SlideShare a Scribd company logo

RSA 2010 Francis De Souza

G
guest8a3b501b

Francis De Souza's presentation at RSA 2010. Session ID: SPO1-107; Session Classification: Intermediate

News & PoliticsTechnology
1 of 32
Download to read offline
Today’s IT Attacks: An Title of Presentation IT Security Strategy To Protect Your Assets Francis deSouza Symantec Session ID: SPO1-107 Session Classification: Intermediate
Agenda Sources of a Breach Security Market Drivers Breach Analysis Security Strategy 2
A CRIME IS COMMITTED Secure EVERY ¼ OF A SECOND Endpoints ON THE WEB 3
Secure 1 IN 5 Endpoints WILL BE A VICTIM OF CYBER CRIME 4
100% Secure Endpoints OF ENTERPRISES HAVE EXPERIENCED CYBER LOSSES 5
CYBER ATTACKS COST COMPANY’S AN Secure Endpoints AVERAGE OF $2 MILLION ANNUALLY 6
$75% Secure OF ALL ENTERPRISES Endpoints HAVE EXPERIENCED CYBER ATTACKS IN THE PAST 12 MONTHS 7
43% Secure Endpoints OF COMPANIES LOST CONFIDENTIAL DATA IN 2009 8
ENTERPRISE SECURITY IS Secure Endpoints BECOMING MORE DIFFICULT 9
Sources Of A Breach Organized Organized Well Well Well Malicious Malicious Malicious Targeted Meaning Insider Criminal Criminal Meaning Meaning Insider Insider Insider Attackers Insider Insider 10
History of Targeted Attacks US Government: January 12: Systems in the Department of Google announces they Solar Sunrise: Defense, State, Commerce, have been a victim of a Attacks stealing passwords Energy, and NASA all comprised targeted attack from DoD systems and terabytes of information conducted by 2 Californian confirmed stolen. and 1 Israeli teenager 1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010 Ghostnet: Moonlight Maze: Titan Rain: Attacks on Tibetan Organized Organized Attacks targeting US Well Well Coordinated attacks on Malicious Malicious organizations and Criminal military secrets reported Criminal Meaningmilitary US government Meaning Insider many embassies of Insider to be conducted by Russia Insider installations and private EMEA countries, and Insider contractors NATO systems. 11
Anatomy Of A Breach Anatomy Of A Breach > Incursion > Discovery > Capture Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider > Exfiltration Insider 12
Mass Attack vs Targeted Attack Phase Mass Attack Targeted Attack Incursion Generic social engineering Handcrafted and personalized By-chance infection methods of delivery Discovery Typically no discovery, Examination of the infected resource, assumes content is in a monitoring of the user to determine predefined and predictable additional accessible resources, location and network enumeration Capture Predefined specific data or Manual analysis and inspection of the data which matches a data predefined pattern such as a credit card number Well Malicious Exfiltration Organized Organized Well Information sentMeaning to a dump Malicious Information sent back directly to the Insider Criminal site often with little Criminal Meaning Insider attacker Insider stored in a known and not Insider protection and dump site location for an extended period serves as long term storage 13
IncursionIncursion Security Market Drivers In 2009 spam accounted for 90% of all email traffic In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable 90% of incidents wouldn’t have happened if systems were patched In 2009 we found 47,000 active bot-infected computers per day 14
DiscoveryDiscovery Security Market Drivers 91% of records compromised in 2008 involved organized crime targeting corporate information 81% of attacked companies were non-compliant in PCI 67% of breaches were aided by insider negligence 15
Capture Capture Security Market Drivers 285 million records were stolen in 2008, compared to 230 million between 2004 and 2007 Credit card detail accounts for 19% of all goods advertised on underground economy servers IP theft costs companies $600 billion globally 16
