Downloaded 32 times
Uploaded byArrow ECS UK
The Changing Security Landscape
The document outlines the evolution of IT security in response to increasingly sophisticated attacks and changing infrastructure needs. It highlights key trends from 2011, such as the rise of targeted attacks, the integration of social networking into social engineering tactics, and vulnerabilities posed by mobile devices. Symantec's Endpoint Protection 12.1 is discussed as a strategic evolution in protection technologies to address these threats.
More Related Content
Similar to The Changing Security Landscape
![Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/apachesparkgettingstarted-260203175547-8361bcc3-thumbnail.jpg?width=640&height=640&fit=bounds)
The Changing Security Landscape
- 1. The Changing Securitylandscape Anthony Leigh Technical Account Manager, Security Presentation Identifier Goes Here
- 2. Evolution of StrategyRequirements Now Structured and Unstructured
- 3. Jan, 2007 -250,000 viruses 2011 – over 300 million Symantec Endpoint Protection 12.1
- 4. More Sophisticated AttacksComplex Heterogeneous Infrastructure Explosion of Information Increased Cost of Incidents Key IT Security Trends
- 5. The Current ApproachIs Not Working Stopping Less Spending More
- 6. IT Must Evolveto Meet New Demands Driver: Business automation, e.g., ERP, functional apps Data: Centralized, structured Infrastructure: Physical IT focus: Systems tasks Driver: Next level of productivity and agility with collaboration and knowledge sharing Data: Distributed, unstructured Infrastructure: Virtual, cloud, outsourced Information-Centric System-Centric
- 7. The Evolution ofIT & Security...
- 8. Threat Landscape 2011Trends IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive Social Networking + social engineering = compromise Attack Kits get a caffeine boost Targeted Attacks continued to evolve Hide and Seek (zero-day vulnerabilities and rootkits, cryptors) Beyond the PC attackers branch out
- 9. Threat Landscape 1. Targeted Attacks continue to evolve High profile attacks in 2010 raised awareness of impact of APTs Stuxnet was incredibly sophisticated Two (2) Stolen digital signatures Two (2) different root kits Four (4) zero-day vulnerabilities Seven (7) different propagation mechanisms Fifteen (15) modules, ten thousand (10,000) lines of code IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive Detailed review in the: W32.Stuxnet Dossier & W32.Stuxnet More Info:
- 10.
- 11. Threat Landscape 2. Social Networking + Social Engineering = Compromise … has given way to Social Networking Use profile information to create targeted social engineering Impersonate friends to launch attacks Leverage news feeds to spread spam, scams and massive attacks IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive Dumpster diving…
- 12. Problem: Social EngineeringRecent example: W32:Yimfoca.B Presentation Identifier Goes Here
- 13.
- 14. Threat Landscape 3. Hide and Seek Trivial to use IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
- 15. Threat Landscape 4. Attack Kits Get a Caffeine Boost Java exploits added to many existing kits Kits exclusively exploiting Java vulnerabilities appeared IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive More Info: Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
- 16. Threat Landscape 5. Beyond the PC Mobile activity on the rise Complex OS environments Increasing numbers of trojanized Android apps Mobiles will be targeted more when used for financial transactions Java based threats Jnanabot is a truly cross-platform bot that infects Windows, Linux, and MacOS Mac OS Threats Starting to see Fake AV IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 42%
- 17. Symantec Endpoint Protection12 Up to 70% reduction in scan overhead Smarter Updates Faster Management Powered by Insight Real Time Behavior Monitoring with SONAR Tested and optimized for virtual environments Higher VM densities Unrivaled Security Built for Virtual Environments Blazing Performance
- 18. Intelligence sources Lotsof information… IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive Internet Security Threat Report (ISTR) - Annual Interim ISTR Deep Dive Reports (1 – 2 per year) Rogueware applications Web Attack Toolkits & Malicious Websites Quarterly Intelligence Updates Speeds and Feeds update Security Response Blog Dozens of articles each month written by analysts http://www.symantec.com/connect/symantec-blogs/sr Business Security Response Website - >25% of all symantec.com traffic is to a ‘Response’ page http://www.symantec.com/
Editor's Notes
- #3 The driving force behind a need to re-build a comprehensive security strategy is primarily a shift away in the way the information that powers our organisations is handled. <click> The foundation for most of the policies and processes that are in place in organisations was usual a world where is was Your Devices talking to Your Systems in Your Data Center consuming Your Data <click> This changed with the introduction of Virtualisation, whereby applications and servers were no longer provisions in a manner that you could always easily point back to the “where” and provide the controls you were used to <click> We’ve also see the introduction of 3 rd party data into our business flows. Whether that be federated with business partners or rented temporary access to data. <click> The third major data center change is the move to the systems or applications actually being in a 3 rd party data center. That may be an outsourced systems integrator, a hosting provider, a service provider or a combination of any of these. This also introduces a third source of data to manage, remote data, and the challenges of ensure proper care over its lifecycle. <click> The final two major shifts that require a re-evaluation relate to the devices consuming these applications and information. Firstly, this trend to allowing employees to connect their own devices to corporate systems to increase productivity and reduce operational costs for the organisation. <click> Secondly, the desire, and sometimes requirement, to create new ways of doing business with customers and partners by opening up information and services to them. The “App”-culture shift is behind a large portion of these requirements. <click> The last, and maybe most challenging part of the underlying changes in the volume of information stored in Unstructured formats now. This includes communications such as email, instant messages and the myriad of Office documents that clog up our File Servers and SharePoint repositories. --- Because of this we are seeing a requirement to re-evaluate the strategies that we built upon and infrastructure-based foundation to an information-based one <click to next slide>
- #4 We expect to see over 300 million unique malware samples this year. Most are minor variants on existing malware – even if we just look at signatures the numbers have risen to over 12 million signatures – about 70% were created in the past year. In a few years we will be talking about billions of viruses. Though these numbers seem so large as to be meaningless, they have important implications in terms of both security and performance.
