office PC to open the email with an attachment – and his desktop is connected to the gateway protected by Third Party protection software. This third party protection software, however, does NOT catch the worm and the worm gets through. What does this worm do? It opens a back door, giving access to whatever is on Simon’s desktop, including those drill designs and patents the hackers are after.
Thankfully, Symantec Data Loss Prevent (DLP) wakes up. DLP is designed to precisely understand what is confidential information. DLP knows where confidential information resides and makes sure it does not leave the network without proper authorization. The moment Symantec DLP sees complex blueprints, diagrams or documentation marked Sensitive and Confidential going out of the network, it raises an alarm and stops the transfer right there. No data is lost. Not data is accessed.Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
Again because of Symantec. If Smith Inc had used,Symantec Endpoint Protection (SEP) would have stopped such phishing expeditions. Note: Sales / Partners to talk about the key benefits of Data Loss Prevention and Symantec Endpoint Protection
Do the hackers give up? They don’t. They now decide to attack the data centre with a very old technique known as the buffer overflow attack.
A Buffer Overflow Attack is when the hacker looks for any residual memory in a program or application and alters it, making it behave in strange new ways. The hacker decides to use this technique not knowing that Smith Inc is not only protected by Symantec security technologies but also use Symantec systems management – Altris. Smith Inc has been using patch management regularly and has ensured that they fix the vulnerabilities that exist in their operating system and their applications. In addition to all Symantec’s systems management, it looks at what patches needs to be applied and efficiently applies those patches across the organisation.Note: Sales/Partner to explain what Buffer Overflow is if audience doesn’t understand
Attackers will always look for the weakest link in the chain. This could be one small vulnerability in one database or one application. Fortunately Smith Inc is using Symantec Control Compliance Suite (CCS), where one module allows you to go and do an analysis of system vulnerabilities. It exposes these ‘weak links’ and allows you to use applications to patch them.
This risk-based approach means Smith Inc was prepared. They deployed CCS solutions to prevent a targeted attack.Notes: Sales/Partners to talk about the key benefits of CCS
By now it would seem that Smith Inc security is truly solid. But there’s another common means of attack with surprisingly simple methods. An Advance Persistent Threat (APT) works on a grass roots level – often with something as simple as a user password or login. An APT works across multiple vectors with simple techniques. It doesn’t look like a automated bot, it looks like a human. Because human thought is behind it.
Let’s see what Simon says. He figures he has the perfect password, his mother’s maiden name or simply 1 2 3 4 5 6, Fields. But what he thinks is clever is actually very uncomplicated. With a series of hit & miss guesswork trials (likely with clues gathered from other sources), a ‘brute force’ attack will likely get the job done eventually.
Fortunately Smith Inc uses Identity Management Solutions from Symantec, or VeriSign Identity Protection (VIP). VIP looks from the inside out to make sure the right person has access to applications or data. VIP is able to prevent an unauthorized person from accessing the network. User Authentication technology from Symantec saves the day.Note: Sales/Partners to talk about the key benefits of VIP
Time for the hackers to pack it in? Not quite. They target another employee, Steve. He recently joined Smith Inc from another company.
Steve’s job is to look at personal devices such as iPads and iPhones to see how they can increase productivity and efficiency in the workforce. Steve is doing a lot of testing to see how specific company applications can be deployed onto mobile devices. He’s excited about his new role and shares the latest & greatest about his project on Facebook. Next thing you know, Steve’s stash of personal devices go missing. Only thing is, it’s his loss, not Smith Inc’s as all their apps are secure.
Symantec recently launched Mobile Device Security thanks to recent acquisitions with Odyssey and Nukona. They provide application level security for mobile devices with custom policies to minimize risk and protect confidential information on them. This technology is advanced enough to ‘wipe the slate clean’ of any stored information should the device become lost or stolen.Notes: Sales/Partners to talk about the key benefits of Nukona and Odyssey
Multiple Layers of SecurityWhat have we seen from Simon and the Smith Inc story? That defense is an in-depth strategy. It’s about putting multiple layers of technology together and making them work. It’s about security without compromise. How to better manage security risks knowing how to prioritise threats and ensure multi-layer integrity while being vigilant of the global landscape of security threats. It’s about understanding how threats work and putting in place an overlapping defense strategy, making it more and more difficult for the attacker to succeed at the various stages of a data breach. It’s about changing workplace environments, virtualisation, and accelerated productivity.
Recap Slide – identify solutions Recap on Symantec Products and capablities
Clearly Symantec has a solution to help you meet every information challenge. Our goal is 360-degree data protection regardless of where it is, what it is, or how it is being used. This information-centric approach lets you address the unstoppable forces that every IT organization faces and move forward with confidence.
Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
Symantec has many resources for you to stay on top of the security threat landscape and here are a few of the best tools we have:Build Your Own ISTR: (go.symantec.com/istr)This year, Symantec is offering its annual report on the Internet threat landscape in a whole new way. With the online “Build Your Report” tool, you can create your own custom version of the Internet Security Threat Report by selecting only those topic areas in which you are most interested. You can then print your custom report or share it on social networking sites like Twitter and Facebook. This online tool contains data from the 4 appendices that we used to include in the full ISTR in past years. It also contains regional data for EMEA and LAM as well as best practices.Norton Cybercrime Index:This is a tool produced by the Norton consumer team. It’s a daily measure of cybercrime risks globally and is available online at nortoncybercrimeindex.comThreat Intel Twitter Feed:These are updates from our Security Response analysts around the globe – subscribing to this feed will keep you informed about the latest threats and trends that Symantec is seeing across it Global Intelligence Network.