The document discusses the evolving landscape of cybersecurity, highlighting the organized and profit-driven nature of attackers who exploit both technical and human vulnerabilities. It emphasizes the challenges posed by the consumerization of technology and the complexity of modern threats that mislead users into making poor security decisions. Proactive measures to prevent harmful user behavior are essential for an effective security strategy.

1. Securing the Human:
Challenges and Success
Stories
Dr. Hugh Thompson
Chief Security Strategist and
Senior Vice President
© Blue Coat Systems, Inc. 2012.

2. © Blue Coat Systems, Inc. 2012.

3. © Blue Coat Systems, Inc. 2012.

4. The Shifting IT
Environment
© Blue Coat Systems, Inc. 2012.

5. Shift: Attackers
• Attackers are becoming organized and profit-driven
• Attackers are turning to a blend of technical and
human attacks
• An entire underground economy has been created:
– Meeting place for buyers and sellers (chat rooms, auction
sites, etc.)
– What they are trading: vulnerabilities, botnet time, credit
card numbers, PII, …
– New ways to exchange of “value” anonymously and in non-
sovereign currency
© Blue Coat Systems, Inc. 2012.

7. Shift: Consumerization
• Shift in technology power – from the
enterprise to the individual
• Employee-owned devices are now more
powerful than company-provided devices
• Rogue/shadow IT is large and growing as
individuals now have greater choices with
technology
© Blue Coat Systems, Inc. 2012.

8. Shift: Growing complexity/credibility of attacks
• It is becoming harder for users to make good
security/risk choices
– Bad neighborhoods online are looking like good
neighborhoods online
– Phishing emails use shortened URLS and are
increasingly credible
– Bad URLs coming in from “trusted” sources
• Safety nets are eroding
– Desktop AV often not present or unreliable on BYOD
– New malware being generated quickly, reducing the
effectiveness of AV signatures
© Blue Coat Systems, Inc. 2012.

9. © Blue Coat Systems, Inc. 2012.

10. WARNING!
SHARKMAGEDDON!!
© Blue Coat Systems, Inc. 2012.

14. Behind the numbers
• Worldwide shark attacks rose from
63 to 79 in 2010.
• Much of the increase was due to two
very angry sharks in Egypt!
© Blue Coat Systems, Inc. 2012.

15. Hackernomics
In the absence of security education or
experience, people (customers,
managers, developers, testers, designers)
naturally make poor security decisions
with technology
Corollary:
Systems need to be easy to use securely and difficult to use
insecurely
© Blue Coat Systems, Inc. 2012.

16. © Blue Coat Systems, Inc. 2012.

17. © Blue Coat Systems, Inc. 2012.
17

18. Haccident (hacking accident)
An undesirable or unfortunate happening that
occurs unintentionally by users making security
mistakes when using technology.
© Blue Coat Systems, Inc. 2012.

19. © Blue Coat Systems, Inc. 2012.

20. © Blue Coat Systems, Inc. 2012.

21. Bob door slide
© Blue Coat Systems, Inc. 2012.

22. © Blue Coat Systems, Inc. 2012.

23. © Blue Coat Systems, Inc. 2012.

24. WebPulse Collaborative Defense
Proxy Cloud Proxy Packet Cache K9 Third
SG Service AV Shaper Flow Party
Aware Intelligent Proactive
 75 Million Users  New & Emerging Malware  Malnet Tracking
Worldwide  Negative Day Defense
 Multi-dimensional Ratings
 One Billion Daily for Different Content Types  Web & Mobile Application
Requests Controls
 Real-time Web Filtering in
 Consumer & Enterprise 21 Languages  Blocks 3.3M Threats Daily
© Blue Coat Systems, Inc. 2012 24

25. Negative Day Defense
Negative Day
Defense Identifies
Negative Day Defense Continues to Block Malnet Infrastructure
and Blocks New
Components
UTM
AV Engines Begin Detection Policy
applied
Active
Threat Phase
-30 Days 0 Day +1 Days +30 Days
Infrastructure
Phase
New Subnet,
Exploit Attack Dynamic Payload Attack
IP Address
Server Begins Changes Domain Ends
and Host Name
© Blue Coat Systems, Inc. 2012 25

26. Enabling the Real-Time Enterprise
Single Device Multiple Devices
Owned by IT Devices Owned by Employee
Office-Based Users Always-on Remote &
Users &
on Private WAN Mobile Workers,
Networks
Controlled by IT Public Access
Enterprise Apps Store &
Enterprise Apps
Applications Consumer Style Apps
Sanctioned by IT
Mandated by Users
Securing the Securing the
Perimeter Security
User
© Blue Coat Systems, Inc. 2012 26

27. No Intranet
Access Choppy
Video
VPN
Error
Inaudible
Voice
Multiple
Logins
Required
Malware
Exposure
© Blue Coat Systems, Inc. 2012.

28. Fast
Response Time Streaming
Video & Voice
Seamless
Access
to Apps Malware
Protected
One,
Secure
Login
Greater
Productivity
© Blue Coat Systems, Inc. 2012.

29. © Blue Coat Systems, Inc. 2012.

30. Summary
• The threat landscape is changing –
attackers are going after both
technical vulnerabilities and human
vulnerabilities
• We must be proactive in stopping
threats
• Preventing bad user choices is a key
component of a comprehensive
security solution
© Blue Coat Systems, Inc. 2012.