SlideShare a Scribd company logo
1 of 15
Download to read offline
Social Networking and Cyber-Security:
Strength, Weakness, Opportunity, or Threat?


                        Aus-Cert, May 2010
About Palo Alto Networks

•   World-class team with strong security and networking experience
     • Founded in 2005 by security visionary Nir Zuk

     • Top-tier investors

•   Builds next-generation firewalls that identify / control 950+ applications
     • Restores the firewall as the core of the enterprise network security
       infrastructure
     • Innovations: App-ID™, User-ID™, Content-ID™

•   Global footprint: 1,100+ customers in 60+ countries, 24/7 support
Social Networking is No Longer a Fad
• Hundreds of millions of people use social applications daily
   • Facebook has over 400 million users

   • LinkedIn has over 60 million users

   • Social bookmarking applications have roughly 10 million users each

   • Youtube is the 3rd most popular website on the Internet

• Sales, marketing, public relations, human resources, product teams,
  and business development all see opportunity
Social Networking is A Hotbed of Risk
• Brand Damage
   • Mis-treat your customers at your own peril

• Compliance
   • Using unapproved applications, (FINRA)

• Business Continuity
   • Malware or application vulnerability induced downtime

• Operations Costs
   • Excessive bandwidth consumption, desktop cleanup

• Data Loss/Leakage
   • Unauthorized employee file transfer, data sharing

• Productivity
   • Uncontrolled, excessive use for non-work related purposes
Applications Are The Threat Vector
•   US$3.8M stolen from small
    school district in New York State
     •   Zeus banking trojan stole
         credentials, enabled transfers
     •   All but US$500K recovered
•   Increasingly, new and old threats
    using social networks
     •   Social network-specific (e.g.,
         Koobface, FBAction)
     •   New life for old threats (e.g.,
         Zeus/Zbot)
•   Huge user populations, high
    degree of trust, liberal use of SSL


•   But wait – we have those
    applications under control…
Existing Control Mechanisms?

• Applications have changed

   • Any port, random ports,
      encryption - all in use




                                  • Users feel entitled to use any
                                    application
                                  • New employees = always on,
                                    always connected
Employees Will Find A Way…
                                                                                            80%
                                      RDP

• Remote Access                        SSH                                             76%
                                                                                62%
                                     telnet
   • 27 variants found 95% of                                             53%
                                   LogMeIn
     the time                                                       42%
                                TeamViewer



                                  CGIProxy                   30%
• External Proxies                PHProxy
                                                             30%

                                                            27%
   • 22 variants found 76% of    CoralCDN
     the time                     FreeGate
                                                      15%

                                                      14%
                                Glype Proxy



• Encrypted Tunnels                    Tor
                                                      15%

                                                      13%
                                   Hamachi
   • Non-VPN related – found                         9%
                                  UltraSurf                   Frequency That the
     30% of the time                            3%
                                   Gbridge                  Application Was Detected
                                                3%
                                     Gpass

                                          00%         20%     40%         60%         80%
Applications Are Not What They Seem
                                                              Most Frequently Detected "Dynamic" Applications

           100%

            80%       83%
                                        78%             77%        73%
            60%                                                                            60%
                                                                                60%
                                                                                                           55%       54%       51%
            40%                                                                                                                          42%

            20%

             0%
                  Sharepoint        iTunes          MS RPC       Skype     BitTorrent MSN Voice           Ooyla   Mediafire   eMule   Teamviewer


                                         Applications That are Capable of Tunneling
                                                                                                              • 67% of the applications
       Networking (73)                        36                      18              17         2                use port 80, port 443, or
     Collaboration (46)            18                     25         12                                           hop ports
            Media (24)        8         12         13

  General-Internet (17)       6     7     4
                                                                                                              • 190 of them are
Business-Systems (15)         10        41
                                                                                                                  client/server
                          0                         25                     50                        75       • 177 can tunnel other
                                  Client-server (78)                 Browser-based (66)                           applications, a feature no
                                  Network-protocol (19)              Peer-to-peer (12)                            longer reserved for SSL or
                                                                                                                  SSH
Enterprise 2.0 Use is Consistent; Intensity Up
• Google Docs and Calendar
    resource consumption* is up
    55%