Exfiltration Exfiltration Security Market Drivers “Hackers Targeted Source Code of More Than 30 Companies” Jan 13, Wired.com “SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com “HSBC Bank Reports Lost Client Data From Swiss Private Bank” Dec 9, Reuters “Gov’t Posts Sensitive List of US Nuclear Sites” Associated Press 17
Dissecting Hydraq 18
Dissecting Hydraq Hi Francis, I met you at the Malware Conference last month. Wanted to let you know I Incursion got this great shot of you doing your presentation. I posted it here: Attacker Breaks into the networkOrganized by delivering Organized Well Well Malicious Malicious targeted malware to Criminal Criminal Meaning Meaning Insider Insider vulnerable systems and Insider Insider employees 19
Dissecting Hydraq Discovery Hacker Maps Organizations Defenses Organized Organized From the Inside and Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Creates a Battle Plan Insider Insider 20
Dissecting Hydraq Capture Attacker Accesses Data on Unprotected Systems Organized Organized and Installs Malware to Criminal Criminal Secretly Acquire Crucial Data 21
Dissecting Hydraq Hydraq Victim Exfiltration Confidential Data Sent Back to Enemy’s “Home Base” for Organized Exploitation Organized Well Well Malicious Malicious Criminal Meaning Insider and FraudCriminal Meaning Insider Insider Insider Attacker 72.3.224.71:443 22
Prelude to a Poorly Enforced IT Policies Breach 1 Poorly Enforced IT Policies Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 23
Poorly Protected Prelude to a Information Breach 2 Poorly Protected Information Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 24
Prelude to a Breach Poorly Managed Systems 3 Poorly Managed Systems Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 25
Poorly Protected Prelude to a Infrastructure Breach 4 Poorly Protected Infrastructure Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 26
The Challenge Develop and Enforce IT Policies Protect The Information Manage Systems Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider Protect The Infrastructure 27 27
A Comprehensive Security Strategy Is Required Risk Based and Policy Driven IT Governance, Risk and Compliance Information - Centric Information Risk Management Organized Organized Well Well Malicious Malicious Criminal Well Meaning Insider Criminal Managed Infrastructure Meaning Insider Insider Insider Infrastructure Protection and Management 28
New Threats Require New Technologies Integrated Security Platform Open Console Security Dynamic Platform Unification Intelligence Protection Develop & Enforce IT Policies Manage Systems • IT Risk Management • Workflow • Compliance Process Automation • Application Streaming • Information-Centric Policy • Portable Personalities Protect the Information Protect the Infrastructure Organized Organized Well Well Malicious Malicious • Data Ownership Criminal Criminal Meaning • Reputation Based Security Meaning Insider Insider Insider • Automated Content Classification • Mobile and Server Security Insider • Content Aware Endpoint Security • Encryption 29
Symantec Focuses on Meeting These Challenges Develop and Enforce > Control Compliance Suite IT Policies Protect the > Data Loss Prevention Suite Information Manage Systems > IT Management Suite Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Protect the Insider Insider Infrastructure > Symantec Protection Suite 30
Addressing Important Security Questions > Can you enforce IT policies and remediate deficiencies? > Do you know where your sensitive information resides? > Can you easily manage the lifecycle of your IT assets? > Can you improve your security posture by rationalizing your security portfolio? Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 31
Thank You Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 32

