Securing the Human:
     Challenges and Success
     Stories
      Dr. Hugh Thompson
      Chief Security Strategist and
      Senior Vice President

© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
The Shifting IT
    Environment



© Blue Coat Systems, Inc. 2012.
Shift: Attackers
    • Attackers are becoming organized and profit-driven
    • Attackers are turning to a blend of technical and
      human attacks
    • An entire underground economy has been created:
            – Meeting place for buyers and sellers (chat rooms, auction
              sites, etc.)
            – What they are trading: vulnerabilities, botnet time, credit
              card numbers, PII, …
            – New ways to exchange of “value” anonymously and in non-
              sovereign currency




© Blue Coat Systems, Inc. 2012.
Shift: Consumerization

     • Shift in technology power – from the
       enterprise to the individual
     • Employee-owned devices are now more
       powerful than company-provided devices
     • Rogue/shadow IT is large and growing as
       individuals now have greater choices with
       technology




© Blue Coat Systems, Inc. 2012.
Shift: Growing complexity/credibility of attacks

      • It is becoming harder for users to make good
        security/risk choices
             – Bad neighborhoods online are looking like good
               neighborhoods online
             – Phishing emails use shortened URLS and are
               increasingly credible
             – Bad URLs coming in from “trusted” sources
      • Safety nets are eroding
             – Desktop AV often not present or unreliable on BYOD
             – New malware being generated quickly, reducing the
               effectiveness of AV signatures

© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
WARNING!
  SHARKMAGEDDON!!

© Blue Coat Systems, Inc. 2012.
Behind the numbers

      • Worldwide shark attacks rose from
        63 to 79 in 2010.

      • Much of the increase was due to two
        very angry sharks in Egypt!


© Blue Coat Systems, Inc. 2012.
Hackernomics
                 In the absence of security education or
                      experience, people (customers,
                 managers, developers, testers, designers)
                  naturally make poor security decisions
                             with technology
                                            Corollary:
                   Systems need to be easy to use securely and difficult to use
                                            insecurely




© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
                                  17
Haccident (hacking accident)

     An undesirable or unfortunate happening that
     occurs unintentionally by users making security
     mistakes when using technology.




© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
Bob door slide




© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
WebPulse Collaborative Defense

        Proxy                     Cloud       Proxy           Packet       Cache       K9         Third
         SG                      Service       AV             Shaper        Flow                  Party




                       Aware                      Intelligent                       Proactive
        75 Million Users                   New & Emerging Malware            Malnet Tracking
         Worldwide                                                             Negative Day Defense
                                            Multi-dimensional Ratings
        One Billion Daily                   for Different Content Types       Web & Mobile Application
         Requests                                                               Controls
                                            Real-time Web Filtering in
        Consumer & Enterprise               21 Languages                      Blocks 3.3M Threats Daily


© Blue Coat Systems, Inc. 2012                           24
Negative Day Defense
                 Negative Day
               Defense Identifies
                                              Negative Day Defense Continues to Block Malnet Infrastructure
                and Blocks New
                 Components

                                                                                                          UTM
                                                                      AV Engines Begin Detection          Policy
                                                                                                         applied


                                                                                       Active
                                                                                    Threat Phase

       -30 Days                                         0 Day +1 Days                                +30 Days

                Infrastructure
                    Phase

           New Subnet,
                                    Exploit               Attack            Dynamic Payload                   Attack
            IP Address
                                    Server                Begins            Changes Domain                    Ends
          and Host Name




© Blue Coat Systems, Inc. 2012                                 25
Enabling the Real-Time Enterprise

               Single Device                              Multiple Devices
               Owned by IT               Devices       Owned by Employee

               Office-Based Users                     Always-on Remote &
                                         Users &
               on Private WAN                           Mobile Workers,
                                        Networks
               Controlled by IT                          Public Access

                                                      Enterprise Apps Store &
               Enterprise Apps
                                       Applications    Consumer Style Apps
               Sanctioned by IT
                                                        Mandated by Users




                        Securing the                   Securing the
                         Perimeter      Security
                                                          User

© Blue Coat Systems, Inc. 2012              26
No Intranet
                                      Access    Choppy
                                                Video
                           VPN
                          Error
                                                            Inaudible
                                                            Voice

 Multiple
  Logins
Required




                                                         Malware
                                                         Exposure




© Blue Coat Systems, Inc. 2012.
Fast
                              Response Time   Streaming
                                              Video & Voice
           Seamless
             Access
            to Apps                                      Malware
                                                         Protected

  One,
Secure
 Login




                                                  Greater
                                                  Productivity




© Blue Coat Systems, Inc. 2012.
© Blue Coat Systems, Inc. 2012.
Summary

      • The threat landscape is changing –
        attackers are going after both
        technical vulnerabilities and human
        vulnerabilities
      • We must be proactive in stopping
        threats
      • Preventing bad user choices is a key
        component of a comprehensive
        security solution


© Blue Coat Systems, Inc. 2012.