• Google Talk Gadget shot up by
    56% while Google Talk dropped
    76%


• Bandwidth consumed by
    SharePoint and LinkedIn is up
    14% and 48% respectively


• Bandwidth consumed by
    Facebook, per organization, is
    a staggering 4.9 GB

* Resource consumption = bandwidth and session usage
Social Networking: Strengths

         Top line revenue
  Reaching new markets/customer groups
Increasing sales in existing markets/customer
                     groups


         Bottom line profit
Reduction in cost of sales (disintermediation)
        Reduction in cost of support
       Reduction in cost of marketing
Social Networking: Weaknesses

   Fraught with unmanaged risk
            Few policies
Existing policies aren’t enforceable
                 Savvy users
  Content controls/logging/auditing outdated
  Security models too restrictive
             Coarse allow/deny
Social Networking: Opportunities



         Business opportunity
        Evolve security policies
            Evolve controls
Make risk management/security relevant
Threats - Social Networking Top 10

10 - Social networking worms
9 - Phishing bait
8 - Trojan vector
7 - Data leaks
6 - Shortened/obfuscated links
5 - Botnet command and control
4 - It’s a data source for attackers
3 - Cross-Site Request Forgery (CSRF)
2 - Impersonation
1 - Trust
Recommendations

• Policy
  • Gather

  • Listen

  • Redefine

• Model – re-think or refine
  • Blindly blocking is somewhat draconian; blindly allowing is a CLM

  • Safe enablement is your new mantra

• Controls
  • Visibility and control of applications, users, and content is key

  • “Allow, but…” controls are critical
www.paloaltonetworks.com/aur

More Related Content

Viewers also liked

Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
FSU-ITS
 
организация и методика выполнения проектов в физ ре
организация и методика выполнения  проектов в  физ реорганизация и методика выполнения  проектов в  физ ре
организация и методика выполнения проектов в физ ре
Анна Денисенко
 
стимулирующие технологии как метод активизации собственных сил организма
стимулирующие технологии как метод активизации собственных сил организмастимулирующие технологии как метод активизации собственных сил организма
стимулирующие технологии как метод активизации собственных сил организма
Анна Денисенко
 

Viewers also liked (15)

вич спид
вич спидвич спид
вич спид
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Korea
Palo Alto Networks Application Usage and Risk Report - Key Findings for KoreaPalo Alto Networks Application Usage and Risk Report - Key Findings for Korea
Palo Alto Networks Application Usage and Risk Report - Key Findings for Korea
 
Jamaica
JamaicaJamaica
Jamaica
 
في الفصل
في الفصلفي الفصل
في الفصل
 
iPad Pilot Projects at Framingham State University: Three Use Cases
iPad Pilot Projects at Framingham State University:  Three Use Cases iPad Pilot Projects at Framingham State University:  Three Use Cases
iPad Pilot Projects at Framingham State University: Three Use Cases
 
Future makers
Future makersFuture makers
Future makers
 
Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
Blackboard Mobile: Best Practices from the Field (Pre-Session Workshop)
 
Be the Hero
Be the HeroBe the Hero
Be the Hero
 
Apuntes
ApuntesApuntes
Apuntes
 
организация и методика выполнения проектов в физ ре
организация и методика выполнения  проектов в  физ реорганизация и методика выполнения  проектов в  физ ре
организация и методика выполнения проектов в физ ре
 
Vida
VidaVida
Vida
 
Bí Mật Kiếm Tiền Tay Trắng Thành Triệu Phú $ - Biến Tướng Đa Cấp Sang MMO
Bí Mật Kiếm Tiền Tay Trắng Thành Triệu Phú $ - Biến Tướng Đa Cấp Sang MMOBí Mật Kiếm Tiền Tay Trắng Thành Triệu Phú $ - Biến Tướng Đa Cấp Sang MMO
Bí Mật Kiếm Tiền Tay Trắng Thành Triệu Phú $ - Biến Tướng Đa Cấp Sang MMO
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
стимулирующие технологии как метод активизации собственных сил организма
стимулирующие технологии как метод активизации собственных сил организмастимулирующие технологии как метод активизации собственных сил организма
стимулирующие технологии как метод активизации собственных сил организма
 