- #5 Specifically we are seeing 4 key trends today: Attack Sophication: StuxNet but others as well (Zeus Attack Kit) Complex Environments: Virtualisation, cloud, distributed computing, mobility ( By 2011 1 billion mobile devices will access the internet (IDC, 2010)) Info explosion: digital information created annually will grow by a factor of 44 from 2009 to 2020, amount of digital information created in 2010 will equal (1.2 Zettabytes), expected a 1/3 of enterprise data will go throyugh the cloud by 2020 Increasing cost of Breaches: As well as data losses and litigation cases, fines are increasing: Hertfordhsire CC (110K Fine - 11 th June 2010: Fax from Childcare Litigation Unit intended for Barristers’ Chambers sent to member of public by mistake. 17 pages of information relating to child sexual abuse case. Autodial button used) Zurich: 11 th August 2008 unencrypted back-up tape lost in transit by contractor. Sensitive data relating to 46,000 policy holders and 1,800 third parties Info Commissioner/EU developing teeth to penalise companies: EU suing UK over weak data protection laws
- #6 Defense in depth Jericho IDS/IPS DRM ISO 27001 , ITIL etc The reality is that with this environment it is clear to most of our customers that the current approach is not working and how we know it is not working is the fact that customers are spending more than ever before on IT security and they are being breached more than ever. The current approach is to keep throwing products at the problem . They look at a specific pain point. If they have a virus problem they throw anti-virus at it and if they have a spam problem, they throw anti-spam at it. We were recently talking to a CISO that said he had 235 security vendors in his environment and over 1000 security products and the reality is he does not feel secure, in fact he could not tell you how secure he was. And while he did not feel he could get to just one security vendor, he does believe he can get to less than 10 and not only save money but be more secure. We also believe this.
- #7 We see a significant change in the role of IT in enterprises from system-centric to information-centric. To date, IT has brought significant productivity benefits to organizations by automating key business processes and driving efficiencies. This landscape was characterized by various business applications working centralized databases, supported by physical infrastructure. A lot of what IT departments did was focused on managing systems, including PCs, servers, storage, and networks. Today, the role of IT is starting look very different. Organizations are looking for the next level of productivity and business agility by improving collaboration and knowledge sharing. They are looking to better connect their employees, teams, business partners and customers to each other. This is changing the nature of data into highly distributed, largely unstructured information. The infrastructure is moving virtual within the company or turning into an external cloud. Instead of focusing of physical systems management, the role of IT is transforming into more information-centric tasks with governance, policies, risks, and controls.
- #9 Here are the trends we saw in 2010 – we will drill down into each of these areas in the following slides. Targeted Attacks: Targeted attacks, while not new, gained notoriety in 2010 from high profile attacks against major organizations (Hydraq/Aurora) and significant targets (Stuxnet). Social Networking + Social Engineering = Compromise: The ability to research a target online has enable hackers to create powerful social engineering attacks that easily fool even sophisticated users. It’s also proven to be fertile ground for attackers to Hide and Seek (zero-day vulnerabilities and rootkits): Targeted attacks depend on their ability to get inside an organization and stay hidden in plain sight. Zero-day vulnerabilities and rootkits have made this possible and were featured largely in attacks in 2010. Attack Kits get a caffeine boost: Innovations from targeted attacks will make their way into massive attacks, most likely via attack toolkits. Attack kits Mobile Threat increase: All of these attacks are moving to mobile devices, limited only by attackers getting a return on their investment (ROI). They are not widespread today, but we see this shifting and will be something to watch closely in 2011.
