The document emphasizes the critical importance of cybersecurity, illustrating the severity of cyber attacks through historical case studies and highlighting the financial impact on organizations. It outlines a multi-layer approach to security, detailing key mitigation strategies, software patch management, and proactive measures for data protection, including managed antivirus and web security. Additionally, it discusses the projected growth of the managed security services market and the increasing reliance of organizations on external security services due to skill shortages.

1. Delivering Security with GFI MAX
Paul Fenwick, Sales Engineer
GFI MAX

2. Intro
» Security is essential. Period.
» Lock down access at every level.
» Multi-layer approach offers the best protection.

3. An example from 2012
» Cutting Sword of Justice launches cyber attack on Saudi Aramco, 15th August 2012
» Estimated 30,000 workstations infected, three-quarters of Aramco’s corporate PCs
» Virus erased data - documents, spreadsheets, emails, files
» Replaced all with an image of a burning American flag
» Estimated $630 Million USD loss
» We are not Saudi Aramco – we are not important enough to attract an attack
» True… if you have no employees, no customers, no trade secrets and no money!
» Everyone else… is a target
» Hacking has been around for years!!
» The IT industry did not collapse!
» Acts of vandalism have evolved
» Steal, demolish or monetize data…

4. Some examples from 2014
» Montana State Health Department
» May 2014, details of a data breach that affects over 1 million patients announced
» Breach actually happened in July 2013, but not discovered for almost a year
» Identity of intruders and extent of breach still unclear
» CodeSpaces.com
» June 2014, codespaces.com closes its doors
» Started as a Distributed Denial of Service attack
» Ended with an attempt to extort money from company
» P.F. Chang (Restaurant Chain)
» Data breach compromised customer payment information
» June 2014, thousands of newly stolen credit and debit cards offered for sale online
» Target’s Q4 ‘13 earnings fell 46% due to $450m USD loss from theft of customer data
» In May 2014, hackers announce theft of 233 million users’ personal records from eBay
» Dominos Pizza held to ransom over 600,000 Belgian and French customer records
» Evernote was taken down with a DDoS attack

5. The Bad News
» Estimated cost of Cyber Crime and Cyber Espionage
» $100 billion USD per year in US alone
» $425 billion USD per year worldwide
» Advanced Persistent Threats (APT):
» Coordinated cyber activities of criminals and state level entities
» Objective of stealing information, compromising information systems*
» Criminal organizations monetise all aspects of illicit access
» Foreign Intelligence Services gather Intellectual Property
» APT tries to stay embedded for as long as possible
» APT generally only resorts to destruction upon detection
* regular users are sometimes the most adept at this!

6. The Good News
» “Managed Security Services Market” by Transparency Market Research
» $9 billion USD in 2012, could be worth £24 billion USD by 2019
» Predicted market will expand at CAGR of 15.4% between 2013 and 2019
» Gartner
» Security spending gets boost from mobile, social and cloud
» Worldwide spending on information security will top $71 billion USD this year
• Almost 8% increase over 2013
» Data loss prevention segment recording the fastest growth at 18.9 percent
» In 2015, 10% of overall IT security capabilities will be delivered as a cloud service
» SMBs will become event more reliant on hosted security services
Unfortunately, many organizations continue to lack staff with the appropriate security skills.
To keep up with hackers, more than half of organizations will by 2018 rely on security
services firms that specialize in data protection, risk and infrastructure management

7. The Really Good News
At least 85% of the targeted cyber intrusions that Defence Signals
Directorate (DSD) responds to could be prevented by following the Top 4
mitigation strategies listed in the Strategies to Mitigate Targeted Cyber
Intrusions:
» Use application whitelisting to help prevent malicious software and
other unapproved programs from running
» Patch applications such as PDF readers, Microsoft Office, Java, Flash
Player and web browsers
» Patch operating system vulnerabilities
» Minimise the number of users with administrative privileges

8. Lock down access at every level
» Control access to the device
» Patch Operating System and Program Vulnerabilities
» Protect against Virus and Malware
» Stay safe online

9. Device Security

10. Device Security
» Check access to machine
» Lock machines when not in use
» Password security
• Strong passwords to secure access
• Do not have post-its with passwords written down
» Can you account for all user accounts on machine or domain?
» Review failed login attempts to check no malicious access of machines
» User rights on PC, do they have Admin rights to Operating System?

