Security threats and countermeasures in daily life - Symantec
•Download as PPTX, PDF•
2 likes•1,280 views
Security threats and countermeasures in daily life - Symantec. This walks you through various day-to-day information security threats one person undergoes on daily life and relevant counter-measures offered by Symantec. Find it useful, and shared it!
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Security threats and countermeasures in daily life - Symantec
Similar to Security threats and countermeasures in daily life - Symantec (20)
Recently uploaded
Recently uploaded (20)
Security threats and countermeasures in daily life - Symantec
- 1. Security @Work Mathan Kasilingam, CISSP Principal Solution Architect
- 2. 2 Four Key Trends Internet Security Threat Report, Vol. 17 Malware Attacks 81% ↑ Targeted Attacks Expand Mobile Threats Expose All Data Breaches on Rise
- 3. 3 Security never sleeps Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 4. 4 Portrait of a Cyber-Crime Smith Inc Small company – BIG ideas
- 5. 5 Attack #1: Port Scan
- 6. 6 Attack methodology: Company target identifiedThe Hacker – individual, organisation or Government
- 7. 7 Port Scan – probe for vulnerabilities Look for an entry Weak points Defence alignments System vulnerabilities Open doors
- 8. 8 No entry Security Incident & Event Management Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 9. 9 Attack #2: Social Engineering
- 10. 10 Company employee target identified
- 14. 14 No entry Device Encryption Technology Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 15. 15 Attack #3: Spear Phishing
- 16. 16 Desktop targeted via Malicious email
- 17. 17 Even if Desktop Protection fails
- 18. 18 DLP (Data Loss Prevention) can prevent the data from leaving the network
- 19. 19 No entry Data Loss Prevention Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 20. 20 Attack #4: Buffer Overflow Attack
- 22. 22 Detecting system vulnerabilities and apply patches Identify areas of concern
- 23. 23 No entry Automated Compliance Management Solution Critical System Protection (Host FW / IPS / Sys Baseline) Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 24. 24 Attack #5: Password Hacking Attack
- 25. 25 Advanced Persistent Threat Simon’s mum Mrs LeeL E E
- 26. 26 No entry Identity & Access Management Solution Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 27. 27 Attack #6: Attacking mobile devices
- 28. 28 Anti theft – Mobility solutions (Device Management Solution)
- 29. 29 No entry Mobile Device Security Threat & Risk Visibility Information Protection Identity Protection Systems Management Infrastructure Protection Security Intelligence Reconn Incursion Discovery Capture Exfiltrate
- 30. 30 Defence against threats Multiple layers of Security
- 31. 31 Complete Protection Security Incident & Event Management Encryption Technology Data Loss Prevention Automated Compliance Management Critical System Protection Identity & Access Management Mobile Device Security
- 32. 32 Where should you go from here
- 33. 33 Symantec’s Information-Centric Approach INFORMATION Intelligence Governance InfrastructureStore Manage Dedupe Protect Recover Discover Classify Ownership Assess Remediate Compliance Identify Authenticate Policy RISK COST VALUE MobileVirtualisation Cloud Physical
- 34. 34 Stay Informed - Internet Security Threat Report www.symantec.com/threatreport Security Response Website Twitter.com/threatintel
- 35. Stay Informed Internet Security Threat Report, Vol. 17 www.symantec.com/threatreport Security Response Website Twitter.com/threatintel 35
- 36. Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 36 Thank You
Editor's Notes
- Cyber Warfare: Symantec Security SolutionsHow to Win the Cyber-warHolistic Security for today’s tough and targeted threats
- Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection? Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
- Security never sleeps. Security is an integral part of any IT infrastructure. OUR job is to bring our leading technologies to every endpoint, every device, every enterprise. Every stage requires capabilities and compliance. Our mission is to protect and defend against any threat in any environment. We mean business.First lets look at how attack methodology works. What are the phases, what are the important points of protection? Attackers are systematic, usually following… Initial reconnaissance: seeing what’s out there, what’s on which port, how it’s configured Incursion: What’s the actual incursion or break in point? Discovery: Where they start looking at information – confidential, sensitive information. Capture: The stage where they capture the information and assemble it. Exfiltrate:Where information gets pushed out of the organisation, into the hands of the hackers or criminals.