- #10 Let’s drill into the key trends we saw in 2010. As illustrated by Stuxnet, you can no longer rely on “security by obscurity” and “physical isolation”, yet many industries still do e.g. manufacturing, telecom etc. All it takes is one weak link to establish a beachhead to further penetrate inside an organization, like an infected USB drive did in the case of Stuxnet. Both attacks employed zero-day vulnerabilities with Stuxnet using a record 4 of them – almost one-third of the zero-day vulnerabilities reported in 2010. While Hydraq was quickly forgotten and, in time, Stuxnet may be forgotten as well, their influence will be felt in malware attacks to come. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues. Resource : You can learn more about Stuxnet in our white paper highlighted on this slide. Definition: APT = Advanced Persistent Threat. APT’s often use targeted techniques that involve social engineering and unique malware that is designed specifically for key individuals within the victim organization (“Advanced”). Once in, the malware stays as quiet as possible to avoid detection while the attackers have time to map out the network. This stage often involves multiple parallel attacks to prevent removal by the victim organization. (“Persistent”) These attacks are designed to steal highly valuable confidential information. (“Threat”)
- #12 The second trend that was important in 2010 was Social Networking. Social networking has really changed the way we interact with others. Most of us post information on social networking sites – about things like changes in our careers, trips we’re taking, projects we are working on at work, photos of our friends and family, what conferences we attend, etc. Whether the attacker is targeting a CEO or a member of the QA staff, the Internet and social networks provide rich research for tailoring an attack. Information gathered from social networking sites can be used to create a targeted attack using social engineering. Example: Using research from social networks, someone could craft a targeted email to me that says: “I met you at the RSA Conference last week and we talked about Stuxnet and thought you might be interested in this article” This highly targeted message might prompt me to open the email that might contain a malicious attachment or a link to a malicious website, which could infect my system. And since these attacks are highly targeted and often unique to just a handful of people, they can be hard to detect. Social networking also take advantage of implicit trust between members of the same social networking circle. Resource: You can learn more about the risks of social networking by reading our in-depth paper on the topic.
- #16 The fourth trend of 2010 was attack tool kits. Symantec actually produced an in-depth report on this topic and the paper is referenced here. We saw a dramatic growth in attack toolkits in 2010. While targeted attacks are focused on compromising specific organizations or individuals, attack toolkits are the opposite side of the coin, using broadcast blanket attacks that attempt to exploit anyone unfortunate enough to visit a compromised website. Attack toolkits can inject a single line of code – a hidden iFrame is an example – into a website. Let’s say it’s your local golf course’s website that likely isn’t very secure. When users visit that website not only gets content from the golf course, but also from a little hidden iFrame that starts to pull in content from another website that likely has an attack toolkit running on it. That attack toolkit then bombards the user, customizing the attack based on the user’s browser, etc. Phoenix toolkit and others are increasingly implement exploits targeting Java vulnerabilities The sixth highest ranked Web-based attacks during the reporting period was also an attempt to exploit Java technologies One of the appeals of Java to attackers is that it is a cross-browser, multi-platform technology Since exploits for some vulnerabilities will eventually cease to be effective, toolkit authors must incorporate new vulnerabilities to stay competitive in the marketplace. Currently, attackers are heavily targeting exploits for Java vulnerabilities. However, this could change if their effectiveness diminishes. Toolkit authors are constantly adapting in order to maximize sales of their kits
- #17 The fifth trend for 2010 was mobile. Currently, mobile threats have been very limited in the number of devices they affect as well as the type of impact they have. While these threats are not likely to make significant inroads right away, they are probably looming over the horizon. As more financial transactions are made through mobile devices it is more likely that this will drive the development of malicious code for these devices in order to achieve return on investment. We expect to see more activity around mobile device threats in 2011. Recently, with the growing uptake in smart phones and new mobile devices like the iPad (which debuted in 2010) and their increasing connectivity and capability, there has been a corresponding increase in attention on mobile devices both from threat developers and security researchers. Symantec documented 163 vulnerabilities in mobile device operating systems in 2010 compared to 115 in 2009 As with desktop computers, the exploitation of a vulnerability can be a way for malicious code to be installed on a device. While it may be difficult to exploit many of these vulnerabilities successfully, there were two vulnerabilities that affected Apple’s iPhone iOS operating platform that allowed users to “jailbreak” their devices Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications. These applications are uploaded to mobile app marketplaces in the hopes that users will download and install them. In March 2011, Google reported that it had removed several malicious Android applications from the Android Marketplace and even deleted them from users’ phones remotely With the financial motivation of most malicious code, it is likely this will also be a driving factor for mobile threats Some of the first threats of this kind to arrive will likely be either phishing attacks or Trojans that steal data from mobile devices