Title: Wer infiziert eigentlich unsere Daten Was knnen wir dagegen tun Ein Kampf zwischen Gut und Bse Giann
1Wer infiziert eigentlich unsere Daten? Was können
wir dagegen tun?Ein Kampf zwischen Gut und
BöseGianni Caputo / Regional Sales Manager
Österreich Schweiz ,März 2007
2Aladdin Snapshot
Founded 1985, publicly traded since
1993
Headquarters Tel Aviv, Israel
- USA, UK, Germany, France, The Netherlands,
Spain, Italy, Japan and China
Global Presence
Employees Worldwide 430
- Q2/06 revenues 20.9M
- Q2/06 profits 3.9M
- H1/06 revenues 43.7M
- H1/06 profits 8.2M
- 14 quarters year-over-year revenues increase
- 13 consecutive record EPS quarters (excluding
FAS123R)
Strong Financial Momentum
World Renowned Products
Global leader in Software DRM (Digital Rights
Management), fast growth, innovative Enterprise
Security products
Excluding one-time expenses Excluding FAS
123R
3Aladdin Vision and Product Lines
- Our vision is to be the leading provider of
security solutions to - Protect Digital Assets
- Enable Secure Business
- Make the Digital World a Safer Place
- Gateway-based anti-virus protection,
anti-spyware, content security, web browsing
security and proactive email security
- Hardware or software-based protection and
licensing solution for software vendors
- Device for two-factor authentication, password
and digital identity management
4- The trouble with the Internet is that it's
replacing masturbation as a leisure activity. - Patrick Murray, actor
5Old Enemy
Joseph McElroy, 16 (Hacked into Nuclear US Lab)
- Chen-Ing Hau, 24(author of CIH virus)
Jeffrey Lee Parson, 18 (author of Blaster.B virus)
SOLDIERS
6New Enemy
Jay Echouafni CEO Orbit communic. DDoS attacker
- Jeremy Jaynes
- Millionaire spammer
Andrew Schwarmkoff Russian phishing mob
CAPO
7BOSS
8Its all about money
9Cybercrime 'more lucrative' than drugs
- "Last year was the first year that proceeds from
cybercrime were greater than proceeds from the
sale of illegal drugs law enforcement cannot
catch up with it." - Valerie McNiven, US Treasury
10(No Transcript)
11Money Laundering Vehicle
12GOOD
Its a war between.
EVIL
131986
14The Shift in Content Security Threats
Internet Trojan
Mobile Threats
Spam
Phishing
Spyware
Trojan
Virus
Worm
1987
2005
2006
2003
2004
2000
- From amateur virus writers to organized money
making professionals !
15Malicious Code Trends
- 213 increase in Spyware
- 142 increase in Trojans
- 56 increase in Viruses
16,623
Virus / Other
Trojans
Spyware
The swelling amount of spyware is a direct
representation of fast-growing networks of
organized criminals that empower themselves
through computers rather than physical theft
Source Aladdin Content Security Response Team
(CSRT) 2005 Malicious Code Study
16Content Security Solutions
- A typical organization might have
- Known malware
- In executable files
- Scalability issues
Web Security
- Good productivity
- Limited security
?
URL Filter
- Last layer of defense
- Hard to make proactive
- Tricky security questions
- Spam driven
- Does not address web mail
- Does not address HTTP in email
Desktop Antivirus
Email Antivirus
17- Will you buy a black white TV today?
- Internet is dynamic !
- So why would you buy static security?
18Is 80 Security Good Enough?
19How would you know if you were attacked?
- My security product tells me so
- I get helpdesk calls (spyware nuisance)
- I am contacted by the authorities
- My competitor can read my mind
- I dont know
20So Why Is eSafe Better?
Extreme Capacity. Maximum Security.
What would you drive if you knew that the bad
guys were coming after you?
21Securing the Enterprise Perimeter
Content Security
Network security should be separated at the
gateway
eSafe takes care of all Content Security
22What eSafe does ...
23Maximum Security
The Only 4 Layer Web Content Security
Access blocking Good Sites Bad Sites Good
ActiveX Bad ActiveX Preinstalled only
1
Web surfing driveby blocking
2
Signatures
3
Communications blocking
4
24Web Filtering
25LDAP/AD - based Profiles
- LDAP and Active Directory integration
- User/Group-based profiles
- Flexible user identification
- X-Ray mode for web usage monitoring
- User-based web-access reporting
26Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
Zero-day exploitsMalicious scriptsPop-installers
- In Grey sites - In Hacked sites
Signatures
3
Communications blocking
4
27How do I get infected?