- Here’s the situation: A company – Smith Inc – is about to be subjected to an Advanced Persistent ThreatWhy? This little company just went global. Smith Inc became multi-national overnight because of their design and production of state-of-the-art drilling equipment. Drilling equipment used for natural resources exploration and extraction. That’s right: Oil. Mining. Fossil Fuels. The hot topics in the global economy. Now they’re a hot company who recently soared to the top of the Fortune 500 based on their success rate with contracts from a number of countries. They have a lot of intellectual property – including patented designs for their drilling equipment, exceptional planning tools for project management and correspondence from places we’ve never even heard of who are rich in natural resources. So no wonder Smith Inc has hit the radar of this group of cybercriminals. Information is currency. Whether they trade it with competitors or influence investors on the Dow Jones or Hang Seng. Their information is worth a lot. And Hackers will stop at nothing to get it.
- Lets now take a detailed look at the lengths a hacker, individual, organisation or government will go to achieve their goals and gather valuable information.
- The Hacker, (whether it’s an individual, organisation or government) is out to get Smith Inc. They’ve pressed the Cyber war button and they have decided to use every single imaginative resource they can to access the Smith Inc network – whether to find documentation or correspondence. The won’t stop until they get it.
- The Port Scan is not the Point-of-Entry, just a reconnaissance mission. It means getting a lay of the land, looking for potential entry points. It’s basically ‘casing the joint’ much as bank robbers would look at a bank, figure out routines, understand where guards are, look where the alarm buttons are, and get an overall feeling for security.
- Fortunately, Smith Inc uses a solution known as Symantec security information manager. This Symantec Security Information Manager (SSIM) activates as soon as the port scan starts. In real time, it logs all that activities that are happening on the network. Once these port scans start, SSIM recognises that some are coming from bad IPs thanks to our Global Intelligence Network (GIN), directly connected to SSIM in real time. As a result, these attackers are being tracked by SSIM, showing us a timeline and making sure that we keep an eye on these movements.Note: Sales / Partners to talk about the key benefits of SSIM
- Attack Stage #2: with the widespread use of social networks, let’s look at how attackers use wily ways to infiltrate the most public of public domains…
- …starting with one unsuspecting employee: Let’s call him Simon.
- Simon, like the rest of us, has all his information online, accessible in one way or another.He uses Facebook; online banking; emails from home, work and iPhone, and generally uses e-comms as a way of life. He’s also a senior director at Smith Inc, and has been working on a particular drill design project for almost two years. No wonder the hackers have targeted Simon.
- From his online activity, hackers have figured out Simon’s schedule: like where he eats lunch, how late he works, even what train he takes going home. So it’s no great surprise when one late night when Simon dozes off on the train home, he wakes up to find his laptop gone.
- Hackers have his laptop, but when they try to open it, they didn’t expect protection by Symantec’s Encryption Technology, acquired through PGP. Symantec’ Encryption technology ensures no one can break into a laptop and access privileged information.
- So again, Symantec comes to the rescue with Symantec’s Encryption solution. Personal and business remains secure, useless to the thieves who stole the laptop. Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
- Do they stop there? No, from their Face Book crawling, they found out Simon has a relative in the US he regularly talks to and sends gifts. So they go Spear Phishing…
- Spear Phishing makes Simon “the bait” with an email from Western Union (they’ve seen cash gifts made via Western Union) which he will trust and be likely to open.
- Unfortunately Simon used his office PC to open the email with an attachment – and his desktop is connected to the gateway protected by Third Party protection software. This third party protection software, however, does NOT catch the worm and the worm gets through. What does this worm do? It opens a back door, giving access to whatever is on Simon’s desktop, including those drill designs and patents the hackers are after.
- Thankfully, Symantec Data Loss Prevent (DLP) wakes up. DLP is designed to precisely understand what is confidential information. DLP knows where confidential information resides and makes sure it does not leave the network without proper authorization. The moment Symantec DLP sees complex blueprints, diagrams or documentation marked Sensitive and Confidential going out of the network, it raises an alarm and stops the transfer right there. No data is lost. Not data is accessed.Note: Sales / Partners to talk about the key benefits of Symantec Encryption solutions
- Again because of Symantec. If Smith Inc had used,Symantec Endpoint Protection (SEP) would have stopped such phishing expeditions. Note: Sales / Partners to talk about the key benefits of Data Loss Prevention and Symantec Endpoint Protection
- Do the hackers give up? They don’t. They now decide to attack the data centre with a very old technique known as the buffer overflow attack.
- A Buffer Overflow Attack is when the hacker looks for any residual memory in a program or application and alters it, making it behave in strange new ways. The hacker decides to use this technique not knowing that Smith Inc is not only protected by Symantec security technologies but also use Symantec systems management – Altris. Smith Inc has been using patch management regularly and has ensured that they fix the vulnerabilities that exist in their operating system and their applications. In addition to all Symantec’s systems management, it looks at what patches needs to be applied and efficiently applies those patches across the organisation.Note: Sales/Partner to explain what Buffer Overflow is if audience doesn’t understand
- Attackers will always look for the weakest link in the chain. This could be one small vulnerability in one database or one application. Fortunately Smith Inc is using Symantec Control Compliance Suite (CCS), where one module allows you to go and do an analysis of system vulnerabilities. It exposes these ‘weak links’ and allows you to use applications to patch them.