презентация медико педагогічний контроль на уроках Microsoft power point (2)
презентация медико педагогічний контроль на уроках  Microsoft power point (2)презентация медико педагогічний контроль на уроках  Microsoft power point (2)
презентация медико педагогічний контроль на уроках Microsoft power point (2)
 

Similar to Aus cert event_2010

Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
OracleIDM
 
Just the Facts - Building a Fact-based Business Case for the cloud
Just the Facts - Building a Fact-based Business Case for the cloudJust the Facts - Building a Fact-based Business Case for the cloud
Just the Facts - Building a Fact-based Business Case for the cloud
SAP Ariba
 

Similar to Aus cert event_2010 (20)

Using ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesUsing ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application Vulnerabilities
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Symantec 2010 Windows 7 Migration Survey
Symantec 2010 Windows 7 Migration SurveySymantec 2010 Windows 7 Migration Survey
Symantec 2010 Windows 7 Migration Survey
 
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
 
Tech trends - Get some of these skills to stay current
Tech trends - Get some of these skills to stay currentTech trends - Get some of these skills to stay current
Tech trends - Get some of these skills to stay current
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 
Summary of Forrester Q3 2012 Global Cloud Developer Survey
Summary of Forrester Q3 2012 Global Cloud Developer SurveySummary of Forrester Q3 2012 Global Cloud Developer Survey
Summary of Forrester Q3 2012 Global Cloud Developer Survey
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery Study
 
Enterprise Cloud Stakeholders Speak: Adoption Patterns, Barriers & Post-Adopt...
Enterprise Cloud Stakeholders Speak: Adoption Patterns, Barriers & Post-Adopt...Enterprise Cloud Stakeholders Speak: Adoption Patterns, Barriers & Post-Adopt...
Enterprise Cloud Stakeholders Speak: Adoption Patterns, Barriers & Post-Adopt...
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Infrastructure Consolidation and Virtualization
Infrastructure Consolidation and VirtualizationInfrastructure Consolidation and Virtualization
Infrastructure Consolidation and Virtualization
 
Wdsi 3G Wi Fi Data Offloading Dashboard Features
Wdsi 3G Wi Fi Data Offloading Dashboard FeaturesWdsi 3G Wi Fi Data Offloading Dashboard Features
Wdsi 3G Wi Fi Data Offloading Dashboard Features
 
(R)evolutionize APM
(R)evolutionize APM(R)evolutionize APM
(R)evolutionize APM
 
Multi-Cloud Breaks IT Ops: Best Practices to De-Risk Your Cloud Strategy
Multi-Cloud Breaks IT Ops: Best Practices to De-Risk Your Cloud StrategyMulti-Cloud Breaks IT Ops: Best Practices to De-Risk Your Cloud Strategy
Multi-Cloud Breaks IT Ops: Best Practices to De-Risk Your Cloud Strategy
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
 
Just the Facts - Building a Fact-based Business Case for the cloud
Just the Facts - Building a Fact-based Business Case for the cloudJust the Facts - Building a Fact-based Business Case for the cloud
Just the Facts - Building a Fact-based Business Case for the cloud
 
Winn wl cloud_study_webinar
Winn wl cloud_study_webinarWinn wl cloud_study_webinar
Winn wl cloud_study_webinar
 
Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...
Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...
Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...
 
Mobile Services & E-Services Case Study By Osama Abushaban
Mobile Services & E-Services Case Study By Osama AbushabanMobile Services & E-Services Case Study By Osama Abushaban
Mobile Services & E-Services Case Study By Osama Abushaban
 

More from Palo Alto Networks

Palo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
Palo Alto Networks Application Usage and Risk Report - Key Findings for ThailandPalo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
Palo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
Palo Alto Networks
 

More from Palo Alto Networks (18)