28Content Security Beyond The Basics
- Good - Bad - Suspicious
Files
29XploitStopper Zero-day Vulnerabilities
Vulnerability patched
Vulnerability discovered
Vulnerability exploited
CodeRed
Slammer (6 months)
Nimda (4 months)
Blaster (25 days)
JPEG (12 days)
Bofra (5 days)
WMF (-5 days)
textRange (-18 days)
30Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
3
Signatures
Simple Known family (heuristic) Polymorphic,
stealth Suspicious Spyware / Trojan / Worm
Communications blocking
4
31Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
Signatures
3
4
Communications blocking
Worms Browser Hijack Spyware / Adware Spyware
protocols Outbound Trojan
Selective IM (chat / file) Tunneling Remote PC P2P
32Application Filtering
- P2P KaZaa, eDonkey,Bit Torrent,
- Instant Messengers MSN, ICQ, Yahoo, AOL,
- Spyware communication
- Remote Control GoToMyPC, PC-Anywhere,
- Protocol enforcement tunneling prevention,
browser enforcement, protocol exploits - More
33Enhanced Email Security
- Proactive anti-virus
- Signature anti-virus
- Phishing prevention
- Email standardization
- Turn-off hyperlinks
- Remove web beacons
- more
34Spyware Neutralizer
- 213 increase in Spyware
- 142 increase in Trojans
- 56 increase in Viruses
16,623
Virus / Other
Trojans
Spyware
The swelling amount of spyware is a direct
representation of fast-growing networks of
organized criminals that empower themselves
through computers rather than physical theft
Source Aladdin Content Security Response Team
(CSRT) 2005 Malicious Code Study
35From Anti-spam to Spam Management
- No lost email
- No angered end-users
- No administrator hassle
- Learning system not prone to user error
36Management and Reporting
37(No Transcript)
38Extreme Capacity
39An Unacceptable Dilemma
SECURITY
PERFORMANCE
40Solutions Map Security/Performance
eSafe
ISP
URL Filter
Performance
Enterprise
Gateway AV
Large UTM
Proxy Plus
Medium
Small UTM
Small
SOHO
Application Filtering
Full Web (HTML)
Blacklists
Signatures
Content Security Level
41eSafe HellGate Appliances
- eSafe HG-100
- Web und Mail bis 500 User
- Gateway bis 250 User
- Dual Bypass NIC Management NIC
- Quick setup LCD
- eSafe HG-200
- Web and Mail bis 2.000 User
- Gateway 2 appliances (Mail Web)
- Dual Bypass NIC Management NIC
- Quick setup LCD
42The WTA Hardware
- Based on eSafe Hellgate HG-200
- Purpose-built network security appliance
- Capable of auditing web activity for thousands of
users - Reliable and robust for repeated use and
transport from site to site
43Whats In The WTA Kit?
- High Quality Case
- WTA device cables
- Printed sample report
- Documentation
- Sales guide
- Technical guide
- Scope of Work (SoW) template
- Audit report template
- Marketing kit (datasheet, promotional email
template)
Reference image
44Understanding Customer Needs
- eSafe WTA doesn't blocks malicious content,
threats, viruses, etc. - WTA is used to demonstrate and highlight threats
in the customers actual network environment. - WTA operates for a 14-day evaluation period.
45Understanding Customer Network Topology
- eSafe WTA doesnt edit or change network traffic
in any way. - Physical Network position considerations
- Additional security appliance is already
installed. - No security appliance installed.
- Direct traffic to eSafe WTA using
- A mirror port on the main network switch.
- A network TAP (test access port) device.
46WTA Process
- Present WTA SoW
- Setup planning
SoW Scope of Work
47WTA Process
Create WTA License in LC
- Present WTA SoW
- Setup planning
48WTA Process
Install eSafe WTA
Create WTA License in LC
- Present WTA SoW
- Setup planning
eSafe WTA
Firewall
Internet
49WTA Process
Install eSafe WTA
Create WTA License in LC
- Present WTA SoW
- Setup planning
- WTA collects data
- Submit data to eSafe data center
- Data processed and analyzed
- Generate report (at day 1, 3, 5, 7)
50WTA Process
Install eSafe WTA
Create WTA License in LC
- Present WTA SoW
- Setup planning
Receive report by email
Sales rep receives the reports by email, or it is
generated on-site
51WTA Process
Install eSafe WTA
Create WTA License in LC
- Present WTA SoW
- Setup planning
Fill out Audit Report template
Receive report by email
52WTA Process
Install eSafe WTA
Create WTA License in LC
- Present WTA SoW
- Setup planning
Fill out Audit Report template
Present completed Audit Report to prospect
Receive report by email
53Integrating eSafe WTA Appliance
eSafe WTA
Port mirror on switch or Network tap
Content Security Product
Surfing the Web!
Firewall
Internet
54Preparing the eSafe WTA Appliance
- WTA is a pre-installed appliance.
- Requires only physical integration to the lan.
- The appliance has been designed for re-use.
- Initializing WTA
- Re-image the appliance.
- Delete existing data via the Web Manager.
55Sample eSafe Enterprise Customers
56Besten Dank!www.eSafe.com