Wer infiziert eigentlich unsere Daten Was knnen wir dagegen tun Ein Kampf zwischen Gut und Bse Giann

1
Wer infiziert eigentlich unsere Daten? Was können
wir dagegen tun?Ein Kampf zwischen Gut und
BöseGianni Caputo / Regional Sales Manager
Österreich Schweiz ,März 2007
2
Aladdin Snapshot
Founded 1985, publicly traded since
1993
Headquarters Tel Aviv, Israel

• USA, UK, Germany, France, The Netherlands,
  Spain, Italy, Japan and China

Global Presence
Employees Worldwide 430

• Q2/06 revenues 20.9M
• Q2/06 profits 3.9M
• H1/06 revenues 43.7M
• H1/06 profits 8.2M
• 14 quarters year-over-year revenues increase
• 13 consecutive record EPS quarters (excluding
  FAS123R)

Strong Financial Momentum
World Renowned Products
Global leader in Software DRM (Digital Rights
Management), fast growth, innovative Enterprise
Security products
Excluding one-time expenses Excluding FAS
123R
3
Aladdin Vision and Product Lines

• Our vision is to be the leading provider of
  security solutions to
• Protect Digital Assets
• Enable Secure Business
• Make the Digital World a Safer Place

• Gateway-based anti-virus protection,
  anti-spyware, content security, web browsing
  security and proactive email security

• Hardware or software-based protection and
  licensing solution for software vendors

• Device for two-factor authentication, password
  and digital identity management

4

• The trouble with the Internet is that it's
  replacing masturbation as a leisure activity. 
• Patrick Murray, actor

5
Old Enemy
Joseph McElroy, 16 (Hacked into Nuclear US Lab)

• Chen-Ing Hau, 24(author of CIH virus)

Jeffrey Lee Parson, 18 (author of Blaster.B virus)
SOLDIERS
6
New Enemy
Jay Echouafni CEO Orbit communic. DDoS attacker

• Jeremy Jaynes
• Millionaire spammer

Andrew Schwarmkoff Russian phishing mob
CAPO
7
BOSS
8
Its all about money
9
Cybercrime 'more lucrative' than drugs

• "Last year was the first year that proceeds from
  cybercrime were greater than proceeds from the
  sale of illegal drugs law enforcement cannot
  catch up with it."
• Valerie McNiven, US Treasury

10
(No Transcript)
11
Money Laundering Vehicle
12
GOOD
Its a war between.

EVIL
13
1986
14
The Shift in Content Security Threats
Internet Trojan
Mobile Threats
Spam
Phishing
Spyware
Trojan
Virus
Worm
1987
2005
2006
2003
2004
2000

• From amateur virus writers to organized money
  making professionals !

15
Malicious Code Trends

• 213 increase in Spyware
• 142 increase in Trojans
• 56 increase in Viruses

16,623
Virus / Other
Trojans
Spyware
The swelling amount of spyware is a direct
representation of fast-growing networks of
organized criminals that empower themselves
through computers rather than physical theft
Source Aladdin Content Security Response Team
(CSRT) 2005 Malicious Code Study
16
Content Security Solutions

• A typical organization might have

• Known malware
• In executable files
• Scalability issues

Web Security

• Good productivity
• Limited security

?
URL Filter

• Last layer of defense
• Hard to make proactive
• Tricky security questions

• Spam driven
• Does not address web mail
• Does not address HTTP in email

Desktop Antivirus
Email Antivirus
17

• Will you buy a black white TV today?

• Internet is dynamic !
• So why would you buy static security?

18
Is 80 Security Good Enough?
19
How would you know if you were attacked?

• My security product tells me so
• I get helpdesk calls (spyware nuisance)
• I am contacted by the authorities
• My competitor can read my mind
• I dont know

20
So Why Is eSafe Better?
Extreme Capacity. Maximum Security.
What would you drive if you knew that the bad
guys were coming after you?
21
Securing the Enterprise Perimeter
Content Security
Network security should be separated at the
gateway
eSafe takes care of all Content Security
22
What eSafe does ...
23
Maximum Security
The Only 4 Layer Web Content Security
Access blocking Good Sites Bad Sites Good
ActiveX Bad ActiveX Preinstalled only
1
Web surfing driveby blocking
2
Signatures
3
Communications blocking
4
24
Web Filtering
25
LDAP/AD - based Profiles

• LDAP and Active Directory integration
• User/Group-based profiles
• Flexible user identification
• X-Ray mode for web usage monitoring
• User-based web-access reporting