Palo Alto Networks Application Usage and Risk Report - Key Findings for ANZ
Palo Alto Networks Application Usage and Risk Report - Key Findings for ANZPalo Alto Networks Application Usage and Risk Report - Key Findings for ANZ
Palo Alto Networks Application Usage and Risk Report - Key Findings for ANZ
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Rest ...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Rest ...Palo Alto Networks Application Usage and Risk Report - Key Findings for Rest ...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Rest ...
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Benelux
Palo Alto Networks Application Usage and Risk Report - Key Findings for BeneluxPalo Alto Networks Application Usage and Risk Report - Key Findings for Benelux
Palo Alto Networks Application Usage and Risk Report - Key Findings for Benelux
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Canada
Palo Alto Networks Application Usage and Risk Report - Key Findings for CanadaPalo Alto Networks Application Usage and Risk Report - Key Findings for Canada
Palo Alto Networks Application Usage and Risk Report - Key Findings for Canada
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for China
Palo Alto Networks Application Usage and Risk Report - Key Findings for ChinaPalo Alto Networks Application Usage and Risk Report - Key Findings for China
Palo Alto Networks Application Usage and Risk Report - Key Findings for China
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Dach
Palo Alto Networks Application Usage and Risk Report - Key Findings for DachPalo Alto Networks Application Usage and Risk Report - Key Findings for Dach
Palo Alto Networks Application Usage and Risk Report - Key Findings for Dach
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for France
Palo Alto Networks Application Usage and Risk Report - Key Findings for FrancePalo Alto Networks Application Usage and Risk Report - Key Findings for France
Palo Alto Networks Application Usage and Risk Report - Key Findings for France
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Hong ...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Hong ...Palo Alto Networks Application Usage and Risk Report - Key Findings for Hong ...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Hong ...
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Italy
Palo Alto Networks Application Usage and Risk Report - Key Findings for ItalyPalo Alto Networks Application Usage and Risk Report - Key Findings for Italy
Palo Alto Networks Application Usage and Risk Report - Key Findings for Italy
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Midd...
Palo Alto Networks Application Usage and Risk Report - Key Findings for  Midd...Palo Alto Networks Application Usage and Risk Report - Key Findings for  Midd...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Midd...
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Nordics
Palo Alto Networks Application Usage and Risk Report - Key Findings for NordicsPalo Alto Networks Application Usage and Risk Report - Key Findings for Nordics
Palo Alto Networks Application Usage and Risk Report - Key Findings for Nordics
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Singa...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Singa...Palo Alto Networks Application Usage and Risk Report - Key Findings for Singa...
Palo Alto Networks Application Usage and Risk Report - Key Findings for Singa...
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Spain
Palo Alto Networks Application Usage and Risk Report - Key Findings for SpainPalo Alto Networks Application Usage and Risk Report - Key Findings for Spain
Palo Alto Networks Application Usage and Risk Report - Key Findings for Spain
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Taiwan
Palo Alto Networks Application Usage and Risk Report - Key Findings for TaiwanPalo Alto Networks Application Usage and Risk Report - Key Findings for Taiwan
Palo Alto Networks Application Usage and Risk Report - Key Findings for Taiwan
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
Palo Alto Networks Application Usage and Risk Report - Key Findings for ThailandPalo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
Palo Alto Networks Application Usage and Risk Report - Key Findings for Thailand
 
Palo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UKPalo Alto Networks Application Usage and Risk Report - Key Findings for UK
Palo Alto Networks Application Usage and Risk Report - Key Findings for UK
 
Application Usage and Risk Report - Key Findings for US
Application Usage and Risk Report - Key Findings for USApplication Usage and Risk Report - Key Findings for US
Application Usage and Risk Report - Key Findings for US
 
Application Usage on Enterprise Networks, December 2011.
Application Usage on Enterprise Networks, December 2011.Application Usage on Enterprise Networks, December 2011.
Application Usage on Enterprise Networks, December 2011.
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Recently uploaded (20)