- This risk-based approach means Smith Inc was prepared. They deployed CCS solutions to prevent a targeted attack.Notes: Sales/Partners to talk about the key benefits of CCS
- By now it would seem that Smith Inc security is truly solid. But there’s another common means of attack with surprisingly simple methods. An Advance Persistent Threat (APT) works on a grass roots level – often with something as simple as a user password or login. An APT works across multiple vectors with simple techniques. It doesn’t look like a automated bot, it looks like a human. Because human thought is behind it.
- Let’s see what Simon says. He figures he has the perfect password, his mother’s maiden name or simply 1 2 3 4 5 6, Fields. But what he thinks is clever is actually very uncomplicated. With a series of hit & miss guesswork trials (likely with clues gathered from other sources), a ‘brute force’ attack will likely get the job done eventually.
- Fortunately Smith Inc uses Identity Management Solutions from Symantec, or VeriSign Identity Protection (VIP). VIP looks from the inside out to make sure the right person has access to applications or data. VIP is able to prevent an unauthorized person from accessing the network. User Authentication technology from Symantec saves the day.Note: Sales/Partners to talk about the key benefits of VIP
- Time for the hackers to pack it in? Not quite. They target another employee, Steve. He recently joined Smith Inc from another company.
- Steve’s job is to look at personal devices such as iPads and iPhones to see how they can increase productivity and efficiency in the workforce. Steve is doing a lot of testing to see how specific company applications can be deployed onto mobile devices. He’s excited about his new role and shares the latest & greatest about his project on Facebook. Next thing you know, Steve’s stash of personal devices go missing. Only thing is, it’s his loss, not Smith Inc’s as all their apps are secure.
- Symantec recently launched Mobile Device Security thanks to recent acquisitions with Odyssey and Nukona. They provide application level security for mobile devices with custom policies to minimize risk and protect confidential information on them. This technology is advanced enough to ‘wipe the slate clean’ of any stored information should the device become lost or stolen.Notes: Sales/Partners to talk about the key benefits of Nukona and Odyssey
- Multiple Layers of SecurityWhat have we seen from Simon and the Smith Inc story? That defense is an in-depth strategy. It’s about putting multiple layers of technology together and making them work. It’s about security without compromise. How to better manage security risks knowing how to prioritise threats and ensure multi-layer integrity while being vigilant of the global landscape of security threats. It’s about understanding how threats work and putting in place an overlapping defense strategy, making it more and more difficult for the attacker to succeed at the various stages of a data breach. It’s about changing workplace environments, virtualisation, and accelerated productivity.
- Recap Slide – identify solutions Recap on Symantec Products and capablities
- Clearly Symantec has a solution to help you meet every information challenge. Our goal is 360-degree data protection regardless of where it is, what it is, or how it is being used. This information-centric approach lets you address the unstoppable forces that every IT organization faces and move forward with confidence.
- Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
- Symantec helps you protect what matters most – information, personal privacy and digital assets, regardless of location or device – three ways:Understanding the context and relevance of data through intelligence and ultimately developing better efficiencies Making information available, accessible and secure – no matter whatDriving governance to show how solutions work effectively in line with regulatory requirements or internal best practicesAnd we make it available to customers however they want to consume it – on premise, virtually, in the cloud or via mobile Let’s look in more details at the kinds of solutions we offer to help protect and manage your information.
- Symantec has many resources for you to stay on top of the security threat landscape and here are a few of the best tools we have:Build Your Own ISTR: (go.symantec.com/istr)This year, Symantec is offering its annual report on the Internet threat landscape in a whole new way. With the online “Build Your Report” tool, you can create your own custom version of the Internet Security Threat Report by selecting only those topic areas in which you are most interested. You can then print your custom report or share it on social networking sites like Twitter and Facebook. This online tool contains data from the 4 appendices that we used to include in the full ISTR in past years. It also contains regional data for EMEA and LAM as well as best practices.Norton Cybercrime Index:This is a tool produced by the Norton consumer team. It’s a daily measure of cybercrime risks globally and is available online at nortoncybercrimeindex.comThreat Intel Twitter Feed:These are updates from our Security Response analysts around the globe – subscribing to this feed will keep you informed about the latest threats and trends that Symantec is seeing across it Global Intelligence Network.
- Symantec END