26
Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
Zero-day exploitsMalicious scriptsPop-installers
- In Grey sites - In Hacked sites
Signatures
3
Communications blocking
4
27
How do I get infected?
28
Content Security Beyond The Basics
- Good - Bad - Suspicious
Files
29
XploitStopper Zero-day Vulnerabilities
Vulnerability patched
Vulnerability discovered
Vulnerability exploited
CodeRed
Slammer (6 months)
Nimda (4 months)
Blaster (25 days)
JPEG (12 days)
Bofra (5 days)
WMF (-5 days)
textRange (-18 days)
30
Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
3
Signatures
Simple Known family (heuristic) Polymorphic,
stealth Suspicious Spyware / Trojan / Worm
Communications blocking
4
31
Maximum Security
The Only 4 Layer Web Content Security
Download
1
Web surfing driveby blocking
2
Signatures
3
4
Communications blocking
Worms Browser Hijack Spyware / Adware Spyware
protocols Outbound Trojan
Selective IM (chat / file) Tunneling Remote PC P2P
32
Application Filtering

• P2P KaZaa, eDonkey,Bit Torrent,
• Instant Messengers MSN, ICQ, Yahoo, AOL,
• Spyware communication
• Remote Control GoToMyPC, PC-Anywhere,
• Protocol enforcement tunneling prevention,
  browser enforcement, protocol exploits
• More

33
Enhanced Email Security

• Proactive anti-virus
• Signature anti-virus
• Phishing prevention
• Email standardization
• Turn-off hyperlinks
• Remove web beacons
• more

34
Spyware Neutralizer

• 213 increase in Spyware
• 142 increase in Trojans
• 56 increase in Viruses

16,623
Virus / Other
Trojans
Spyware
The swelling amount of spyware is a direct
representation of fast-growing networks of
organized criminals that empower themselves
through computers rather than physical theft
Source Aladdin Content Security Response Team
(CSRT) 2005 Malicious Code Study
35
From Anti-spam to Spam Management

• No lost email
• No angered end-users
• No administrator hassle
• Learning system not prone to user error

36
Management and Reporting
37
(No Transcript)
38
Extreme Capacity
39
An Unacceptable Dilemma
SECURITY
PERFORMANCE
40
Solutions Map Security/Performance
eSafe
ISP
URL Filter
Performance
Enterprise
Gateway AV
Large UTM
Proxy Plus
Medium
Small UTM
Small
SOHO
Application Filtering
Full Web (HTML)
Blacklists
Signatures
Content Security Level
41
eSafe HellGate Appliances

• eSafe HG-100
• Web und Mail bis 500 User
• Gateway bis 250 User
• Dual Bypass NIC Management NIC
• Quick setup LCD

• eSafe HG-200
• Web and Mail bis 2.000 User
• Gateway 2 appliances (Mail Web)
• Dual Bypass NIC Management NIC
• Quick setup LCD

42
The WTA Hardware

• Based on eSafe Hellgate HG-200
• Purpose-built network security appliance
• Capable of auditing web activity for thousands of
  users
• Reliable and robust for repeated use and
  transport from site to site

43
Whats In The WTA Kit?

• High Quality Case
• WTA device cables
• Printed sample report
• Documentation
• Sales guide
• Technical guide
• Scope of Work (SoW) template
• Audit report template
• Marketing kit (datasheet, promotional email
  template)

Reference image
44
Understanding Customer Needs

• eSafe WTA doesn't blocks malicious content,
  threats, viruses, etc.
• WTA is used to demonstrate and highlight threats
  in the customers actual network environment.
• WTA operates for a 14-day evaluation period.

45
Understanding Customer Network Topology

• eSafe WTA doesnt edit or change network traffic
  in any way.
• Physical Network position considerations
• Additional security appliance is already
  installed.
• No security appliance installed.
• Direct traffic to eSafe WTA using
• A mirror port on the main network switch.
• A network TAP (test access port) device.

46
WTA Process

• Present WTA SoW
• Setup planning

SoW Scope of Work
47
WTA Process
Create WTA License in LC

• Present WTA SoW
• Setup planning

48
WTA Process
Install eSafe WTA
Create WTA License in LC

• Present WTA SoW
• Setup planning

eSafe WTA
Firewall
Internet
49
WTA Process
Install eSafe WTA
Create WTA License in LC

• Present WTA SoW
• Setup planning

• WTA collects data
• Submit data to eSafe data center
• Data processed and analyzed
• Generate report (at day 1, 3, 5, 7)

50
WTA Process
Install eSafe WTA
Create WTA License in LC

• Present WTA SoW
• Setup planning

Receive report by email
Sales rep receives the reports by email, or it is
generated on-site
51
WTA Process
Install eSafe WTA
Create WTA License in LC

• Present WTA SoW
• Setup planning

Fill out Audit Report template
Receive report by email
52
WTA Process
Install eSafe WTA
Create WTA License in LC

• Present WTA SoW
• Setup planning

Fill out Audit Report template
Present completed Audit Report to prospect
Receive report by email
53
Integrating eSafe WTA Appliance
eSafe WTA
Port mirror on switch or Network tap
Content Security Product
Surfing the Web!
Firewall
Internet
54
Preparing the eSafe WTA Appliance

• WTA is a pre-installed appliance.
• Requires only physical integration to the lan.
• The appliance has been designed for re-use.
• Initializing WTA
• Re-image the appliance.
• Delete existing data via the Web Manager.

55
Sample eSafe Enterprise Customers
56
Besten Dank!www.eSafe.com