Recommended

Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
IBM Danmark
 
F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012
F-Secure Corporation
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
Domenico Catalano
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
Cheng Olayvar
 
Secret Service
Secret ServiceSecret Service
Secret Service
PoliceUSA
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
n|u - The Open Security Community
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
Harshith Reddy
 

Recommended

Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...
IBM Danmark
 
F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012
F-Secure Corporation
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment Systems
Domenico Catalano
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
Cheng Olayvar
 
Secret Service
Secret ServiceSecret Service
Secret Service
PoliceUSA
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
n|u - The Open Security Community
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
Harshith Reddy
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Autônomo
 
Spiritualists, magicians and security vendors
Spiritualists, magicians and security vendorsSpiritualists, magicians and security vendors
Spiritualists, magicians and security vendors
Chris Hammond-Thrasher
 
Communicating with third party security teams
Communicating with third party security teamsCommunicating with third party security teams
Communicating with third party security teams
FrankSobotka
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Trend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
Trend Micro
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Paritosh Sharma
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
Alison Gianotto
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
Raleigh ISSA
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
Jeremiah Grossman
 
Ids
IdsIds
Ids
fangjiafu
 
Port security
Port securityPort security
Port security
borepatch
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212
Haris Tahir
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
martin_lee1969
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
RSIS International
 
Gcg4
Gcg4Gcg4
Gcg4
Hayley Pallister
 
Wtf An Editor Can Do
Wtf An Editor Can DoWtf An Editor Can Do
Wtf An Editor Can Do
GURJENDER SINGH VIRDI
 
Malware
MalwareMalware
Malware
elenaki19910
 

More Related Content

What's hot

About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Autônomo
 
Spiritualists, magicians and security vendors
Spiritualists, magicians and security vendorsSpiritualists, magicians and security vendors
Spiritualists, magicians and security vendors
Chris Hammond-Thrasher
 
Communicating with third party security teams
Communicating with third party security teamsCommunicating with third party security teams
Communicating with third party security teams
FrankSobotka
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Trend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
Trend Micro
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Paritosh Sharma
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
Alison Gianotto
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
Raleigh ISSA
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
Jeremiah Grossman
 
Ids
IdsIds
Ids
fangjiafu
 
Port security
Port securityPort security
Port security
borepatch
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212
Haris Tahir
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
martin_lee1969
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
RSIS International
 

What's hot (19)

About cyber war
About cyber warAbout cyber war
About cyber war
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
Cyberterror & ciberwarfare - SILVA JR., Nelmon J.
 
Spiritualists, magicians and security vendors
Spiritualists, magicians and security vendorsSpiritualists, magicians and security vendors
Spiritualists, magicians and security vendors
 
Communicating with third party security teams
Communicating with third party security teamsCommunicating with third party security teams
Communicating with third party security teams
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber war
Cyber warCyber war
Cyber war
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
Ids
IdsIds
Ids
 
Port security
Port securityPort security
Port security
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
 
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...A comprehensive survey ransomware attacks prevention, monitoring and damage c...
A comprehensive survey ransomware attacks prevention, monitoring and damage c...
 

Viewers also liked

Gcg4
Gcg4Gcg4
Gcg4
Hayley Pallister
 
Wtf An Editor Can Do
Wtf An Editor Can DoWtf An Editor Can Do
Wtf An Editor Can Do
GURJENDER SINGH VIRDI
 
Malware
MalwareMalware
Malware
elenaki19910
 
Presentación Logicalis Seguridad
Presentación Logicalis SeguridadPresentación Logicalis Seguridad
Presentación Logicalis Seguridad
Logicalis Latam
 
Android Training Center In Pune -*MindScripts*
Android Training Center In Pune -*MindScripts*Android Training Center In Pune -*MindScripts*
Android Training Center In Pune -*MindScripts*
MindScripts SoftwareTestingPune
 
IBM Power 730 Express server
IBM Power 730 Express serverIBM Power 730 Express server
IBM Power 730 Express server
IBM India Smarter Computing
 

Viewers also liked (6)

Gcg4
Gcg4Gcg4
Gcg4
 
Wtf An Editor Can Do
Wtf An Editor Can DoWtf An Editor Can Do
Wtf An Editor Can Do
 
Malware
MalwareMalware
Malware
 
Presentación Logicalis Seguridad
Presentación Logicalis SeguridadPresentación Logicalis Seguridad
Presentación Logicalis Seguridad
 
Android Training Center In Pune -*MindScripts*
Android Training Center In Pune -*MindScripts*Android Training Center In Pune -*MindScripts*
Android Training Center In Pune -*MindScripts*
 
IBM Power 730 Express server
IBM Power 730 Express serverIBM Power 730 Express server
IBM Power 730 Express server
 

Similar to RSA 2010 Francis De Souza

Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
Lindsey Landolfi
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
Allen Informática
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
c0c0n - International Cyber Security and Policing Conference
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
IBM Government
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
Global Business Events
 
NCSO
NCSONCSO
NCSO
Avraham Lerner
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
Stefano Maccaglia
 