11. Operating System & Program Security

12. Operating System & Program Security
Close loopholes and resolve potential vulnerabilities through regular and effective installation
of software patches and updates…
» Microsoft released 106 important or critical security bulletins in 2013
» 2445 total bulletins of low importance and above for Windows, Office etc
» Adobe Acrobat updated from v 10.1.90 in January 2013 to v11.0.06 in January 2014
» 7 versions updates in 12 months in just one program
» Java updated from v7 Update 11 to v7 Update 51 in same timeframe

13. Virus & Malware Protection

14. Virus & Malware Protection
» Don’t let those cute little guys fool you! Know your enemy!
» Trojan
» Generally non replicating
» Often enter system through freeware (scareware)
» Then act as a backdoor to gain access to personal data.
» May also corrupt or encrypt data... Cryptolocker
» Virus
» Needs carrier (e.g. macro)
» Infect system and then replicate
» Can disable the device / connected network devices
» Consume system and network resources for potential spamming / replication
» Can also log keystrokes, identifying passwords and sensitive user information
» Worm
» Unlike virus, does not need a program to carry infection
» Standalone program that self-replicates to spread across networks
» Again, consume system and network resources
» Carry out DoS attacks… MyDoom

15. Virus & Malware Protection
New malware of the last 24 months!!
AV Test institute which registers over 220,000 new malicious programs every day!!

16. Virus & Malware Protection
» Microsoft Security Essentials (now Windows Defender) integrated into OS to offer some
protection
» End-point products that include a Firewall can be problematic by blocking too many
programs, restricting outbound access etc.
» Combined Internet Security suite products can be bloated

17. Internet Access Protection

18. Internet Access Protection
» Internet Society online survey in 2012 (10,789 respondents)
» Access to the Internet should be considered a basic human right)
• 83% somewhat or strongly agree
• 14% somewhat or strongly disagree
• 3% don't know
» The Internet should be governed in some form to protect the community from harm.
• 82% somewhat or strongly agree
• 15% somewhat or strongly disagree
• 3% don't know
» When you are logged in to a service or application do you use privacy protections?
• 27% all the time
• 36% most of the time
• 29% sometimes
• 9% never
» Network Perimeter / Gateway / Firewall devices only work for LAN
» What about remote workers?

19. Multiple Layers = Multiple Problems??

20. Multi-layers? No problem!

21. GFI MAX
Single pane of glass
Asset Tracking
Pro-active monitoring (Failed login check)
Patch Management
Managed Antivirus
Web Protection
& More

22. Asset Tracking

23. Asset Tracking
» FREE of charge
» View Software details per device
» Run Modification Report to check on installed software since initial build
» Create Software License groups to blacklist known bad programs

24. Pro-active Monitoring

25. New and much improved “Failed Login Check”
» #1 customer request on ideas.gfi.com
» More informative: Event IDs, failure reason, IP address, username
» Respond quickly and decisively to security concerns

26. Active Directory Users Report

27. Patch Management

28. Vulnerability Scanning and Patch Management
» What exactly is it?
» Uses GFI LANGuard 2012 Agent
» Vulnerability Check (DSC) runs daily
» Lists missing patches and discovered vulnerabilities
» Check can run in Alert mode or report mode
» Included in Client Daily and Weekly Reports
» Set and forget?
» Auto-approve patches (by severity)
» Schedule installation of approved patches daily, weekly or ad-hoc
» Or, manually approve and install patches from Dashboard (now or later)
» Patch Overview Report shows missing/installed patches at client(s)
» Client Monthly Report lists patches installed that month

29. Schedule regular installation of approved patches

30. Schedule ad-hoc installation of approved patches

31. Suports All Microsoft Updates
» Security Updates
» Critical
» Important
» Moderate
» Low
» Update roll-ups
» Service Packs
» Critical Updates
» Updates
» Tools
» Drivers

32. Vendor Support
» Apple:
» QuickTime
» iTunes
» Safari
» Adobe:
» Reader
» Acrobat
» Flash
» Shockwave
» Air
» Mozilla
» Firefox
» Thunderbird
» SeaMonkey
» Instant Messaging Clients
» Skype
» Yahoo
» Browsers
» Google Chrome
» Opera
» Zip tools
» 7-Zip
» WinRAR
» Oracle Java
» And more…

33. Update Release Cycle
» We aim to support Microsoft updates within hours of Patch Tuesday
» Out of band patches (Microsoft and non-Microsoft) within one working day
» LANGuard checks for updates between 1am and 5am GMT and at DSC
» Incremental differences for non-Microsoft update databases
» Download Microsoft update database direct from microsoft.com
» Patches are downloaded directly from vendors’ web-sites
» Patches are downloaded when they need to be installed
» Use Site Concentrator to cache patches once per site
» Switch off Windows Updates?