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 

Aus cert event_2010

  • 1. Social Networking and Cyber-Security: Strength, Weakness, Opportunity, or Threat? Aus-Cert, May 2010
  • 2. About Palo Alto Networks • World-class team with strong security and networking experience • Founded in 2005 by security visionary Nir Zuk • Top-tier investors • Builds next-generation firewalls that identify / control 950+ applications • Restores the firewall as the core of the enterprise network security infrastructure • Innovations: App-ID™, User-ID™, Content-ID™ • Global footprint: 1,100+ customers in 60+ countries, 24/7 support
  • 3. Social Networking is No Longer a Fad • Hundreds of millions of people use social applications daily • Facebook has over 400 million users • LinkedIn has over 60 million users • Social bookmarking applications have roughly 10 million users each • Youtube is the 3rd most popular website on the Internet • Sales, marketing, public relations, human resources, product teams, and business development all see opportunity
  • 4. Social Networking is A Hotbed of Risk • Brand Damage • Mis-treat your customers at your own peril • Compliance • Using unapproved applications, (FINRA) • Business Continuity • Malware or application vulnerability induced downtime • Operations Costs • Excessive bandwidth consumption, desktop cleanup • Data Loss/Leakage • Unauthorized employee file transfer, data sharing • Productivity • Uncontrolled, excessive use for non-work related purposes
  • 5. Applications Are The Threat Vector • US$3.8M stolen from small school district in New York State • Zeus banking trojan stole credentials, enabled transfers • All but US$500K recovered • Increasingly, new and old threats using social networks • Social network-specific (e.g., Koobface, FBAction) • New life for old threats (e.g., Zeus/Zbot) • Huge user populations, high degree of trust, liberal use of SSL • But wait – we have those applications under control…
  • 6. Existing Control Mechanisms? • Applications have changed • Any port, random ports, encryption - all in use • Users feel entitled to use any application • New employees = always on, always connected
  • 7. Employees Will Find A Way… 80% RDP • Remote Access SSH 76% 62% telnet • 27 variants found 95% of 53% LogMeIn the time 42% TeamViewer CGIProxy 30% • External Proxies PHProxy 30% 27% • 22 variants found 76% of CoralCDN the time FreeGate 15% 14% Glype Proxy • Encrypted Tunnels Tor 15% 13% Hamachi • Non-VPN related – found 9% UltraSurf Frequency That the 30% of the time 3% Gbridge Application Was Detected 3% Gpass 00% 20% 40% 60% 80%
  • 8. Applications Are Not What They Seem Most Frequently Detected "Dynamic" Applications 100% 80% 83% 78% 77% 73% 60% 60% 60% 55% 54% 51% 40% 42% 20% 0% Sharepoint iTunes MS RPC Skype BitTorrent MSN Voice Ooyla Mediafire eMule Teamviewer Applications That are Capable of Tunneling • 67% of the applications Networking (73) 36 18 17 2 use port 80, port 443, or Collaboration (46) 18 25 12 hop ports Media (24) 8 12 13 General-Internet (17) 6 7 4 • 190 of them are Business-Systems (15) 10 41 client/server 0 25 50 75 • 177 can tunnel other Client-server (78) Browser-based (66) applications, a feature no Network-protocol (19) Peer-to-peer (12) longer reserved for SSL or SSH
  • 9. Enterprise 2.0 Use is Consistent; Intensity Up • Google Docs and Calendar resource consumption* is up 55% • Google Talk Gadget shot up by 56% while Google Talk dropped 76% • Bandwidth consumed by SharePoint and LinkedIn is up 14% and 48% respectively • Bandwidth consumed by Facebook, per organization, is a staggering 4.9 GB * Resource consumption = bandwidth and session usage
  • 10. Social Networking: Strengths Top line revenue Reaching new markets/customer groups Increasing sales in existing markets/customer groups Bottom line profit Reduction in cost of sales (disintermediation) Reduction in cost of support Reduction in cost of marketing
  • 11. Social Networking: Weaknesses Fraught with unmanaged risk Few policies Existing policies aren’t enforceable Savvy users Content controls/logging/auditing outdated Security models too restrictive Coarse allow/deny
  • 12. Social Networking: Opportunities Business opportunity Evolve security policies Evolve controls Make risk management/security relevant
  • 13. Threats - Social Networking Top 10 10 - Social networking worms 9 - Phishing bait 8 - Trojan vector 7 - Data leaks 6 - Shortened/obfuscated links 5 - Botnet command and control 4 - It’s a data source for attackers 3 - Cross-Site Request Forgery (CSRF) 2 - Impersonation 1 - Trust
  • 14. Recommendations • Policy • Gather • Listen • Redefine • Model – re-think or refine • Blindly blocking is somewhat draconian; blindly allowing is a CLM • Safe enablement is your new mantra • Controls • Visibility and control of applications, users, and content is key • “Allow, but…” controls are critical