4598 cybercrime
4598 cybercrime4598 cybercrime
4598 cybercrime
ravikanthh
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
Mohammad Ahmed
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Cyber Espionage: A Digital License To Kill?
Cyber Espionage: A Digital License To Kill?Cyber Espionage: A Digital License To Kill?
Cyber Espionage: A Digital License To Kill?
F-Secure Corporation
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial Cybercrime
LIFARS
 
Growing cyber crime
Growing cyber crimeGrowing cyber crime
Growing cyber crime
Aman Kumar
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
 

Similar to RSA 2010 Francis De Souza (20)

Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
NCSO
NCSONCSO
NCSO
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
4598 cybercrime
4598 cybercrime4598 cybercrime
4598 cybercrime
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Cyber Espionage: A Digital License To Kill?
Cyber Espionage: A Digital License To Kill?Cyber Espionage: A Digital License To Kill?
Cyber Espionage: A Digital License To Kill?
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial Cybercrime
 
Growing cyber crime
Growing cyber crimeGrowing cyber crime
Growing cyber crime
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 

Recently uploaded

The Rise of Christian Persecution In Islamic Countries (1).pdf
The Rise of Christian Persecution In Islamic Countries (1).pdfThe Rise of Christian Persecution In Islamic Countries (1).pdf
The Rise of Christian Persecution In Islamic Countries (1).pdf
ECSPE - Saving the Persecuted and Enslaved
 
A draft Ukraine-Russia treaty from April 2022
A draft Ukraine-Russia treaty from April 2022A draft Ukraine-Russia treaty from April 2022
A draft Ukraine-Russia treaty from April 2022
dynamo777
 
The Rise of Christian Persecution In Islamic Countries
The Rise of Christian Persecution In Islamic CountriesThe Rise of Christian Persecution In Islamic Countries
The Rise of Christian Persecution In Islamic Countries
ECSPE - Saving the Persecuted and Enslaved
 
16062024_First India Newspaper Jaipur.pdf
16062024_First India Newspaper Jaipur.pdf16062024_First India Newspaper Jaipur.pdf
16062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
Reuters Institute Digital News Report 2024
Reuters Institute Digital News Report 2024Reuters Institute Digital News Report 2024
Reuters Institute Digital News Report 2024
Reuters Institute for the Study of Journalism, Oxford University
 
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
ckn2izdm
 
Markakis-Schlee-Young-2021-The-nation-state.pdf
Markakis-Schlee-Young-2021-The-nation-state.pdfMarkakis-Schlee-Young-2021-The-nation-state.pdf
Markakis-Schlee-Young-2021-The-nation-state.pdf
Abraham Lebeza
 
13062024_First India Newspaper Jaipur.pdf
13062024_First India Newspaper Jaipur.pdf13062024_First India Newspaper Jaipur.pdf
13062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
18062024_First India Newspaper Jaipur.pdf
18062024_First India Newspaper Jaipur.pdf18062024_First India Newspaper Jaipur.pdf
18062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
12062024_First India Newspaper Jaipur.pdf
12062024_First India Newspaper Jaipur.pdf12062024_First India Newspaper Jaipur.pdf
12062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
SABC News
 
17062024_First India Newspaper Jaipur.pdf
17062024_First India Newspaper Jaipur.pdf17062024_First India Newspaper Jaipur.pdf
17062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHYलालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
VoterMood
 
Organisations.pdf k[poikdip-jhhohuhejhnjhn
Organisations.pdf k[poikdip-jhhohuhejhnjhnOrganisations.pdf k[poikdip-jhhohuhejhnjhn
Organisations.pdf k[poikdip-jhhohuhejhnjhn
bhavenpr
 
On the Wrong Track | Recent Increasing Train Accidents in India | News
On the Wrong Track | Recent Increasing Train Accidents in India | NewsOn the Wrong Track | Recent Increasing Train Accidents in India | News
On the Wrong Track | Recent Increasing Train Accidents in India | News
Harsh Kumar
 