Securing the Human (人を守るセキュリティ)

  • 1.
    Securing the Human: Challenges and Success Stories Dr. Hugh Thompson Chief Security Strategist and Senior Vice President © Blue Coat Systems, Inc. 2012.
  • 2.
    © Blue CoatSystems, Inc. 2012.
  • 3.
    © Blue CoatSystems, Inc. 2012.
  • 4.
    The Shifting IT Environment © Blue Coat Systems, Inc. 2012.
  • 5.
    Shift: Attackers • Attackers are becoming organized and profit-driven • Attackers are turning to a blend of technical and human attacks • An entire underground economy has been created: – Meeting place for buyers and sellers (chat rooms, auction sites, etc.) – What they are trading: vulnerabilities, botnet time, credit card numbers, PII, … – New ways to exchange of “value” anonymously and in non- sovereign currency © Blue Coat Systems, Inc. 2012.
  • 7.
    Shift: Consumerization • Shift in technology power – from the enterprise to the individual • Employee-owned devices are now more powerful than company-provided devices • Rogue/shadow IT is large and growing as individuals now have greater choices with technology © Blue Coat Systems, Inc. 2012.
  • 8.
    Shift: Growing complexity/credibilityof attacks • It is becoming harder for users to make good security/risk choices – Bad neighborhoods online are looking like good neighborhoods online – Phishing emails use shortened URLS and are increasingly credible – Bad URLs coming in from “trusted” sources • Safety nets are eroding – Desktop AV often not present or unreliable on BYOD – New malware being generated quickly, reducing the effectiveness of AV signatures © Blue Coat Systems, Inc. 2012.
  • 9.
    © Blue CoatSystems, Inc. 2012.
  • 10.
    WARNING! SHARKMAGEDDON!! ©Blue Coat Systems, Inc. 2012.
  • 14.
    Behind the numbers • Worldwide shark attacks rose from 63 to 79 in 2010. • Much of the increase was due to two very angry sharks in Egypt! © Blue Coat Systems, Inc. 2012.
  • 15.
    Hackernomics In the absence of security education or experience, people (customers, managers, developers, testers, designers) naturally make poor security decisions with technology Corollary: Systems need to be easy to use securely and difficult to use insecurely © Blue Coat Systems, Inc. 2012.
  • 16.
    © Blue CoatSystems, Inc. 2012.
  • 17.
    © Blue CoatSystems, Inc. 2012. 17
  • 18.
    Haccident (hacking accident) An undesirable or unfortunate happening that occurs unintentionally by users making security mistakes when using technology. © Blue Coat Systems, Inc. 2012.
  • 19.
    © Blue CoatSystems, Inc. 2012.
  • 20.
    © Blue CoatSystems, Inc. 2012.
  • 21.
    Bob door slide ©Blue Coat Systems, Inc. 2012.
  • 22.
    © Blue CoatSystems, Inc. 2012.
  • 23.
    © Blue CoatSystems, Inc. 2012.
  • 24.
    WebPulse Collaborative Defense Proxy Cloud Proxy Packet Cache K9 Third SG Service AV Shaper Flow Party Aware Intelligent Proactive  75 Million Users  New & Emerging Malware  Malnet Tracking Worldwide  Negative Day Defense  Multi-dimensional Ratings  One Billion Daily for Different Content Types  Web & Mobile Application Requests Controls  Real-time Web Filtering in  Consumer & Enterprise 21 Languages  Blocks 3.3M Threats Daily © Blue Coat Systems, Inc. 2012 24
  • 25.
    Negative Day Defense Negative Day Defense Identifies Negative Day Defense Continues to Block Malnet Infrastructure and Blocks New Components UTM AV Engines Begin Detection Policy applied Active Threat Phase -30 Days 0 Day +1 Days +30 Days Infrastructure Phase New Subnet, Exploit Attack Dynamic Payload Attack IP Address Server Begins Changes Domain Ends and Host Name © Blue Coat Systems, Inc. 2012 25
  • 26.
    Enabling the Real-TimeEnterprise Single Device Multiple Devices Owned by IT Devices Owned by Employee Office-Based Users Always-on Remote & Users & on Private WAN Mobile Workers, Networks Controlled by IT Public Access Enterprise Apps Store & Enterprise Apps Applications Consumer Style Apps Sanctioned by IT Mandated by Users Securing the Securing the Perimeter Security User © Blue Coat Systems, Inc. 2012 26
  • 27.
    No Intranet Access Choppy Video VPN Error Inaudible Voice Multiple Logins Required Malware Exposure © Blue Coat Systems, Inc. 2012.
  • 28.
    Fast Response Time Streaming Video & Voice Seamless Access to Apps Malware Protected One, Secure Login Greater Productivity © Blue Coat Systems, Inc. 2012.
  • 29.
    © Blue CoatSystems, Inc. 2012.
  • 30.
    Summary • The threat landscape is changing – attackers are going after both technical vulnerabilities and human vulnerabilities • We must be proactive in stopping threats • Preventing bad user choices is a key component of a comprehensive security solution © Blue Coat Systems, Inc. 2012.