34. Patch Approval Lifecycle
» ALL patches must be approved before they can be scheduled for installation
» Approval can be manual or automatic based on severity
» We only report updates as missing if they are required
» We report all updates installed, even if we didn’t install them
» If there is no install date/time listed, it was not installed by us

35. Identifying Patches
1. Microsoft release a Security Bulletin…
2. Knowledge Base articles describe which update is required for each OS…

36. Identifying Patches
3. Search Approval Dialog for Knowledge Base article to approve patch…
4. View Patch Overview report (Group by patch) to see its status on devices

37. More information
» Supported Microsoft Products
http://www.gfi.com/lannetscan/msappfullreport.htm
» Supported Microsoft Patches
http://www.gfi.com/lannetscan/msfullreport.htm
» Supported non-Microsoft Products
http://kb.gfi.com/articles/SkyNet_Article/KBID003469
» Supported non-Microsoft Patches
http://www.gfi.com/lannetscan/3pfullreport.htm

38. Managed AntiVirus

39. Managed AntiVirus

40. Managed Antivirus
» Deployed from Dashboard
» Installs automatically if no other Antivirus software present
» Can remove other Antivirus software with no user interaction
» Policy based configuration with operating system specific file exclusions
» Automatic update definitions if detected as out-of-date
» Use Protection Report to ensure all end-points protected

41. Manage Quarantine
» Reports menu, Managed Antivirus, Quarantine Report

42. Stay in-control during virus outbreak
» Reports menu, Managed Antivirus, Threat Report

43. Web Protection

44. Web Protection
» Web Security
» Stop users from visiting malicious sites
» Both network and remote workers
» Web Filtering
» Web-site categorization based on BrightCloud (WebRoot)
» Implement browsing policies for the workplace, set allowed schedules etc
» Whitelist / Blacklist specific URLs
» Web Bandwidth Monitoring
» Alerts when downloads exceeds threshold (you define)
» Reporting
» Overview report
• Monitor trends
• Spot exceptions
» Report Builder
• Drill-down and understand cause

45. Web Security
» Restrict access to known sites that can harm your customers

46. Web Filtering
» All websites are categorized. If in multiple categories, most restrictive wins
» Use schedules to allow access to social media etc out of office hours

47. Bandwidth Monitoring
» Receive an alert when downloads exceed threshold

48. Overview Report
» Weekly overview of Web Security, Filtering, and Bandwidth at client
» Ratio of allowed to blocked requests
» Top blocked categories
» Top visited sites
» Noisiest devices
» Monitor trends and spot exceptions

49. Report Builder
» If overview report shows an increase in blocked requests to category or site
» Show me requests to specific category or site from all devices at client
» If irregular activity is suspected
» Show me all requests from specific device

50. Internet Usage Policy
Employing an internet usage policy for customers will need them to
ensure they have made their employees aware.
http://www.gfi.com/pages/sample-internet-usage-policy
Citizens Advice - Your employer can legally monitor your use of the
phone, internet, e-mail or fax in the workplace if:
• the monitoring relates to the business
• the equipment being monitored is provided partly or
wholly for work
• your employer has made all reasonable efforts to inform
you that your communications will be monitored.
As long as your employer sticks to these rules, they don't need to get
your consent before they monitor your electronic communications

51. Additional Protection

52. Managed Online Backup
Managed Online Backup allows you to easily backup customers data
• Disk to Disk (via LocalSpeedVault) to Cloud (D2D2C)
• True Delta technology ensures only changed file blocks are backed-up
• All data encrypted with 128 bit AES encryption before sending
With Cryptolocker, it is likely that the only way to recover data is from a backup

53. Mobile Device Management
Protect against business critical data being being compromised via
loss or theft of company or employee owned mobile device
• Set Passcode
• Locate device
• Lock device
• Remote Wipe

54. Email Security
Mail Protection offers the ability to not just filter out spam but also
ensure that viruses and other email threats do not impact your client.
» Employs a unique combination of Antivirus technologies
• Traditional signature-based anti-virus engine
• Zero-hour virus detection
• Virtualization-based malware detection
» Reduces risk of attack on customer network through setting
trusted connection incoming and outgoing
» Continuity so no missed messages as will be queued, even if
unable to contact the specified server
Additionally you can also use Mail Archive to securely store a copy
of every emails for quick retrieval and in case of disaster

55. Dashboard considerations
» Ensure all dashboard users have specific logon
» Do not use the Primary Access Key to access Dashboard
» Restrict access via IP Address
» Two Factor Authentication

56. Questions?

57. You are the last line of defence

58. Thank You
Conferences.gfimax.com/app