Shark Tank Jargon | Operational Profitability
Shark Tank Jargon | Operational ProfitabilityShark Tank Jargon | Operational Profitability
Shark Tank Jargon | Operational Profitability
TheUnitedIndian
 
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
ScyllaDB
 
15062024_First India Newspaper Jaipur.pdf
15062024_First India Newspaper Jaipur.pdf15062024_First India Newspaper Jaipur.pdf
15062024_First India Newspaper Jaipur.pdf
FIRST INDIA
 
projet de traité négocié à Istanbul (anglais).pdf
projet de traité négocié à Istanbul (anglais).pdfprojet de traité négocié à Istanbul (anglais).pdf
projet de traité négocié à Istanbul (anglais).pdf
EdouardHusson
 

Recently uploaded (20)

The Rise of Christian Persecution In Islamic Countries (1).pdf
The Rise of Christian Persecution In Islamic Countries (1).pdfThe Rise of Christian Persecution In Islamic Countries (1).pdf
The Rise of Christian Persecution In Islamic Countries (1).pdf
 
A draft Ukraine-Russia treaty from April 2022
A draft Ukraine-Russia treaty from April 2022A draft Ukraine-Russia treaty from April 2022
A draft Ukraine-Russia treaty from April 2022
 
The Rise of Christian Persecution In Islamic Countries
The Rise of Christian Persecution In Islamic CountriesThe Rise of Christian Persecution In Islamic Countries
The Rise of Christian Persecution In Islamic Countries
 
16062024_First India Newspaper Jaipur.pdf
16062024_First India Newspaper Jaipur.pdf16062024_First India Newspaper Jaipur.pdf
16062024_First India Newspaper Jaipur.pdf
 
Reuters Institute Digital News Report 2024
Reuters Institute Digital News Report 2024Reuters Institute Digital News Report 2024
Reuters Institute Digital News Report 2024
 
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
在线办理(latrobe毕业证书)拉筹伯大学毕业证Offer一模一样
 
Markakis-Schlee-Young-2021-The-nation-state.pdf
Markakis-Schlee-Young-2021-The-nation-state.pdfMarkakis-Schlee-Young-2021-The-nation-state.pdf
Markakis-Schlee-Young-2021-The-nation-state.pdf
 
13062024_First India Newspaper Jaipur.pdf
13062024_First India Newspaper Jaipur.pdf13062024_First India Newspaper Jaipur.pdf
13062024_First India Newspaper Jaipur.pdf
 
18062024_First India Newspaper Jaipur.pdf
18062024_First India Newspaper Jaipur.pdf18062024_First India Newspaper Jaipur.pdf
18062024_First India Newspaper Jaipur.pdf
 
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
Howard Fineman, Veteran Political Journalist and TV Pundit, Dies at 75
 
12062024_First India Newspaper Jaipur.pdf
12062024_First India Newspaper Jaipur.pdf12062024_First India Newspaper Jaipur.pdf
12062024_First India Newspaper Jaipur.pdf
 
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
ACSA confirms operational readiness ahead the arrival of Heads of State at OR...
 
17062024_First India Newspaper Jaipur.pdf
17062024_First India Newspaper Jaipur.pdf17062024_First India Newspaper Jaipur.pdf
17062024_First India Newspaper Jaipur.pdf
 
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHYलालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
लालू यादव की जीवनी LALU PRASAD YADAV BIOGRAPHY
 
Organisations.pdf k[poikdip-jhhohuhejhnjhn
Organisations.pdf k[poikdip-jhhohuhejhnjhnOrganisations.pdf k[poikdip-jhhohuhejhnjhn
Organisations.pdf k[poikdip-jhhohuhejhnjhn
 
On the Wrong Track | Recent Increasing Train Accidents in India | News
On the Wrong Track | Recent Increasing Train Accidents in India | NewsOn the Wrong Track | Recent Increasing Train Accidents in India | News
On the Wrong Track | Recent Increasing Train Accidents in India | News
 
Shark Tank Jargon | Operational Profitability
Shark Tank Jargon | Operational ProfitabilityShark Tank Jargon | Operational Profitability
Shark Tank Jargon | Operational Profitability
 
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
Why We Chose ScyllaDB over DynamoDB for "User Watch Status"
 
15062024_First India Newspaper Jaipur.pdf
15062024_First India Newspaper Jaipur.pdf15062024_First India Newspaper Jaipur.pdf
15062024_First India Newspaper Jaipur.pdf
 
projet de traité négocié à Istanbul (anglais).pdf
projet de traité négocié à Istanbul (anglais).pdfprojet de traité négocié à Istanbul (anglais).pdf
projet de traité négocié à Istanbul (anglais).pdf
 

RSA 2010 Francis De Souza

  • 1. Today’s IT Attacks: An Title of Presentation IT Security Strategy To Protect Your Assets Francis deSouza Symantec Session ID: SPO1-107 Session Classification: Intermediate
  • 2. Agenda Sources of a Breach Security Market Drivers Breach Analysis Security Strategy 2
  • 3. A CRIME IS COMMITTED Secure EVERY ¼ OF A SECOND Endpoints ON THE WEB 3
  • 4. Secure 1 IN 5 Endpoints WILL BE A VICTIM OF CYBER CRIME 4
  • 5. 100% Secure Endpoints OF ENTERPRISES HAVE EXPERIENCED CYBER LOSSES 5
  • 6. CYBER ATTACKS COST COMPANY’S AN Secure Endpoints AVERAGE OF $2 MILLION ANNUALLY 6
  • 7. $75% Secure OF ALL ENTERPRISES Endpoints HAVE EXPERIENCED CYBER ATTACKS IN THE PAST 12 MONTHS 7
  • 8. 43% Secure Endpoints OF COMPANIES LOST CONFIDENTIAL DATA IN 2009 8
  • 9. ENTERPRISE SECURITY IS Secure Endpoints BECOMING MORE DIFFICULT 9
  • 10. Sources Of A Breach Organized Organized Well Well Well Malicious Malicious Malicious Targeted Meaning Insider Criminal Criminal Meaning Meaning Insider Insider Insider Attackers Insider Insider 10
  • 11. History of Targeted Attacks US Government: January 12: Systems in the Department of Google announces they Solar Sunrise: Defense, State, Commerce, have been a victim of a Attacks stealing passwords Energy, and NASA all comprised targeted attack from DoD systems and terabytes of information conducted by 2 Californian confirmed stolen. and 1 Israeli teenager 1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010 Ghostnet: Moonlight Maze: Titan Rain: Attacks on Tibetan Organized Organized Attacks targeting US Well Well Coordinated attacks on Malicious Malicious organizations and Criminal military secrets reported Criminal Meaningmilitary US government Meaning Insider many embassies of Insider to be conducted by Russia Insider installations and private EMEA countries, and Insider contractors NATO systems. 11
  • 12. Anatomy Of A Breach Anatomy Of A Breach > Incursion > Discovery > Capture Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider > Exfiltration Insider 12
  • 13. Mass Attack vs Targeted Attack Phase Mass Attack Targeted Attack Incursion Generic social engineering Handcrafted and personalized By-chance infection methods of delivery Discovery Typically no discovery, Examination of the infected resource, assumes content is in a monitoring of the user to determine predefined and predictable additional accessible resources, location and network enumeration Capture Predefined specific data or Manual analysis and inspection of the data which matches a data predefined pattern such as a credit card number Well Malicious Exfiltration Organized Organized Well Information sentMeaning to a dump Malicious Information sent back directly to the Insider Criminal site often with little Criminal Meaning Insider attacker Insider stored in a known and not Insider protection and dump site location for an extended period serves as long term storage 13
  • 14. IncursionIncursion Security Market Drivers In 2009 spam accounted for 90% of all email traffic In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable 90% of incidents wouldn’t have happened if systems were patched In 2009 we found 47,000 active bot-infected computers per day 14
  • 15. DiscoveryDiscovery Security Market Drivers 91% of records compromised in 2008 involved organized crime targeting corporate information 81% of attacked companies were non-compliant in PCI 67% of breaches were aided by insider negligence 15
  • 16. Capture Capture Security Market Drivers 285 million records were stolen in 2008, compared to 230 million between 2004 and 2007 Credit card detail accounts for 19% of all goods advertised on underground economy servers IP theft costs companies $600 billion globally 16
  • 17. Exfiltration Exfiltration Security Market Drivers “Hackers Targeted Source Code of More Than 30 Companies” Jan 13, Wired.com “SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com “HSBC Bank Reports Lost Client Data From Swiss Private Bank” Dec 9, Reuters “Gov’t Posts Sensitive List of US Nuclear Sites” Associated Press 17
  • 19. Dissecting Hydraq Hi Francis, I met you at the Malware Conference last month. Wanted to let you know I Incursion got this great shot of you doing your presentation. I posted it here: Attacker Breaks into the networkOrganized by delivering Organized Well Well Malicious Malicious targeted malware to Criminal Criminal Meaning Meaning Insider Insider vulnerable systems and Insider Insider employees 19
  • 20. Dissecting Hydraq Discovery Hacker Maps Organizations Defenses Organized Organized From the Inside and Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Creates a Battle Plan Insider Insider 20
  • 21. Dissecting Hydraq Capture Attacker Accesses Data on Unprotected Systems Organized Organized and Installs Malware to Criminal Criminal Secretly Acquire Crucial Data 21
  • 22. Dissecting Hydraq Hydraq Victim Exfiltration Confidential Data Sent Back to Enemy’s “Home Base” for Organized Exploitation Organized Well Well Malicious Malicious Criminal Meaning Insider and FraudCriminal Meaning Insider Insider Insider Attacker 72.3.224.71:443 22
  • 23. Prelude to a Poorly Enforced IT Policies Breach 1 Poorly Enforced IT Policies Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 23
  • 24. Poorly Protected Prelude to a Information Breach 2 Poorly Protected Information Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 24
  • 25. Prelude to a Breach Poorly Managed Systems 3 Poorly Managed Systems Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 25
  • 26. Poorly Protected Prelude to a Infrastructure Breach 4 Poorly Protected Infrastructure Organized Organized Criminal Criminal Well Well Meaning Meaning Insider Insider Malicious Malicious Insider Insider 26
  • 27. The Challenge Develop and Enforce IT Policies Protect The Information Manage Systems Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider Protect The Infrastructure 27 27
  • 28. A Comprehensive Security Strategy Is Required Risk Based and Policy Driven IT Governance, Risk and Compliance Information - Centric Information Risk Management Organized Organized Well Well Malicious Malicious Criminal Well Meaning Insider Criminal Managed Infrastructure Meaning Insider Insider Insider Infrastructure Protection and Management 28
  • 29. New Threats Require New Technologies Integrated Security Platform Open Console Security Dynamic Platform Unification Intelligence Protection Develop & Enforce IT Policies Manage Systems • IT Risk Management • Workflow • Compliance Process Automation • Application Streaming • Information-Centric Policy • Portable Personalities Protect the Information Protect the Infrastructure Organized Organized Well Well Malicious Malicious • Data Ownership Criminal Criminal Meaning • Reputation Based Security Meaning Insider Insider Insider • Automated Content Classification • Mobile and Server Security Insider • Content Aware Endpoint Security • Encryption 29
  • 30. Symantec Focuses on Meeting These Challenges Develop and Enforce > Control Compliance Suite IT Policies Protect the > Data Loss Prevention Suite Information Manage Systems > IT Management Suite Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Protect the Insider Insider Infrastructure > Symantec Protection Suite 30
  • 31. Addressing Important Security Questions > Can you enforce IT policies and remediate deficiencies? > Do you know where your sensitive information resides? > Can you easily manage the lifecycle of your IT assets? > Can you improve your security posture by rationalizing your security portfolio? Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 31
  • 32. Thank You Organized Organized Well Well Malicious Malicious Criminal Criminal Meaning Meaning Insider Insider Insider Insider 32